Tag Archives: Cybersecurity

Can SIM Swap Attack Empty Bank Accounts Without Warning?

Can SIM Swap empty bank accounts without warning?!

Can a SIM swap attack empty your bank accounts without warning?!

Take a look at the viral warning, and find out what the facts really are!

Updated @ 2023-03-03 : Added some additional details
Originally posted @ 2022-01-16

 

Claim : SIM Swap Attack Can Empty Bank Accounts Without Warning!

This message has gone viral on social media and WhatsApp, warning about a new high tech fraud called SIM Swap Fraud that can empty bank accounts without warning.

The message includes a link to a Straits Times report about a young couple who lost $120,000 in a fake text message scam targeting OCBC Bank customers.

Your BANK Account could be Emptied without an Alert!

Dear All, Please let’s be very careful.. There is a new HIGH TECH FRAUD in town called the SIM SWAP FRAUD, and hundreds of persons are already VICTIMS.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

 

Truth : SIM Swap Attack Are Real, But Don’t Work Like That

The truth is – SIM swap attacks are real and very dangerous, but they do not work like the viral message claims.

Here is what you need to know about the viral message, and SIM swap attacks.

Fact #1 : SIM Swap Attacks Are Not New

SIM swap attacks are really not that new. Scammers have been using SIM swap attacks since 2015, if not earlier.

Fact #2 : Viral Message Is Mostly False

The viral message is correct about the risk of SIM swap attacks, but pretty much wrong about everything else.

In fact, the method by which the SIM swap attack works is completely made up. So the viral message is really FAKE NEWS.

Fact #3 : Straits Times Article Was Not About SIM Swap

The fake news creator added a link to a Straits Time article, to mislead you.

That’s because the article isn’t about a SIM swap attack, but a phishing attack, where the victim received an SMS  with a link that took him to a fake website that “looked exactly like the OCBC login page“.

The victim then keyed in his bank login details, thus handing over control of his bank account to the scammers. He also ignored automated messages warning him that his “account was being setup on another phone“.

It had nothing to do with a SIM swap attack. It was an SMS-based phishing attack.

Recommended : How To Turn On Two-Step Verification In Telegram!

Fact #4 : SIM Swap Attack Generally Does Not Require Any Action

In most SIM swap attacks, scammers use your personal information, either purchased from other criminals or obtained through earlier phishing attacks or social engineering, to request for a SIM card replacement.

All that does not require any action on your part. In most cases, you only realise you’ve been hit when you lose access to your mobile number.

Fact #5 : SIM Swap Attack May Require Action In Some Cases

The Press 1 claim in the viral message is partially correct, but it only happens in a particular circumstance.

In India, scammers have tricked people by offering a free network upgrade, or to help improve signal quality on their phones :

  1. The scammer will call the victim, claiming to be from their mobile service provider.
  2. The scammer will try to get the victim to reveal his/her 20-digit SIM card number.
  3. The scammer will use the 20-digit SIM number to initiate a SIM swap with the mobile service provider.
  4. The mobile service provider will automatically send an SMS to confirm the swap.
  5. Once the victim confirms the swap, his/her SIM card will stop working.
  6. The scammer now has access to the victim’s mobile number.

Fact #6 : SIM Swap Attack Does Not Hack Your Phone

The SIM swap attack does not involve any hacking of your phone.

You only lose access to your mobile number. Your phone is not hacked.

Recommended : Can Greeting Photos + Videos Hack Your Phone?!

Fact #7 : SIM Swap Attack Does Not Empty Bank Accounts

Once the scammers successfully gain control of your mobile number, they can use it to intercept one-time passwords (OTP) like TAC numbers.

This allows them to change passwords to your bank accounts, social media accounts, etc. which is why SIM swap attacks are so dangerous and damaging.

However, it does not mean your bank accounts are immediately emptied. For one thing – the scammers need to know your bank login.

That’s why SIM swap victims often have had their bank logins and passwords stolen earlier though phishing attacks. The scammers only need their mobile numbers to receive OTP / TAC numbers to authenticate the transfers.

Fact #8 : SIM Swap Attack Can Be Used To Cheat Friends Too!

Stealing money from your bank account requires extra work, so scammers who do not have your bank login details will resort to cheating your friends.

With access to your phone number, they can easily gain access to your social media accounts (Facebook, Twitter, Instagram) as well as instant messaging apps (WhatsApp, Telegram).

Once they have control, they can send messages to your friends, pretending to be you. Naturally, they will concoct some story to ask your friends for money.

The idea is to use your (now) stolen accounts to convince your friends that you genuinely need their help. The money that they transfer goes directly to the scammers, or their mules (people who rent their bank accounts to scammers).

Now that you know the facts behind the SIM swap attack or scam, please SHARE this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

BitiCodes Scam Alert : Fake Celebrity Endorsements!

You may have seen celebrities endorsements of BitiCodes or Biti Codes circulating on Facebook and Instagram, but they are all FAKE.

Find out why there are so many fake celebrity endorsements of Biticodes / Biti Codes, and how they are doing it!

 

BitiCodes / Biti Codes : Fake Celebrity Endorsements

BitiCodes or Biti Codes claims to be “the crypto industry’s most accurate AI auto-trading app“, which “works by automatically placing trades… using trading bots to strengthen your chances of making a profitable trade.”

If you never heard of it, you won’t be alone, because it’s mainly promoted via advertisements on Facebook, Instagram, etc. They are also promoting it through Google Ads like these examples, which will often appear in completely legitimate websites.

Clicking on those advertisements will lead to legitimate-looking articles from local or crypto publications, often with a celebrity endorsing Biticodes / Biti Codes.

Here in Malaysia, people will see Biticodes being endorsed by the likes of local politicians like Lim Guan Eng or Dr. Mahathir. But those in the cybersecurity industry will quickly realise that these articles are familiar because they are almost exact copies of scam articles used in the previous Bitcoin Revolution scam.

Looking for reviews of Biticodes or Biti Codes is pointless, because they appeared to have paid for advertorials in legitimate media outlets, which are (intentionally?) wrongly listed as “reviews”. Only at the very bottom do they include a disclaimer that it was a sponsored post.

Outlook India

Biticodes Reviews : Today we’ll be talking about one platform called Biticodes that you can use to make an extra source of income. It’s safe, and you do not need to worry about anything. It may help you earn good money in very less time.

Disclaimer : This is sponsored review content posted by us. All the information about the product is taken from the official website (and not fact-checked by us). Contact customer care phone number given on product’s official website for order cancellation, return, refund, payment, delivery etc. related issues. Must consult any financial specialist before investing in BitiCodes Auto-Trading Software.

Tribune India

Biticodes is real or scam review 2022 : With an astonishing success rate of 90%, BitiCodes has what it takes to be your go-to platform for cryptocurrency trading. It can execute multiple deals per second – a rate that even the most experienced cryptocurrency traders would be hard-pressed to match.

Disclaimer : The views and opinions expressed in the above article are independent professional judgment of the experts and The Tribune does not take any responsibility, in any manner whatsoever, for the accuracy of their views. Biticodes are solely liable for the correctness, reliability of the content and/or compliance of applicable laws. The above is non-editorial content and The Tribune does not vouch, endorse or guarantee any of the above content, nor is it responsible for them in any manner whatsoever. Please take all steps necessary to ascertain that any information and content provided is correct, updated, and verified.

In other words, those are NOT legitimate reviews, and the media outlets did not even test Biticodes / Biti Codes. Their disclaimers show that their “reviews” were paid content, written by Biticodes / Biticodes.

 

Avast Explains How BitiCodes Scam Works

In an August 2022 article, the cybersecurity company explained how the BitiCodes (also known as TeslaCoin) scam works:

The scam encourages people to pay to create an account and invest into a fraudulent crypto investment platform. There are two ways the campaign reaches potential victims: Through Facebook ads and email. Ultimately, victims can end up losing at least $250.

At the bottom of the page is a webform requesting site visitors to enter their name, email address, and phone number in order to register for the platform. The victim receives an email from a bot sparking a conversation in the victim’s language.

After a brief example exchange, the bot sends a link to a payment gateway, and asks the victim to transfer $250 in order to activate their trading account. Another scenario involves the bot emailing potential victims with steps to login to a cryptocurrency broker page, and after a few more emails, the bot sends a link to a payment gateway, asking the victim for a $250 initial investment.

I also investigated the articles and the BitiCodes website, and noticed that they are all using highly-suspicious domains and links:

  • celesteal.xyz/biticodes for the BitiCodes website (registered 23 Nov. 2022)
  • thedailypressbriefing.com/my for the BTC-News website (registered 29 Jan. 2023)
  • saveontaxesthisyear.tax for the BTC-News website (registered 6 Feb. 2023)

As you can see, the domains are not only completely unrelated to the article / websites, they are almost brand new! And if you go to their domain root, nothing loads. That is not how legitimate websites function. If you do a WHOIS lookup, you will discover that the owners of these domains are hidden.

Regardless of whether BitiCodes / Biti Codes itself is legitimate, you should avoid any article that do not tally with the official website, or with irrelevant domains.

Don’t fall for the scam. Avoid these BitiCodes / Biti Codes advertisements and fake celebrity endorsements.

Please help us fight fake news – SHARE this article, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Money | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Tenaga Nasional 33rd Anniversary Scam Alert!

Please watch out for the Tenaga Nasional 33th Anniversary survey contest scam!

Find out why it is just a SCAM, and WARN your family and friends!

 

Tenaga Nasional 33th Anniversary Survey Scam Alert!

People are now sharing the Tenaga Nasional 33th Anniversary messages on WhatsApp :

Congratulations!

Tenaga Nasional 33rd Anniversary National Government Power Subsidy!

Through the questionnaire, you will have a chance to get 1000 Ringgit

🎉 Tenaga Nasional 33rd Anniversary National Government Power Subsidy 🎊

Electricity subsidy is being issued…

Recommended : Petronas 50th Anniversary Scam Alert!

 

Tenaga Nasional 33th Anniversary Survey : Why This Is A Scam!

Unfortunately, this is yet another survey scam, like the Petronas 50th Anniversary scam!

Tenaga Nasional confirmed that this survey is a scam in a scam alert on their website on 6 February 2023.

Win Cash Rewards from TNB – 6/2/2023

TNB customers are advised to ignore survey links that claim they can win cash rewards from TNB.

TNB does not organize any kind of cash prize giveaway on social media. Please be careful and avoid spreading this false information.

I know many of us are in dire straits during the COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using the same survey scam they have been using for years :

Now, let me show you how to spot these scams next time!

If you spot any of these warning signs, DO NOT PROCEED and DO NOT SHARE!

Warning Sign #1 : Bad Grammar

Most of these scammers do not have a good command of the English language, so if you spot bad grammar, stay away.

Proper contests or events sponsored by major brands like Tenaga Nasional will have at least one PR or marketing person who will vet the text before allowing it to be posted.

Read more : Petronas 50th Anniversary Scam Alert!

Warning Sign #2 : Offering You Free Money Or Gifts

Please do NOT be naive. No one is going to give you money or free gifts just to participate in a survey!

Tenaga Nasional isn’t going to give you FREE money, just because it’s their anniversary.

They are a corporation whose business is to make money, not a charity to give you free money.

Warning Sign #3 : Not Using The Real Jaya Grocer Domain

A genuine Tenaga Nasional campaign would use their real domain – www.tnb.com.my.

Or they would run it off the official Tenaga Nasional page on Facebook – www.facebook.com/TNBCareline/.

If you see nonsensical domains like merefamily.top, 0yjjg61.cn, 1eaf1rnbeef.top, ldxqw.bar, etc. that’s a sign it’s a SCAM!

Warning Sign #4 : Asking You To Forward The Offer

No brand will insist that you must share the offer with 5 groups or 20 friends on WhatsApp or Facebook Messenger.

Do not click to forward their offer to your family and friends. They will not appreciate being scammed with your help!

Warning Sign #5 : Asking You To Download + Register An App

If you click through and joined the fake survey scam, you will eventually be asked to download and register for an app.

This is VERY DANGEROUS. Never agree to download and register for any unknown app from a website.

Always download your apps from an official App Store like Google Play Store (for Android smartphones) and Apple App Store (for iPhones).

Please help us fight scams like this and SHARE this article out!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > CybersecurityFact Check | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : Fake Damar Hamlin Donation Requests!

Please watch out for fake donation requests for Damar Hamlin who suffered a cardiac arrest during a primetime NFL game!

 

Scam Alert : Fake Damar Hamlin Donation Requests!

After Damar Hamlin suddenly collapsed from cardiac arrest during the primetime NFL game between the Buffalo Bills and the Cincinnati Bengals, his GoFundMe page has exploded with donations – at publication time, it raised over $7.7 million!

However, scammers are apparently also trying to milk public concern for Damar Hamlin, and his family relayed a warning through his friend and marketing rep, Jordon Rooney, about people requesting cash app and GoFundMe donations in his name.

Damars parents wanted me to get this out there:

Beware of people requesting cash app donations and making GoFundMe’s.

If you do want to support Damar’s foundation, his initial toy drive campaign has turned into the central location for that.

Recommended : Did Damar Hamlin Collapse From Vaccine SADS?!

 

Damar Hamlin Donation Shifted From GoFundMe To Website

To avoid further confusion, the Chasing M’s Foundation created a new website to handle the donations directly.

When Rooney announced the new website, he shared that Chasing M’s Foundation is a 501 (c) (3) non-profit organisation that is dedicated to “supporting the aspirations of youth and community members through sports, education, and enrichment opportunities“.

The executive director, Mario Hamlin, ask that people who wish to donate to the foundation, please do so through the new website. He also asked that people consider donating to the University of Cincinnati Medical Center trauma center, or buy your trauma center team and first responders lunch.

The Hamlin family appears to be making these moves to curb the donation scams that have mushroomed over public support for Damar Hamlin.

So please do NOT donate to any other Damar Hamlin initiatives, cash app requests, or GoFundMe pages. The only legitimate avenues for donations towards Damar Hamlin are:

  • The Chasing M’s Foundation website
  • University of Cincinnati Trauma Center

Alternatively, you can show your appreciation for first responders and trauma teams in your area, by buying them lunch.

Read more : Damar Hamlin Shows Improvement, Asked Who Won!

 

The Real Damar Hamlin Donation GoFundMe Page!

When he was still in college at the University of Pittsburgh, Damar Hamlin started a toy drive on GoFundMe called The Chasing M’s Foundation Community Toy Drive.

Its first program with a 2020 Community Toy Drive, which set a goal of just $2,500 to buy toys for “children who have been hardest hit by the pandemic”.

As I embark on my journey to the NFL, I will never forget where I come from and I am committed to using my platform to positively impact the community that raised me. I created The Chasing M’s Foundation as a vehicle that will allow me to deliver that impact, and the first program is the 2020 Community Toy Drive. 

This campaign gives you the opportunity to contribute to our first initiative and positively impact children who have been hardest hit by the pandemic. 100% of the funds raised will go toward the purchase of toys for kids in need. The time to act is now, as we will be distributing toys on December 22nd from 3:30 to 5:30 PM from Kelly and Nina’s Daycare Center at 800 Russellwood Ave., McKees Rocks, PA 15136. 

If you are not able to contribute monetarily, you can support this initiative in other ways. We are accepting donated toys at the Daycare Center or simply spread the word by sharing this fundraiser on your social channels. 

Thank you so much for supporting me on and off the field. I am grateful to have the opportunity to work with you to help make the holiday season a little brighter for the kids in our community.

Damar Hamlin
The Chasing M’s Foundation

After Damar Hamlin’s sudden collapse on the field, and subsequent hospitalisation in critical condition, his family reused the GoFundMe page to continue funding his community initiatives.

This fundraiser was initially established to support a toy drive for Damar’s community, sponsored by the Chasing M’s Foundation.

However, it has received renewed support in light of Damar’s current battle and we can’t thank all of you enough. Your generosity and compassion mean the world to us.

If you would like to show your support and contribute to Damar’s community initiatives and his current fight, this is the place to do so. This is the only current fund that is being used by the Hamlin Family.

Again, thank you for your thoughts, prayers and generous support during this time.

Damar created The Chasing M’s Foundation to use as a vehicle to bring lasting impact to his community. The foundation supports toy drives, back-to-school drives, kids camps, and more.

 

Damar Hamlin Donation Not Used To Support His Mother’s Daycare

Jordon Rooney also clarified that the official Damar Hamlin GoFundMe donation page is not being used to fund his mother’s daycare centre.

He explained that it was set up as a toy drive during his college days, and the toy giveaway was held at his mother’s daycare centre. Hence, the address listed in the GoFundMe is still his mother’s daycare centre.

Donations sent to his official GoFundMe would be used to support his foundation, which now does more than just toy drives, but also back to school drives, kids camps and more.

This came after sports business analyst Darren Rovell posted that the Damar Hamlin’s official GoFundMe would fund his mother’s daycare centre.

Damars GoFundMe does not support his mother’s daycare.. This was a toy drive that he set when he was in college and held it at the daycare.

The donations will support his foundation, which does toy drives, back to school drive, kids camps and more. Yeah

Please WARN OTHER PEOPLE  by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | SportsTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Watch Out For TNG eWallet SMS Phishing Scam!

In this article, we will show you many types of TNG eWallet SMS phasing scam, so you can avoid them!

 

Watch Out For TNG eWallet SMS Phishing Scam!

People are getting these SMS messages that appear to be from TNG eWallet, but are really just phishing scams!

RMO TNG eWallet: Bantuan e-dompet kepada golongan B40&M40 RM1000 akan dikreditkan ke dalam TNG eWallet anda. Kemaskini maklumat dan semakan status di www.tngewalletbantuangov.com

RMO T’n GO Your account function has been closed. You need to confirm the device immediately. Follow my.tngwallc.com

RMO TNG Wallet: Permohonan GOpinjam anda telah diluluskan, RM3000 telah kredit ke TNG Wallet anda. Sila semak baki dan tuntutan anda di http://logtouchngo.cc

RMO GOV: Terima kasih atas sokongan anda dari kerajaan BN. Bantuan e-dompet kepada rakyat Malaysia berjumlah RM500 telah kredit ke TNG Wallet anda. Sila sahkan identiti dan semak baki anda di https://touchngoemy.top/

 

How TNG eWallet SMS Phishing Scam Works!

The many examples of the TNG eWallet phishing scam employ SMS spoofing technology to send you SMS messages that appear to be from the TNG eWallet team.

What most people don’t know is that – the TNG eWallet team will never send you any SMS messages to :

  • offer you money from government or other agencies
  • inform you that money has been credited to your eWallet
  • ask you to log into your eWallet account using a link
  • ask you to update your account information using a link

The TNG eWallet team warned users against clicking on any links sent by SMS, even if they appear to be genuine. Genuine TNG eWallet SMS messages will never have a link attached.

These links do not lead to the real TNG eWallet website (https://www.touchngo.com.my/), but use similar-looking fake domains, like:

tngewalletbantuangov.com
my.tngwallc.com
logtouchngo.cc
touchngoemy.top
ewallettouchng.top
touchngosign.com
touchngolog.top
logintouchngo.cc
touchngo.life
touchngologin.cc
my.touchngo.com
my.touchwalf.com
my.touchwalp.com
my.tngowalle.com
my.tngowallet.com
tngwallet.top

If you see such domains, you should be alert that you are being targeted by a phishing scam. NEVER CLICK ON A LINK in any TNG eWallet SMS.

If you click on any of these links, you will be taken to a page that looks like a genuine TNG eWallet login page, but is really a phishing scam page.

If you key in your login details, as well as your phone number and One-Time Password (OTP), the scammers will have full access to your eWallet, and can freely transfer out your eWallet balance.

As many of us link our credit cards to the TNG eWallet, the scammers can also reload your eWallet using those credit cards, and transfer the money out.

So make sure you IGNORE any SMS message that asks you to click on a link, even if it appears to be from TNG eWallet.

Please help to fight financial scams, by SHARING this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did Leaked Data Show Pfizer Vaccine Would Kill?!

Did leaked data show that Pfizer knew that its COVID-19 vaccine would kill people who took it?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Leaked Data Show Pfizer Knew Vaccine Would Kill!

People have been sharing a photo of The Irish Light newspaper, which claims that leaked data showed that Pfizer knew that its COVID-19 vaccine would kill people who took it!

It’s a long article, so feel free to skip to the next section for the facts!

Pfizer knew their vaccine would kill

Leaked data shows shocking number of fatalities and side effects now officially associated with covid shots

Recommended : Died Suddenly Movie : More Vaccine Lies Exposed!

 

Truth : Leaked Data Did Not Show Pfizer Vaccine Is Dangerous!

This is yet another example of FAKE NEWS created and propagated by anti-vaccination activists, and here are the reasons why!

Fact #1 : The Irish Light Is An Anti-Vaccination Newspaper

While many anti-vaccination activists are promoting the article as coming from an Irish newspaper, The Irish Light is a self-printed newspaper that was launched in August 2021 by two former journalists turned COVID conspiracy theorists – Gemma O’Doherty and John Waters.

Gemma O’Doherty previously worked for the Irish Independent newspaper, while John Waters used to work for The Irish Times.

Unlike regular newspapers which delivers news content, The Irish Light focuses on questioning the effectiveness of vaccines, the COVID pandemic, and other far-right ideas.

Fact #2 : EMA Cyberattack Occurred In January 2021

The Irish Light published their article called “Pfizer knew their vaccine would kill” in April 2022, as part of their 10th issue.

However, the cyber attack on the European Medicines Agency (EMA) it referred to occurred more than a year ago – in January 2021.

Fact #3 : EMA-Pfizer Data Was Leaked To Journalists + Dark Web

More than 40 MB of data was stolen in the EMA cyberattack and released on the dark web, and leaked to several journalists, including from The BMJ and academics worldwide.

The leaked data consisted of confidential documents on the Pfizer BNT162b2 vaccine candidate (later known as the Pfizer-BioNTech COMIRNATY COVID-19 vaccine), which included “internal / confidential email correspondence from November, relating to evaluation processes for COVID-19 vaccines“.

Recommended : Did Pfizer Vaccine Documents Reveal 1,291 Side Effects?!

Fact #4 : Leaked Documents Was About Quality Of Early Vaccine Batches

The BMJ reviewed the leaked documents, and found that they showed that regulators at the EMA had concerns about the quality of some early commercial batches of the Pfizer-BioNTech COVID-19 vaccine.

An email dated 23 November 2020 showed that a high-ranking EMA official complained that Pfizer was not producing its COVID-19 vaccines to the expected specifications.

Specifically, the level of intact mRNA dropped from about 78% in the clinical batches to 55% in the proposed commercial batches. Nothing in the leaked documents referred to safety issues, or side effects.

Fact #5 : Leaked EMA-Pfizer Data Was Tampered Before Release

On 15 January 2021, the European Medicines Agency (EMA) announced that their investigation showed that some of the leaked data was tampered by the hackers before being released.

Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines.

The BMJ was criticised for reviewing the leaked documents without first verifying their authenticity and accuracy.

EMA states that the information was partially doctored, and that the perpetrators selected and aggregated data from different users and added additional headings.

It is unclear to us why a respected journal chose to present unverifiable information, in the process damaging an institution that has worked for 25 years in a transparent and successful manner.

Recommended : Does Pfizer CEO aim to cut world population by 50%?

Fact #6 : Leaked Documents Showed EMA Regulation At Work

While anti-vaccination activists framed the leak as evidence of collusion between EMA and Pfizer, they actually show that EMA regulators were doing their jobs.

EMA did not cover up the quality issue, but filed two “major objections” with Pfizer, together with a host of other questions it wanted Pfizer to address.

On 25 November 2020, one of the leaked emails showed that Pfizer had already brought up the level of mRNA in their COVID-19 vaccine lots.

The latest lots indicate that % intact RNA are back at around 70-75%, which leaves us cautiously optimistic that additional data could address the issue.

Ultimately, the EMA authorised the vaccine on 21 December 2020, nothing that “the quality of this medicinal product, submitted in the emergency context of the current (covid-19) pandemic, is considered to be sufficiently consistent and acceptable.

Fact #7 : FDA Never Agreed To Withhold Pfizer Documents For 75 Years

The claim that the US FDA earlier agreed to withhold documents on the Pfizer vaccine for 75 years was debunked months earlier – in December 2021.

The US FDA never asked or agreed to withhold Pfizer COVID-19 vaccine documents for 75 years. That was merely the “interpretation” of Aaron Siri – the lawyer for PHMPT (Public Health and Medical Professionals for Transparency) – the group requesting the data that the FDA used to licence the Pfizer COVID-19 vaccine.

Read more : Did FDA Ask For 75 Years To Release Pfizer Vaccine Data?!

Fact #8 : Pfizer Documents Did Not Reveal Thousands Of Side Effects

The claim that the Pfizer COVID-19 vaccine documents revealed that it had thousands of side effects was debunked in March 2022.

The Pfizer document was publicly released on 17 November 2021, but it took antivaxxers more than 3 months to “discover” the list of 1,291 adverse events of special interest (AESI).

However, the AESI list was not a list of vaccine side effects. It was a list of “adverse events” that must be reported for further investigation.

It was also a generic list, which includes irrelevant adverse events like manufacturing and lab test issues, and even product availability and supply issues, as well as other diseases like MERS and chickenpox.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Don’t forget to protect yourself, and your family, by vaccinating against COVID-19!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | HealthTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Is FIFA Giving Free 50GB Data For World Cup 2022?!

Is FIFA offering 50 GB of free mobile data to stream World Cup 2022 matches with no interruptions?!

Take a look at the viral offers, and find out why they are just scams!

Claim : FIFA Is Giving Free 50GB Data For World Cup 2022!

People are sharing viral offers for 50 GB of free mobile data to stream World Cup 2022 matches without interruption. Here are some examples :

* FIFA is giving people around the world 50GB of data for free to watch the 2022 Cartel [Qatar] World Cup.*
* I Have Received Mine.*
* OPEN THIS*

* FIFA memberi orang di seluruh dunia 50GB data secara percuma untuk menonton Piala Dunia Kartel [Qatar] 2022.*
* Saya Telah Menerima Milik Saya.*
* BUKA INI*

FREE 50GB DATA PLAN FOR ALL NETWORKS

PERCUMA PELAN DATA 50GB UNTUK SEMUA RANGKAIAN

 

Truth : FIFA Is Not Giving 50GB Free Data For World Cup 2022!

This is yet another SCAM circulating on WhatsApp and social media, and here are the reasons why you must avoid it!

Fact #1 : FIFA Is Not Offering Free Mobile Data

First, let me just say it out loud and clear – FIFA is not offering free mobile data anywhere in the world, just to watch World Cup 2022 matches.

FIFA makes its money through sale of television, marketing and licensing rights for World Cup 2022, so there is simply no reason for it to provide free mobile data to stream the matches.

Fact #2 : FIFA Would Never Give You Anything Free

Please do NOT be naive. No one is going to give you free data just to participate in a survey!

FIFA is a corporation whose business is to make money, not a charity to give you free data.

Fact #3 : They Do Not Use Official FIFA Domains

Genuine FIFA promotions would be announced on the official website at www.fifa.com, or their official social media accounts:

  • Facebook : https://www.facebook.com/fifaworldcup/
  • Twitter : https://twitter.com/fifacom
  • Instagram : https://www.instagram.com/fifaworldcup/

They would never run contests or promotions via dodgy domains like “subsidy.buzz”, “50g.kxoe1.xyz”, “50gb450.xyz”, or “zlqxt.top”.

Once you see those random domains, click delete. Or just ignore. DO NOT CLICK.

Fact #4 : They Are Advertisement Scams

After you click on the link, you will be redirected through a series of hidden advertisements before you arrive at the “offer page”.

The offer page will ask you a series of simple questions. Regardless of your answers, you will be congratulated and told you won the 50 GB free data plan for three months.

You will be asked to key in your mobile number to receive the free mobile data, but you will never receive anything. In one variant, you are even redirected to more advertisements, including a video advertisement.

Fact #5 : Brands Won’t Ask You To Forward The Contest

To get that free 50 GB data for three months, you are asked to share the “contest” with 12 friends or groups on WhatsApp.

That’s a clear sign of a scam. No brand will insist that you must share their contest or free offer with WhatsApp friends of groups.

Please do not click to forward their offer to your family and friends. They will not appreciate being scammed with your help!

Fact #6 : They Can Potentially Be Dangerous

Similar scams in the past have more dangerous variants, where you are asked to :
a) install an app, which is really a malware to keep sending you advertisements
b) enter your banking or credit card details, ostensibly to prove your identity or some other excuse

Needless to say – proceeding with this step will open you up to great risk of monetary loss. DO NOT PROCEED!

If you install their malware, you will start receiving promotions, some of which will ask you to send an SMS to receive expensive free gifts like laptops and smartphones.

If you proceed to send the confirmation SMS messages, you will be subscribed and billed for international premium SMS services.

This is VERY DANGEROUS. Never agree to download and register for any unknown app from a website.

Always download your apps from an official App Store like Google Play Store (for Android smartphones) and Apple App Store (for iPhones).

Fact #7 : They Are Just Another Example Of Online Scams

These are just more examples of online scams offering freebies.

Now that you know the facts, please WARN your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Mobile | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Fact Check : Is Semak.Info A Phishing Website?!

Is the Semak.Info website used to check for GE15 voter information really a phishing website?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Semak.Info Is A Phishing Website!

After the official voter information website by the Malaysia Election Commission (SPR) went down a day before the GE15 election day,, people were advised to try an alternative voter information website called Semak.Info.

However, this warning then went viral later that day, claiming that the Semak.Info website is really a phishing website!

The app.semak.info is a phishing site to track your mobile number. Please be informed. Please do not forward. Thanks.

 

Truth : Semak.Info Is NOT A Phishing Website!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media, and here are the reasons why…

Fact #1 : Semak.Info + App.Semak.Info Are Different Pages

First, let me point out that Semak.Info, and App.Semak.Info are two different pages on the same website. Think of them as two different rooms in the same office.

Semak.Info is the public-facing page, where users can check their GE15 voter information. Think of it as the information desk at your office.

 

App.Semak.Info, on the other hand, appears to be the website administrator’s page. Think of it as the back office.

That’s why it has a login page, just like how your back office would have a door with a lock – so that the public can’t just walk inside.

 

Fact #2 : Phishing Websites Masquerade As Genuine Websites

Phishing (pronounced as fishing) is a social engineering attack that attempts to obtain your login information, or personal information like credit card and bank account numbers, etc.

Hackers accomplish this by creating fake websites that look like the real website, to trick you into revealing sensitive information like your bank account login and password, or your security questions.

The Semak.Info page does not ask for any login or critical personal information, so it is not a phishing website.

The App.Semak.Info page is blank, with a simple login function. It does not pretend to be an SPR or banking website, and so it is also not a phishing website.

Fact #3 : Semak.Info Is Owned By DAP

When Semak.Info was first circulated, I too was concerned about this “unknown” website. But a quick check showed that the Democratic Action Party (DAP) was the one promoting its use on Facebook.

I did a little digging, and confirmed that the Semak.Info domain is owned by the Democratic Action Party. It also looked like they bought the domain, and developed the website for GE14, way back in 2017.

Fact #4 : Phone Number Used To Send WhatsApp

Some people asked me why this Semak.Info website would require a phone number, when the official SPR website does not require one to obtain voter information.

What they may not realise is that the DAP team added a WhatsApp messaging feature to their Semak.Info website.

Once you key in your phone number and identity card number, the website will give you your voter information. At the bottom though is a blue Whatsapp [sic] button.

If you click on that button, the website will attempt to send a WhatsApp message to that phone number you keyed in earlier, with key voting information.

It doesn’t automatically send the message. You are given a preview of the message, and you will need to tap on the “Continue to Chat” button to actually send that message to the phone number.

Fact #5 : You Can Use A Fake Phone Number

You may be worried that the DAP team could be harvesting your phone number, and tying it to your identification card number.

Frankly speaking, that kind of data is already easily available and sold (illegally) to marketers and scammers alike. So no one actually needs to “scam” you into keying your phone number.

If you are worried, you can use a fake phone number with this website. Just key in any 7-digit number, with a legitimate 3-digit telco prefix (like 011, 012, 017, 018, etc.), and you are good to go.

Please WATCH OUT about such FAKE NEWS on WhatsApp and social media. They are designed to suppress voter turnout in the 15th General Election.

Regardless of what you may read or see on social media, please take the time and effort to cast your vote. This is not only your right, it is your responsibility as a citizen of Malaysia.

Remember – democracy does not guarantee us a good government. Democracy only guarantees us the right to vote out a bad government!

Happy voting on 19 November 2022!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Fact Check | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did US Military Find Evidence Of 2022 Election Fraud?!

Did the US military find evidence of fraud in the 2022 midterm election?!

Take a look at the viral claim, and find out what the FACTS really are!

 

Claim : US Military Find Evidence Of 2022 Election Fraud!

On 9 November 2022, Real Raw News posted an article claiming that the US Army Cyber Command found evidence of fraud in the 2022 midterm election!

It is long and rambling, so please feel free to skip to the next section for the facts!

As citizens and politicians anxiously scrutinized results, so too did the White Hat partition of the U.S. military. At U.S. Army Cyber Command headquarters in Fort Gordon, Georgia, cyber security analysts began noticing election irregularities early in the day. Approximately 35% of vote tabulators—electronic devices into which ballots are fed and counted—experienced what the Maricopa County Elections Department called a “technical hiccup,” which persisted for several hours. Unbeknownst to election officials, White Hats had undercover boots on the ground as the “glitch” forced voters to cast ballots elsewhere or forego voting altogether. At least one machine had active Wi-Fi and was connected to the internet, a Cyber Command source told RRN.

 

Truth : US Military Did Not Find Evidence Of Fraud In 2022 Election!

The truth is – this is just another FAKE STORY created by Real Raw News, just to generate page views and money.

Everything that Real Raw News posts must be regarded as FAKE NEWS, until proven otherwise.

Fact #1 : Real Raw News Is A Fake News Website

Real Raw News is a FAKE NEWS website that capitalises on making shocking but fake stories to generate page views and money.

To protect himself from legal repercussions, the owner and writer, Michael Baxter (real name – Michael Tuffin), claims that his articles are “humour, parody, and satire“.

This disclaimer, which is not clearly mentioned in his articles, lets him keep creating fake news that will go viral, and generate him money.

His articles have been regularly debunked as fake news, so you should NEVER share anything from his website. Here are some of his fake stories that I personally debunked earlier:

As Michael Tuffin himself admitted, he writes as Michael Baxter to “indemnify [himself] against potential legal ramification“.

Fact #2 : Real Raw News Never Offer Actual Evidence

Real Raw News reports always quotes anonymous sources, and offer no evidence to back up those claims. It’s no different in this new claim of electoral fraud in the 2022 midterm election.

Michael Baxter / Tuffin wrote such a long story, and quoted anonymous sources, but when you really look carefully – there is ZERO EVIDENCE for any of his claims.

That’s not really surprising though. How likely is it for this “former English teacher” to get the “inside scoop” from so many anonymous sources from his home in Texas? And why do all his scoops always end up false?

Read more : Moderna CEO Stéphane Bancel Arrested For Murder?!

A March 2018 screenshot of Michael Tuffin, who goes by the pseudonym Michael Baxter

Fact #2 : 2022 US Election Was Protected By Three Agencies

It is important to understand that the 2022 midterm US election was not actually protected by the US Army Cyber Command, as Real Raw News claimed.

The 2022 midterm election in the United States was protected by three different agencies, from two different departments:

  • Cybersecurity and Infrastructure Security Agency (Department of Homeland Security)
  • Cyber Command (Department of Defense)
  • National Security Agency (Department of Defense)

The US Army Cyber Command is merely one part of the US Cyber Command, which oversaw the protection of the 2022 election and is based in Fort Meade.

Fact #3 : All Three Agencies Detected No Fraud Or Threat

On November 8 and 9, 2022, officials from all three agencies said that they detected no evidence of fraud or threat to disrupt the election infrastructure.

Jen Easterly, director of the US Cybersecurity and Infrastructure Agency said:

We have seen no evidence that any voting system deleted or lost votes, changed votes, or was any way compromised in any race in the country.

General Paul Nakasone who heads the US Cyber Command and NSA operation to protect the 2022 midterm election said:

We continue to refine what we learned from the 2018 and 2020 elections. We generate insight to enable defense of the homeland, and ultimately impose costs by degrading and exposing foreign adversary capabilities and operations.

Fact #4 : No Legitimate Report Of Fraud In 2022 Election

There was no remotely similar report from any legitimate news outlet, nor an official statement by any government agency.

In fact, not even Fox News, which is notorious for pushing fake claims, actually reported that there was evidence of fraud in the 2022 midterm election.

Everything that Real Raw News posts should be regarded as FAKE NEWS.

Now that you know the facts, please SHARE THIS FACT CHECK out!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Fact CheckTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Mexico Did It Photo Infect Your Phone With Virus?!

Can the “Mexico Did It” photo infect your phone with a virus in just 5 seconds?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : “Mexico Did It” Photo Will Infect Your Phone With A Virus!

The warning about the “Mexico Did It” photo or image that will infect your phone with a virus keeps going… viral on WhatsApp and social media.

There are two versions so far – in English, and in Spanish.

FYI: They are going to publish an image that shows how Covid 19 is cured in Mexico and it is called “Mexico did it”, do not open it because it enters the phone in 5 seconds and it cannot be stopped in any way. It’s a virus. Pass it on to your friends and family. Now they also said it on CNN and BBC. DO NOT OPEN IT

Pass it on

Van a publicar una imagen que muestra como el Covid 19 se cura en Mexico y se llama “Mexico lo hizo” no lo abran porque entra al telefono en 5 segundos y no se puede frenar de ninguna forma. Es un virus. Pasenlo a sus familiares y amigos. Ahora lo dijeron tambien en CNN y BBC

 

Truth : There Is No “Mexico Did It” Photo / Virus!

This is just another example of FAKE NEWS circulating on WhatsApp and social media like Facebook and Twitter, and here are the reasons why…

Fact #1 : This Viral Message Has Been Circulating Since 2021

The viral message about the “Mexico Did It” photo or virus has been circulating on Facebook, WhatsApp and Twitter since April 2021.

Fact #2 : This Is A Modified Version Of “Argentina Is Doing It”

This viral message is actually a modified version of an earlier fake message, which claims that a video on WhatsApp called “Argentina is doing it” will hack your phone in 10 seconds.

It just replaces Argentina with Mexico, a video with a photo, and changes it from a 10-second hack into a 5-second virus attack.

Those two fake news are, in turn, probably based on the even older fake claim that hackers are using greeting photos and videos to hack your phone.

Read more : Can Greeting Photos + Videos Hack Your Phone?!

Fact #3 : There Is No “Mexico Did It” Photo / Virus

There is no such thing as a “Mexico Did It” image or photo. Neither is there a virus called “Mexico Did It“.

There is also no known virus that can infect your phone with a virus simply using a photo or image.

Fact #4 : CNN + BBC Never Reported On Such A virus

It’s been over 1.5 years since this fake story first appeared on Facebook and WhatsApp, but neither CNN nor BBC has ever reported on a “Mexico Did It” virus.

Fact #5 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Fact #6 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website. Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #7 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 5 seconds, as the hoax message claims.

Generally, malware won’t wait a few seconds before it infects your devices. Waiting will only increase the risk of detection.

Unless the malware creator designed it to only infect your phone when you are sleeping (like the early hours of the morning), it pays to execute immediately.

Now that you know the facts, please SHARE this article with your family and friends, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Fact CheckTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Binance Smart Chain Halts After $100M Crypto Theft!

Binance just shut down its blockchain, after getting hacked and losing over $100 million in crypto coins!

The shutdown prevented an even bigger loss of $566 million, but it defeated a key purpose of the blockchain – decentralisation.

 

Binance Smart Chain Halts After $100M Crypto Theft!

On Thursday, 6 October 2022, Binance Smart Chain was hit by a hacker who targeted 2 million Binance coins (BNB) worth $566 million.

The attack appeared to have started at around 2:30 PM EST, with the attacker’s wallet receiving two transactions of 1 million BNB coins.

Soon after that, the hacker tried to liquidate the BNB coins into other assets, by using a variety of liquidity pools.

Binance acknowledged the security incident several hours later, at 6:19 PM, and halted the BNB Smart Chain.

AT 7:51 PM EST, Binance CEO Changpeng “CZ” Zhao confirmed that an exploit was used in the BSC Token Hub to transfer the BNB coins to the attacker, and that they asked all validators to temporarily suspend the Binance Smart Chain. He also claimed that the funds are safe.

An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.

 

Binance Smart Chain Almost Lost $566 Million!

The majority of the 2 million BNB coins worth $566 million remained on the BNB Smart Chain, and was made inaccessible to the hacker, after BSC was shut down.

This is rather ironic since blockchains like BSC are supposed to be decentralised, and not meant to be so easily turned off – a fact BNB Chain acknowledged.

Decentralized chains are not designed to be stopped, but by contacting community validators one by one, we were able to stop the incident from spreading. It was not that easy as BNB Smart Chain has 26 active validators at present and 44 in total in different time zones. This delayed closure, but we were able to minimize the loss.

Even so, a BNB Chain spokesperson later confirmed that about $100 to $110 million in funds were taken off the Binance Smart Chain, and CZ said that the impact was about a quarter of the last BNB burn.

Of the funds taken off-chain, BNB Chain was able to freeze about $7 million with help from their partners in the cryptocurrency community.

So far, about $2 billion has been lost in crypto hacks in 2022, with cross-chain bridges used to transfer tokens across blockchains a popular target.

BNB Chain said that it would introduce a new on-chain governance mechanism to fight and defend against future possible attacks.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Money | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Maybank To Fully Migrate SMS OTP To Secure2u!

Maybank just officially announced that it will fully migrate from SMS OTP to Secure2u, as part of efforts to crack down on scams!

Here is what you need to know…

 

Maybank To Fully Migrate SMS OTP To Secure2u!

On 28 September 2022, Maybank officially announced that it will fully migrate from SMS OTP to Secure2u, as part of efforts to crack down on scams!

By June 2023, all online activities or transactions involving account opening, fund transfers and payments, as well as changes to personal information or account settings, will require Secure2u authentication.

This announcement came after Bank Negara Malaysia (BNM) ordered banks to migrate from the SMS OTP (One Time Password) to more secure authentication methods.

We remain highly committed in helping our customers to avoid being scammed by fraudsters.  This is done through existing security measures that are already in place and as we progressively rollout more measures that can help deter or minimise the likelihood of customers falling prey to financial scams.

We are also supportive of Bank Negara Malaysia’s announcement on 26 September 2022 in relation to the five measures to be adopted by banks in Malaysia to ensure higher standards of security, especially for Internet and mobile banking services.

The banking industry is committed to working together to combat financial scams which are increasingly prevalent in today’s digitalised environment.

– Dato’ Khairussaleh Ramli, Group President & CEO of Maybank

Read more : BNM Orders Banks To Stop Using SMS OTP To Fight Scams!

 

Details Of How Maybank Secure2u Will Replace SMS OTP

Secure2u isn’t new. It was introduced in April 2017 as a more secure way for Maybank customers to authorise Maybank2u and MAE transactions using Secure Verification (one-tap approval) and Secure Transaction activation codes (a 6-digit TAC number generated in the app), as an alternate to SMS OTP.

Maybank also revealed some details of how Secure2u will be enhanced as it replaces SMS OTP :

  • Only one Secure2u device will be allowed per account holder (customer) to minimise the possibility of compromise by a third party
  • Maybank will alert the customer by SMS, a push notification, and an email when Secure2u is registered on a new device.
  • In Q4 2022, Maybank will introduce a cooling-off period whenever customers enable Secure2u on a different device. This cooling-off period will give customers the opportunity to verify and report to the bank in case of any unauthorised Secure2u registration on a new device.

In addition to Secure2u, Maybank is heeding BNM’s call for tightened fraud detection rules and triggers, and has in place a call-back verification process to alert customers of suspicious transactions.

Read more : Maybank: New Secure2u Activations Only On MAE App

 

Maybank Advice On Fighting Scam

Maybank has a dedicated 24/7 hotline for customers to report financial scams at +603-5891-4744. Customers are advised to call the hotline immediately, as soon as they suspect that their banking details have been compromised, or whenever they notice suspicious transactions, so their bank accounts can be suspended swiftly.

Alternatively, customers can also contact the general Maybank Customer Care Hotline at 1-300-88-6688 to report scams / fraud, or to seek assistance in suspending their bank accounts.

Finally, here are some tips from Maybank on how to protect yourself while using online platforms:

  • Avoid installing/downloading apps/Android Package Kit (APK) files or clicking on suspicious links sent via chat messages such as SMS, WhatsApp, Messenger or other similar services.
  • Do not provide permission for any app to send or view your SMSes.
  • Do not ignore any warnings from your devices, especially when downloading or installing a new file.
  • Do not enter your banking details, especially username or password, in any suspicious apps or websites.
  • Always keep your antivirus software updated for constant protection.
  • Only download apps from the genuine app stores such as Apple App Store, Google Play Store or Huawei AppGallery and not from a link.
  • Be alert if you are being prompted to download a file that is not compatible with your device i.e.: iPhone/iPad device being asked to use an Android device to download a file.
  • Always look out for your online banking security image and phrase (i.e.: Maybank2u security image and phrase), to ensure the website and app are legitimate.
  • Do not root or jailbreak your device.
  • Update your mobile device’s operating system (OS) and apps regularly.

Finally, we must all remember to NEVER share with anyone (not even bank employees) details of our bank accounts.

Please SHARE this article and these tips with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

BNM : Banks To Stop Using SMS OTP To Fight Scams!

Bank Negara Malaysia has ordered banks to stop using SMS OTP, as a way to fight financial scams!

Here is what you need to know…

 

BNM : Banks To Stop Using SMS OTP To Fight Scams!

Bank Negara Malaysia (BNM) has ordered banks in Malaysia to stop using SMS OTP (One Time Passwords), and migrate to a more secure form of authentication for online transactions.

This move comes after many Malaysians were hit by scams that bypassed the security offered by SMS OTP, leading to great loss of their hard-earned money.

BNM governor Tan Sri Nor Shamsiah Mohd Yunus said major banks in Malaysia have already started migrating from SMS OTP to more secure forms of authentication.

 

BNM : More Measures Beyond SMS OTP To Fight Scams!

In addition to “banning” SMS OTP, BNM has ordered the further tightening of detection rules and triggers to block potential scams.

This includes adding a cooling-off period for first-time enrolments of online banking services, as well as devices being registered for authentication purposes.

Banks will also be required to set up dedicated scam hotlines, and provide convenient ways for customers to suspend their bank accounts if they suspect that those accounts have been compromised.

Banks also have to ensure that customers are able to reactivate their accounts after a reasonable period, after ensuring that their accounts have been secured.

Together with the financial industry, BNM will continue to ensure that banking and payment channels remain secure and equipped with the latest security controls. The effort to combat financial crimes also requires the support of all parties. As consumers, each of us are responsible for protecting ourselves from the threat of scams.

The reality, however, is that methods used by criminals will continue to evolve. BNM therefore continuously intensifies efforts and take steps to combat scams by introducing additional controls and safeguards from time to time.

– BNM governor Tan Sri Nor Shamsiah Mohd Yunus

Read more : Bank Negara Malaysia Email Scam Alert!

Despite these efforts, it is critical that we must all learn to safeguard our personal information and avoid downloading files or installing applications from unverified sources on our computer or smartphones.

We should also check our bank and credit card statements, and notify the banks once we notice anything suspicious.

Those who believe that they are victims of a scam should contact the Commercial Crime Investigation Department Scam Response Centre at 03-2610 1559/1599 or BNMTelelink at 1-300-88-5465; and lodge a police report to facilitate investigations.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Turn On Two-Step Verification In Telegram!

Find out WHY you should turn on two-step verification in Telegram, and HOW to do that!

 

Why You Should Turn On Two-Step Verification In Telegram?

Two-Step Verification is a feature that protects your Telegram account from being hijacked by hackers and scammers.

It blocks illegal takeover of Telegram accounts, by requiring a secret password that only you know. And it lets you recover your account via email.

This prevents hackers or scammers from taking over your Telegram account, even if you accidentally share with them the login code.

Read more : Beware Of Telegram Screenshot Hack + Scam!

 

How To Turn On Two-Step Verification In Telegram!

In this guide, I will share with you how to turn on two-step verification in Telegram.

Step 1 : Open Telegram.

Step 2 : Go to Options > Settings > Privacy and Security.

Step 3 : Tap on the Two-Step Verification option.

Step 4 : In the Two-Step Verification screen, tap on the Set Password option.

Step 5 : Key in your preferred password, which can be any combination of capital or small letters and numbers.

Step 6 : You will need to key the same password again, to confirm it.

Step 7 : Next, you can create a hint to remind you of your password. This is optional, and you can skip it if you prefer.

But if you key one in, the hint will be displayed whenever you are asked to key in the password in the future.

Step 8 : After that, you will have the option of adding a Recovery Email address, just in case your account is hijacked.

This is optional as well, but I highly recommend you add a recovery email, which is simply the email address you use.

Step 9 : If you entered a Recovery Email address, Telegram will now send you an email with a 6-digit code to verify that email address.

Step 10 : Look for the Telegram verification code email, and key in the 6-digit verification code.

That’s it! You’re done! From now on, you will be required to key in the password whenever you log into a new device.

This will prevent hackers / scammers from taking over your account, even if you accidentally give them the Login code you receive by SMS.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Beware Of Telegram Screenshot Hack + Scam!

Watch out for the Telegram screenshot hack and scam! Find out how the Telegram screenshot hack and scam works, and what you can do!

 

Telegram Screenshot Hack : New Twist To Old Trick

My friend just got hit by the Telegram screenshot hack, and the hacker is now trying to scam everyone on his contact list!

The Telegram screenshot hack is a new twist to an old trick, and here is how they do it…

Step 1 : Identify A Suitable Target

After obtaining a legitimate Telegram account through phishing or other means, the hacker reads through the messages to identify a suitable target – usually a close friend whom you often chat with, and trust.

For the purpose of our example, the hacker stole your friend’s Telegram account and has identified you as a suitable target.

Step 2 : Attempt To Login From Another Device

The hacker installs Telegram in another device and attempts to log into your account. He only needs the your phone number to do that.

The login attempt triggers Telegram to send a Login code to the your registered devices to authenticate the login. Usually, that’s the Telegram app in your smartphone.

Step 3 : Ask For A Screenshot Of Telegram

Traditionally, this is when the hacker will use your friend’s Telegram account to message you and ask for that Login code. However, asking for the Login code may trigger suspicion, so hackers have now come up with a new twist.

Instead of asking you for the Login code, the hacker will use your friend’s Telegram account to ask you to take a screenshot of your Telegram app and send it to him.

What harm is there? After all, many of us take screenshots and share them with family, friends and even on social media!

The problem is – the screenshot will accidentally reveal your Telegram Login code! Take a look at the actual screenshot my friend sent – it clearly shows the Telegram Login code!

Step 4 : Terminate All Other Sessions

The hacker will immediately use the Login code to log into your Telegram account on his device.

Then he will terminate all other sessions from that Telegram account, which means you get logged out from your Telegram app on your own smartphone!

Step 5 : Change Password

To prevent you from logging back in, and terminating his Telegram session, he will change the password.

Step 6 : Scam Your Friends

Now that the hacker gained control of your Telegram account and locked you out of it, he is free to scam your friends.

In this case, my friend’s contacts all started getting pleas to borrow money for some kind of emergency. The hacker will, of course, promise to pay you back quickly.

Your unsuspecting friends may not realise that this is not you that they are talking to, and may end up sending the hacker money.

In this case though, my friend managed to quickly alert us via WhatsApp that his Telegram account was hacked, so we didn’t tall for the scam.

One of his friends toyed with the scammer, and obtained the bank details. That is obviously not my friend’s name or account number!

 

Telegram Screenshot Hack : How To Prevent It?

Now that you know how the Telegram screenshot hack works, you can pretty much figure out how to prevent it.

Here is my quick summary for those who didn’t go through the whole process above :

  1. Do NOT send anyone your Telegram Login code. Not even anyone claiming to be working for Telegram.
  2. Do NOT send anyone a screenshot of your Telegram app. Even if it’s not a scam, it reveals portions of your chats!
  3. Turn on Two-Step Verification in Telegram. This lets you recover your account, even if you accidentally let someone take over your account.

Read more : How To Turn On Two-Step Verification In Telegram!

 

Telegram Screenshot Hack : How To Recover Your Account?

If you failed to turn on two-step verification, there is still a way to recover your Telegram account after it is stolen by a hacker.

For these steps to work though, you need to have access to your phone number. You must also do this quickly, as the hacker will be alerted to your attempt.

Step 1 : Open Telegram.

Step 2 : Log into your Telegram account using your phone number.

Step 3 : You will be asked if you have the correct number. Click Yes.

Step 4 : Telegram will send a 5-digit code to all your devices with Telegram installed. You won’t receive it since the hacker has already terminated all other sessions.

Step 5 : Click on the option just above the keypad – “Send the code as an SMS“.

Step 6 : You will now receive an SMS with the 5-digit code. Key it in, and you will now have access to your Telegram account.

Step 7 : Go to Options > Settings > Privacy and Security.

Step 8 : Scroll down and tap on Devices.

Step 9 : Tap on the option – Terminate All Other Session – to boot out the hacker.

Bonus Step : Turn on Two-Step Verification to prevent this from happening again!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Greeting Photos + Videos Hack Your Phone?!

Can hackers use greeting photos and videos to hack your phone, and steal your data?

Take a look at the viral claim, and find out what the FACTS really are!

 

Claim : Greeting Photos + Videos Can Hack Your Phone!

People keep sharing this warning about greeting photos and videos, which claims that they can hack your phone and steal your data.

It’s a long message, so just skip to the next section for the facts!

Hello Family and friends,

Starting tomorrow, Please do not send network pictures. Look at the following article to understand. I’m going to stop too.

Please delete all photos and videos of Good morning, Evening and other greetings and religious messages as soon as possible. Read the following article carefully and you will understand why.

Read all! Please send this message urgently to as many friends as possible to prevent illegal intrusion.

 

Truth : Greeting Photos + Videos Cannot Be Hack Your Phone!

Many of us get spammed with Good Morning, Good Afternoon, Good Evening photos and videos every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really cannot hack your phone. Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News –  does not exist!

Fact #2 : Greeting Photos + Videos Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these greeting photos and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Fact #3 : No Fraud Involving Greeting Photos / Videos

There has been no known fraud involving Good Morning or Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Now that you know the facts, please SHARE this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Fact CheckTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

XPeng Engineer Guilty Of Stealing Apple Car Secrets!

An XPeng engineer just pleaded guilty to stealing trade secrets from the Apple Project Titan self-driving car program!

Here is what we know so far…

 

XPeng Engineer Guilty Of Stealing Apple Car Secrets!

A former Apple engineer who joined Xpeng – the Chinese electric vehicle maker, just pleaded guilty to the criminal charge of stealing trade secrets from the Apple self-driving car program!

Zhang Xiaolang initially pleaded not guilty to the charges, but he reached a plea deal with prosecutors and changed his plea to guilty, according to court documents released on Monday, August 22, 2022.

The plea deal is sealed, so the details are unknown. Zhang’s attorney, Daniel Olmos, confirmed the plea agreement but declined to comment on the details. Sentencing however is set for November 2022.

Zhang faces a maximum sentence of 10 years in prison, and a $250,000 fine. With this plea deal, he should serve a much shorter sentence.

In addition to Zhang, US federal prosecutors also charged Chen Jizhong with stealing secrets from the Apple self-driving car program. Chen, however, continues to plead not guilty, and will have his day in court on August 29, 2022.

Chen is also represented by the same lawyer as Zhang – Daniel Olmos.

Recommended : Did China Make 7nm Chips In Spite Of US Sanctions?!

 

How XPeng Engineer Stole Apple Car Secrets!

Zhang Xiaolang worked on the Apple Project Titan autonomous vehicle program as a hardware engineer between 2015 and 2018, during which he designed and tested circuit boards.

He travelled to China during his paternity leave in 2018, and on returning in April 2018, he told his boss at Apple that he was leaving to work for XPeng (Guangzhou Xiaopeng Motors Technology) in China.

XPeng, also known as XMotors in the United States, is a Chinese electric car startup backed by Alibaba, Foxconn and IDG Capital. It has developed electric cars like the XPeng G3 and XPeng P5.

His boss felt that Zhang was “being evasive” during the meeting. There was also increased network activity and visits to his office, before he resigned. All that led to an internal Apple investigation of his two company-issued phones and laptop.

That’s when they discovered that Zhang had been downloading confidential files from the Apple lab during his time away. He was also caught on CCTV removing circuit boards and a Linux server from their lab.

Zhang’s network activity was found to consist of “both bulk searches and targeted downloading copious pages of information from the various confidential database applications“.

Recommended : US Mil Contractor Admits Selling Aviation Secrets To China!

Zhang was arrested at the San Jose airport in July 7, 2018, before he could board a last-minute, one-way flight to China aboard Hainan Airlines.

In an interview with Apple’s security team, Zhang admitted that he downloaded the data online, and removed hardware from its labs. He also admitted to the FBI that he stored the files he downloaded on his wife’s laptop.

The FBI described the data he stoled as “largely technical in nature, including engineering schematics, technical reference manuals, and technical reports“.

The files – about 24 GB worth – include a 25-page document containing engineering schematics of a circuit board, as well as technical manuals and PDFs related to the Apple self-driving car prototype.

The other Apple engineer to be charged with stealing secrets of its autonomous car project – Chen Jizhong – was accused of stealing stolen thousands of sensitive documents, as well as 100 photos taken inside its self-driving facility – all discovered in a hard disk drive he owned.

Chen was also arrested when he attempted to board a flight to China, ostensibly to visit his ill father.

Recommended : TikTok Leak : China Repeatedly Accessed Private User Data!

 

XPeng Denies Involvement In Theft Of Apple Car Secrets!

XPeng said in a Weibo post that it was aware of the plea agreement from media reports, but it was “not clear about the details, nor involved in further investigation conducted by US law enforcement“.

It has been more than four years into the case, and we are not aware of the specifics of the case and have not been involved in the follow-up investigation of the case by the US judiciary.

We also have no relevant dispute with Apple and have no connection with the case. We strictly abide by relevant laws and attaches great importance to intellectual property protection.

Zhang joined XMotors in May 2018, but the company quickly distanced itself from its employee, stating on July 11, 2021 :

There is no indication that he has ever communicated any sensitive information from Apple to XMotors.

XMotors always has strictly abided by the laws of China and the United States and takes protection of intellectual property rights seriously.

Company spokesperson Isabel Jiang also stated that once they were notified in late June 2018 that US authorities were investigating Zhang, they secured his computer and office equipment and denied him access to his work. They subsequently fired him.

XPeng also said that Zhang signed an intellectual property compliance document on the day he joined, and that there was “no record that he reported any sensitive and illegal situations” to the company.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Automotive | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Indonesia Bans Steam, PayPal, Epic Games + More!

Indonesia just banned a number of major websites including Steam, Epic Games, PayPal and Battle.net!

Here is what you need to know!

 

Indonesia Banned Steam, PayPal, Epic Games + More!

On 30 July 2022, Indonesians woke up to the shocking discovery that a number of gaming platforms like Steam, Epic Games, Origin, Ubisoft and Battle.net are now banned!

Not only were gaming platforms banned, Indonesia also banned major websites and digital services like PayPal and Waze.

Indonesian netizens have started sharing tips on how to bypass this sudden ban – by using VPN, or changing their DNS servers, to bypass what appears to be an IP block.

 

Why Indonesia Banned Steam, PayPal, Epic Games, Etc!

There was no official announcement by the Indonesian government, but it is likely that Indonesia banned Steam, PayPal, Epic Games and a bunch of other websites and digital platforms because they failed to register as an Electronics System Provider / Penyelenggara Sistem Elektronik (PSE).

On November 24, 2020, the Indonesian Ministry of Communication and Information Technology (Kominfo) imposed a new regulation calling for all local and international digital services to register with them for cybersecurity and user protection purposes.

Failure to comply with that regulation would subject the digital service to being banned / blocked in Indonesia.

Here is a partial list of major websites, platforms and digital services registered with the Indonesian government, and those that have not been registered, or are known to be blocked.

Those on the unregistered list are likely to be blocked, if not already blocked. Interestingly, Telegram is listed as registered, but is currently inaccessible (blocked) in Indonesia.

Registered Unregistered Blocked
LINE
WhatsApp
TikTok
Google
Google Classroom
Google Drive
Gmail
Google Cloud
YouTube
Amazon AWS
Facebook
Telegram
Twitter
Instagram
Discord
Zoom
Gojek
Spotify
Shopee
Lazada
Traveloka
Netflix
Disney+ Hotstar
Zenius
Mobile Legends
LinkedIn
Roblox
Vidio
FB Messenger
Wikipedia
Deezer
Waze
Brainly
Notion
Pinterest
SoundCloud
PayPal
EA
Nintendo
Ubisoft
Mangaku
MediaFire
GitHub
GitLab
Bitbucket
CloudFlare
MS Azure
Amazon
Reddit
DuckDuckGo
Twitch
IMDb
MS Office
Yahoo
IMDb
Patreon

Epic Games
Steam
Uplay
Battle.net
Origin

On July 15 – just 2 weeks earlier – Kominfo warned that digital service providers will be banned in Indonesia on July 21, 2022 if they refused to register.

The deadline for all PSE registration – both domestic and foreign – was set at July 20, 2022. After that, Kominfo would start banning unregistered apps and services.

At that time, Kominfo reported that many major brands and companies have yet to register with them, like Google (which owns YouTube, Google Drive, Gmail, etc.), Meta (which owns WhatsApp, Instagram and Facebook), Twitter, Netflix, PUBG Mobile and Mobile Legends.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Gaming | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

China Fines Didi Global $1.2 Billion For Violating Laws!

China just fined Didi Global a whopping $1.2 billion for violating its cybersecurity, data security and privacy laws!

 

China Fines Didi Global $1.2 Billion For Violating Laws!

On Thursday, 21 July 2022, the Cyberspace Administration of China (CAC) announced that Didi Global breached the country’s cybersecurity law, data security law, and personal information protection law.

The Chinese cyberspace regulator fined Didi Global 8 billion yuan ($1.2 billion), as well as a personal fine of 1 million yuan ($148,000) each on Chairman and CEO Cheng Wei, as well as President Liu Qing (also known as Jean Liu).

The facts of violations of laws and regulations are clear, the evidence is conclusive, the circumstances are serious, and the nature is vile.

Didi Global responded to the regulator’s announcement with a contrite statement “sincerely” accepting the judgement and penalties :

We sincerely accept this decision, and resolutely obey it. We will strictly follow the penalty decision and the requirements of relevant laws and regulations, conduct comprehensive and in-depth self-examination, and actively cooperate with supervision and complete rectification carefully.

We will take this as a warning and further strengthen the construction of cyberspace security and data security, strengthen the protection of personal information, and earnestly fulfill our social responsibilities. We will serve every passenger, driver and partner well, and realize the safe, healthy and sustainable development of the enterprise.

 

What Did Didi Do To Incur China’s Wrath?

According to an FAQ by the CAC, its investigators started their investigation of Didi in July 2021.

After conducting an extensive investigation, they found that Didi conducted data processing activities that “seriously affected national security”, and refused to comply with “the explicit requirements of regulatory authorities” and conducted “malicious evasion” of regulatory supervision.

They also stated that Didi Global committed 16 violations of China’s laws, including :

  1. Didi illegally collected 11.9639 million screenshots from its users’ mobile phone photo albums.
  2. Didi excessively collected 8.323 billion pieces of its users’ clipboard information, and application list information.
  3. Didi excessively collected 107 million pieces of passenger face recognition information, and 53.5092 million pieces of age group information, 16.3556 million pieces of occupational information, 1.3829 million pieces of family relationship information, and 153 million pieces of taxi address information.
  4. Didi excessively collected passengers’ evaluation of the drivers, when the app is running in the background, and 167 million pieces of precise location (longitude and latitude).
  5. Didi excessively collected 142,900 pieces of driver education information, and 53.976 billion pieces of “intent information”, 1.538 billion pieces of resident city information, and 304 million pieces of non-local business/travel information.
  6. Its users are frequently asked to provide “telephone permissions” while using its services.
  7. Inaccurate and clear description of user personal information processing, including device information.

The CAC noted that Didi started its bad practices in June 2015, and continued even after the Cybersecurity Law was implemented in June 2017, the Data Security Law started in January 2022, and the Personal Information Protection Law was implemented in November 2021.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Chinese Netizens Explode Over WPS Office Censorship!

Chinese netizens are incensed over evidence that WPS Office was monitoring and deleting their files!

Find out what’s going on, and what it means for the digital privacy of WPS Office users!

 

Chinese Netizens : WPS Office Is Monitoring + Blocking Our Documents!

Chinese company, Kingsoft, is under fire for claims that its productivity suite WPS Office is actively monitoring and deleting user documents that might displease Beijing!

At the heart of this issue is the WPS Cloud platform that works like Microsoft 365, allowing users to store their documents in the cloud, or locally.

Chinese netizens are alleging that WPS Office was actively monitoring their documents, and even deleting those that were detected to contain content that might displease the Chinese authorities.

One novelist who goes by the pseudonym Mitu, claimed that she was unable to access her unpublished 1.3 million character document. Not only was it blocked in her cloud storage, she couldn’t access the local copy using the desktop WPS client.

She was told that “the file may contain sensitive content and access has been disabled“.

Mitu shared her experience on Lkong – an online Chinese literature forum, and the social media platform Xiaohongshu, in late June 2022; and it only began trending in Weibo in early July after an influencer reposted her complaint.

A Weibo post on her complaint appears to have been deleted, but fortunately a screenshot was captured. This was the post in Chinese, machine translated into English :

Simply put, WPS seems to have some kind of sensitive word harmony function, Then after being detected, not only the ones stored on the cloud disk will be harmonized

According to the victim’s complaint, it is not only on the cloud, but also on local files. It’s hard to escape a harmony.

At present, according to some netizens, it may be checked after being saved.Sensitive words are detected and then determined to be files that may contain sensitive information,

Directly blocked, or it may be directly locked after being remotely detected by the background server local files There is no other way but to appeal (and it will be fixed in time) but this Is it remote from the server?

Now there is a lot of panic in the online literature circle, for fear that hundreds of thousands of words of manuscripts will be blocked overnight. Asking both online and offline harmony, many people re-use ms and writing pads write file

Mitu said she reported the problem to Kingsoft, which eventually apologised and restored access to the file within two days. The company admitted that “the file was not problematic”.

However, her story spurred other Chinese netizens to come forward with their own stories. A writer in Guangzhou who goes by the pseudonym Liu Hai also said that his WPS Office document of nearly 10,000 words was similarly blocked on July 1, 2022.

These incidents have sparked concerns about privacy in China. While the Chinese government routinely monitors and censors social media content, monitoring and blocking of personal documents would represent a new level of censorship in China.

 

WPS Office Admits Blocking File Access

After the online furore over claims that WPS Office deleted user files, the software developer issued a terse public statement on July 11, 2022.

It said that WPS Office does not delete the “user’s local files”, and that it was a misunderstanding. They only deleted the “online document link”, and blocked “others from access the link according to the law”.

Here is the Weibo post in Chinese, machine translated into English :

Statement on the exposure of online transmission #WPS will delete the user’s local files

A recent online document link shared by a user is suspected of violating the law, and we have prohibited others from accessing the link according to law. This has been misrepresented as #WPS delete user local files.

To this end, we specifically declare: WPS, as an office software developed for more than 30 years, has always put user experience and user privacy protection first.

WPS Office cleverly claims that it never “censors, locks or delete users’ local files”, which is technically correct but as Mitu and Liu Hai described, WPS Office blocks access to their users’ local files.

It was discovered that the files can still be opened by other software, like Microsoft Word or Tencent Docs. But the blocked files cannot be opened by WPS Office, even if they are stored locally (in the user’s computer).

It should be noted that Mitu never shared her file online. So WPS Office’s claim that they only blocked “others” from accessing the file is misleading.

 

WPS Office Not The Only Cloud Provider Monitoring Content

To be fair to WPS Office and Kingsoft, they are not the only ones monitoring content uploaded to the cloud. They just took things one step further by blocking access to local files.

By default, traffic to and from cloud-based productivity services like Google Docs, Microsoft 365 and WPS Office are not end-to-end encrypted.

That means they can and most likely are reading / monitoring EVERYTHING you type or upload. This includes files uploaded and stored in cloud-based storage services like Google Drive and Microsoft OneDrive.

That is the right of cloud service providers, because you are using their servers to store your content.

Google, for example, lists content that can be automatically removed and could even lead to a ban :

  • Account hijacking
  • Account inactivity
  • Child sexual abuse and exploitation
  • Circumvention
  • Dangerous and illegal activities
  • Harassment, bullying, and threats
  • Hate speech
  • Impersonation and misrepresentation
  • Malware and similar malicious content
  • Misleading content
  • Non-consensual explicit imagery
  • Personal and confidential information
  • Phishing
  • Regulated goods and services
  • Sexually explicit material
  • Spam
  • System interference and abuse
  • Unauthorized images of minors
  • Violence and gore
  • Violent organizations and movements

People need to be aware of this, and stop assuming that they have privacy on such cloud services, even if they paid to use them.

So it is not surprising that WPS Office monitors everything its users do. If they stopped at blocking access to the online files that contravened local laws, no one would bat an eye.

What is unusual though is that it also blocked access to the users’ local files! That means that their desktop and mobile apps were specifically designed to enforce a list of blocked files issued by WPS Office / Kingsoft.

If WPS Office / Kingsoft goes to that extent, does it mean that they would also alert the Chinese authorities about users producing content that displease them?

That is something everyone should think about, not just Chinese netizens who are justifiably concerned about WPS Office.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Science | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Will Scanning RFID Bar Codes Hack Your Phone?!

Will scanning an RFID bar code cause your phone to be hacked?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Scanning RFID Bar Codes Will Hack Your Phone!

This warning about an RFID bar code scam has gone viral on WhatsApp, and social media.

It claims that scammers are sending people RFID stickers, and asking them to scan the bar code.

Allegedly, scanning the RFID bar code will cause your phone to be hacked by these scammers!

They send the RFID to you. When you scan the bar code they hack your hp
It’s a scam

他们将 RFID 发送给您。 当您扫描条形码时,他们会入侵您
这是一个骗局

Mereka menghantar RFID kepada anda. Apabila anda mengimbas kod bar mereka menggodam anda
Ia satu penipuan ☠️👻💩😱😰

 

Truth : Scanning RFID Bar Codes Will NOT Hack Your Phone!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media, and here are the reasons why…

Fact #1 : There Is No RFID Bar Code Scanning Scam

First of all – let me just say that there is no such thing as an RFID bar code scanning scam. No one can hack your phone just because you scan an RFID bar code.

The bar code is nothing more than a series of numbers, which you can readily see printed under the bar code. These numbers cannot possibly hack your phone / smartphone.

Fact #2 : RFID Bar Code Is Used To Register Sticker

The bar code visible in the clear window of the TNG RFID self-fitment kit is merely the serial number for the RFID sticker (also known as an RFID tag).

This serial number is used to register the RFID sticker, by scanning scan the bar code using the TNG eWallet mobile app.

All it does is link the RFID sticker to your TNG eWallet account, so that all toll charges are automatically deducted from that account.

Read more : TNG RFID Self-Fitment Guide : How To Do It Yourself

Fact #3 : There Are Easier + Cheaper Ways To Hack Your Phone

Truth be told – there are far easier and cheaper ways to hack your phone, than send you a free RFID sticker and ask you to scan the bar code.

These scammers will have to put in considerable expense and technical expertise into hacking the TNG eWallet app, and inserting their malware that the fake RFID number would trigger.

But why bother? If they can hack the TNG eWallet, they don’t even need to send you any fake RFID bar code to scan!

Making fake RFID stickers (tags) that look like genuine TNG RFID self-fitment kits costs money. Sending these fake kits also put them at risk, because deliveries can be traced.

There are many other ways to compromise your smartphone. There is simply no reason why scammers to waste time and money on such a convoluted scheme.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Canada Internet Outage Due To Software Update, Not China!

The country-wide mobile and Internet outage in Canada was due to a software update, not hacking by China!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : China Responsible For Mobile + Internet Outage In Canada!

Within hours of news breaking that Canada suffered a massive Internet outage, Vancouver Times posted a story claiming that the Royal Canadian Mounted Police (RCMP) identified China as the responsible party.

Vancouver Times also claimed that the RCMP will issue arrest warrants for the hackers responsible, who are connected to the People’s Liberation Army (PLA).

Chinese state hackers are responsible for a massive internet outage that paralyzed large parts of Canada, according to the RCMP. The federal police agency is in the process of issuing arrest warrants for several people they believe are connected to the People’s Liberation Army.

The RCMP will be holding a press conference in the next few days to announce the arrest warrants, according to sources. Canadian intelligence agencies are reportedly receiving guidance from the CIA and the FBI.

On Friday a widespread network outage from Rogers left many Canadians without mobile and internet service. The outages caused significant problems for police, courthouses, passport offices and other facilities.

The outage also disrupted services across retailers, courthouses, airlines, train networks, credit card processors and police forces, pushing many to delay business transactions. Many people were seen at Starbucks, trying to use their internet service.

The mainstream media and big tech want to hide the truth. Beat them at their own game by sharing this article!

Read more : FBI + MI5 Issue Joint Warning On Chinese Spying!

 

Truth : Canada Internet Outage Due To Software Update, Not China!

This is yet another example of FAKE NEWS created by Vancouver Times to generate page views and money from gullible people.

Fact #1 : Vancouver Times Is A Fake News Website

Vancouver Times is a “content aggregator” (copy and paste) website that is known for creating fake news to generate more page views and money.

To look legitimate, they copy and paste news from legitimate news organisations. To drive traffic, they create fake news, sometimes masked as “satire”.

To give themselves a veneer of deniability, they label themselves as a “satire website” in their About Us section.

Vancouver Times is the most trusted source for satire on the West Coast. We write satirical stories about issues that affect conservatives.

Here are some of their fake news that we debunked :

Fact #2 : Outage Only Affected Rogers Communications

On Friday, July 8, 2022, Canada was hit by a massive mobile and Internet outage that hit businesses, banks, and even police emergency lines.

However, it only affected Rogers Communications, and did not affect rivals like BCE, Telus and Shaw Communications.

The outage was extensive because Rogers is Canada’s leading telecommunications provider, with about 11.3 million wireless subscribers, and 2.25 million retail Internet subscribers.

Read more : Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

Fact #3 : RCMP Did Not Blame China For Mobile + Internet Outage

The Royal Canadian Mounted Police did not blame China for Rogers Communications’ mobile and Internet outage.

This was made up by Vancouver Times to trigger right-wing conspiracy theorists, to go viral and draw more page views.

Fact #4 : Rogers Did Not Blame China For Mobile + Internet Outage

Rogers Communications themselves did not blame China for their mobile and Internet outage.

Fact #5 : Canada Confirmed Outage Was Not A Cyberattack

While the reason behind the outage was still unknown, a spokesperson for Canadian Public Safety Minister Marco Mendicino confirmed to CTV News that “the outage was not due to a cyberattack“.

Fact #6 : Rogers Confirmed Outage Due To Maintenance Update

On 11 July 2022, Rogers CEO Tony Staffieri apologised for the country-wide outage of its services.

He also said that the failure was due to “a maintenance update in our core network“. The maintenance work “caused some of our routers to malfunction early Friday morning“.

Fact #7 : Prior Rogers Outage Also Due To Software Update

This wasn’t the first time Rogers Communications’ network failed so drastically.

Just 15 months earlier – Rogers and its subsidiary, Fido, experienced a nationwide cellular service outage in April 2021.

That outage was ultimately traced to “a recent Ericsson software update” that “affected a piece of equipment in the central part” of their network, leading to “intermittent congestion impacting many customers across Canada“.

Fact #8 : It Would Have Been Considered An Act Of War

China attacking Canada’s mobile and Internet network would have been considered an act of war, if it was proven.

The Canadian government would at least have issued a strong statement, if not cut diplomatic ties with China and/or enact sanctions against the Chinese government.

Fact #9 : No One Else Reported This Story

China attacking Canada’s mobile and Internet infrastructure would have been major international news, reported across the globe.

Yet not only did no mainstream media cover this incredible story, it hasn’t even been reported in the usual conspiracy theory websites!

That’s because it was a fake story created by one publication – Vancouver Times, in their attempt to go viral again for more page views and ad money.

Fact #10 : There Is No Such Thing As A Publication Ban

Vancouver Times likes to use the “media blackout” claim, to explain why you can’t find any reputable media outlet reporting on China attacking Canada’s mobile and Internet infrastructure.

That’s utter and complete bullshit. No one – not a judge, not even the Canadian government – can control the worldwide media, or prevent anyone from writing about such an incredible story.

You can also be sure that even if the mainstream media in the Canada refused to run the story, it would have been reported by foreign media outlets, websites and blogs.

Yet, not a single foreign media outlet or online website published their account of this incredible story? That’s because IT NEVER HAPPENED…

Read more : Did Ghislaine Maxwell Just Commit Suicide In Prison?!

Fact #11 : Mainstream Media + Big Tech Would Have Loved The Hype

Vancouver Times is gaslighting you about how mainstream media and Big Tech want to hide the “truth” about China attacking Canada’s infrastructure.

They would all loved such shocking news, because it would have driven tons of traffic and engagement to their websites / platforms.

In fact, that was precisely why Vancouver Times created the fake story – to drive traffic, for the ad money.

Everything that Vancouver Times publishes should be regarded as FAKE NEWS, until proven otherwise.

Please help us fight fake news websites like Vancouver Times – SHARE this fact check out, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact CheckCybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

FBI + MI5 Issue Joint Warning On Chinese Spying!

The FBI and MI5 just issued a joint warning about economic spying and hacking operations by the Chinese government!

Here is what you need to know…

 

FBI + MI5 Issue Joint Warning On Chinese Spying!

On July 7, 2022, FBI Director Christopher Wray joined MI5 Director General Ken McCallum at the MI5 London headquarters to issue a joint warning about Chinese spying and cyberattacks.

Ken McCallum said that MI5 was running seven times as many investigations into China, as it had just four years ago. He also said that MI5 planned to double that to tackle the widespread attempts.

Christopher Wray, on the other hand, stressed that the FBI had substantially increased its investigations into China, and is currently managing about 2,000 problems, and opening about two counterintelligence cases every day.

The Chinese government is set on stealing your technology – whatever it is that makes your industry tick – and using it to undercut your business and dominate your market.

Maintaining a technological edge may do more to increase a company’s value than would partnering with a Chinese company to sell into that huge Chinese market, only to find the Chinese government and your partner stealing and copying your innovation.

Both McCallum and Wray alleged that the Chinese government is engaged in a “coordinated campaign” to “cheat and steal [technology] on a massive scale“.

They also stressed that China’s hacking programme dwarfs that of any other major country, and that it has a global network of intelligence operatives.

 

FBI + MI5 : China Also Preparing To Shield From Sanctions

Even more worrying is the fact that China is working to shield its economy from any future sanctions, obviously learning from how the West punished Russia for invading Ukraine.

This suggests that China is at least preparing for the possibility, if not the eventuality, of insulating its economy from potential sanctions, should it attack Taiwan.

Wray said that China is “trying to cushion themselves from harm if they do anything to draw the ire of the international community”, and that the Chinese government is pressuring Western businesses not to criticise Beijing or its policies.

He declined to say whether an invasion of Taiwan has become more likely due to these measures, but warn that Western investments in China could be similarly impacted by such a conflict.

Just as in Russia, Western investments built over years could become hostage, capital stranded. Supply chains and relationships disrupted.

Wray also shared that the Chinese government had directly interfered in a New York congressional election, because they did not want a candidate who was a critic and a former Tiananmen Square protestor to be elected.

China has for far too long counted on being everybody’s second-highest priority. They are not flying under the radar anymore.

Both Wray and McCallum said that the intention of the joint address was to “send the clearest signal” to the Chinese Communist Party (CCP), because if China decides to invade Taiwan, it would cause “one of the most horrific business disruptions the world has ever seen“.

Read more : US Mil Contractor Admits Selling Aviation Secrets To China!

 

FBI + MI5 : Examples Of Chinese Spying

McCallum shared some specific cases of Chinese spying activities that MI5 detected and thwarted.

Covert Theft

Late last year Chinese intelligence officer Shu Yenjoon was convicted in a US court on charges of economic espionage and theft of trade secrets from the US aviation sector.

Shu was active in Europe too: he’d been part of a prolific Ministry of State Security network targeting the aerospace sector.

MI5 worked with those being targeted in the UK to mitigate the risks until the FBI action could solve the problem for both of us.

Tech Transfer

Clandestine espionage methodology isn’t always necessary. Take the tale of Smith’s Harlow, a UK-based precision engineering firm. In 2017 Smith’s Harlow entered into a deal with a Chinese firm, Futures Aerospace. The first of three agreed technology transfers saw Futures pay £3m for quality control procedures and training courses.

You know how this ends: after further sharing of valuable IP, Futures abandoned the deal. Smith’s Harlow went into administration in 2020. As their Chairman put it: “They’ve taken what they wanted and now they’ve got it, they didn’t need the shell of Smith’s”.

Information Advantage

The CCP doesn’t just use intelligence officers posing as diplomats in the classic fashion. Privileged information is gathered on multiple channels, in what is sometimes referred to as the ‘thousand grains of sand’ strategy.

In Germany a retired political scientist and his wife who together ran a foreign policy think tank passed information to the Chinese intelligence services for almost ten years.

In Estonia a NATO maritime scientist was convicted for passing information to his Chinese handlers, who claimed to be working for a think tank.

Cultivating New Contacts

The deceptive use of professional networking sites is well known. Seemingly flattering approaches turn into something more insidious – and damaging.

In one example a British aviation expert received an approach online, ostensibly went through a recruitment process, and was offered an attractive employment opportunity. He travelled twice to China where he was wined and dined. He was then asked – and paid – for detailed technical information on military aircraft. The ‘company’ was actually run by Chinese intelligence officers.

Read more : China Should Worry About Russia Invading Ukraine!

 

Chinese Response To FBI + MI5 Spying Allegations

Chinese government officials naturally rejected spying allegations by the FBI and MI5.

A spokesman for the Chinese embassy in Washington, Liu Pengyu, called the accusations groundless and said that China “firmly opposes and combats all forms of cyber-attacks“, and would “never encourage, support or condone cyber-attacks“.

His statement also said that the Taiwan issue was “purely China’s internal affair” and that there was “no room for compromise or concession“. It also said that China “will strive for the prospect of peaceful reunification with utmost sincerity and efforts“, but noted that China would “reserve the option of taking all necessary measures in response to the interference of foreign forces“.

Chinese foreign ministry spokesperson Zhao Lijian did not address the claims directly, but accused the United States of being the real danger instead.

The relevant US politician has been playing up the so-called China threat to smear and attack China. Facts have fully proven that the US is the biggest threat to world peace, stability and development.

We urge this US official to have the right perspective, see China’s developments in an objective and reasonable manner and stop spreading lies and stop making irresponsible remarks.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | EnterpriseTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

FCC Commissioner Asks Apple + Google To Remove TikTok!

FCC Commissioner Brendan Carr just publicly asked Apple and Google to remove TikTok from their app stores!

Here is what you need to know about the renewed heat on TikTok!

 

FCC Commissioner Asks Apple + Google To Remove TikTok!

On June 29, 2022, FCC Commissioner Brendan Carr publicly called on Apple and Google to remove TikTok from their app stores.

This move came after leaked TikTok audio recordings obtained by Buzzfeed News revealed that ByteDance staff in China (and possibly the Chinese government) retained extensive access to data on US citizens.

Read more : TikTok Leak Showed China Repeatedly Accessed Private User Data!

In his public letter to Apple CEO Tim Cook, and Google CEO Sundar Pichai, the FCC Commissioner asked that TikTok be removed for “its pattern of surreptitious data practices”.

It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing’s apparently unchecked access to that sensitive data.

But it is also clear that TikTok’s pattern of conduct and misrepresentations regarding the unfettered access that persons in Beijing have to sensitive U.S. user data – just some of which is detailed below – puts it out of compliance  with the policies that both of your companies require every app to adhere to as a condition of remaining available on your app stores.

Therefore, I am requesting that you apply the plain text of your app store policies to TikTok and remove it from your app stores for failure to abide by those terms.

FCC Commissioner Carr also labelled TikTok as a “sophisticated surveillance tool” that is designed to harvest “personal and sensitive data“.

At its core, TikTok functions as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data.

Indeed, TikTok collects everything from search and browsing histories to keystroke patterns and biometric identifiers, including faceprints – which researchers have said might be used in unrelated facial recognition technology – and voiceprints.

It collects location data as well as draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device’s clipboard. The list of personal and sensitive data it collects goes on from there.

This should come as no surprise, however. Within its own borders, the PRC has developed some of the most invasive and omnipresent surveillance capabilities in the world to maintain authoritarian control.

Carr ended his letter with an “ultimatum” of sorts – if Apple and Google do not remove TikTok from their app stores, they need to provide “separate responses” to him by July 8, 2022, explaining why TikTok does not contravene their App Store policies.

As of June 30, 2022, TikTok is still available to download in the US app stores of both Apple and Google.

If Apple and Google acts on the FCC Commissioner’s request, TikTok will only be removed from their US app stores. It won’t affect downloads in other countries.

Neither would it prevent users in the US from continuing to use TikTok. They just won’t be able to download it any longer, or update to newer versions.

 

FCC Commissioner Lists History Of TikTok Data Practices!

While the leaked TikTok audio recordings may have precipitated this open letter to Apple and Google, FCC Commissioner Carr pointed to a list of questionable data practices by TikTok in the past.

The list makes for really interesting reading, especially for those who are not up to date on TikTok’s privacy and data security issues :

  • In August 2020, TikTok circumvented a privacy safeguard in Google’s Android operating system to obtain data that allowed it to track users online.
  • In March 2020, researchers discovered that TikTok, through its app in the Apple App Store, was accessing users’ most sensitive data, including passwords, cryptocurrency wallet addresses, and personal messages.
  • In 2021, TikTok agreed to pay $92 million to settle lawsuits alleging that the app “clandestinely vacuumed up and transferred to servers in China (and to other servers accessible from within China) vast quantities of private and personally identifiable user data and content that could be employed to identify, profile, and track the physical and digital location and activities of United States users now and in the future.”
  • In March 2022, a report included current and former TikTok employees stating in interviews that TikTok delegates key decisions to ByteDance officials in Beijing and that an employee was asked to enter sensitive information into a.cn domain, which is the top-level domain operated by the Chinese government’s Ministry of Industry and Information Technology.
  • Earlier, in 2019, TikTok paid $5.7 million to settle Federal Trade Commission allegations that its predecessor app illegally collected personal data on children under the age of 13.
  • India- the world’s largest democracy–has already banned TikTok on national security grounds for stealing and surreptitiously transmitting user data in an unauthorized manner.
  • Multiple U.S. military branches have also banned TikTok from government-issued devices due to national security risks, including the Navy, Army, Air Force, Coast Guard, and Marine Corps.
  • U.S. government officials have also urged troops and their dependents to erase the app from their personal phones.
  • U.S. national security agencies have similarly banned TikTok from official devices citing national security risks, including the Department of Defense, Department of Homeland Security, and the TSA.
  • The RNC and DNC have warned campaigns about using TikTok based on security concerns and the threat of officials in Beijing accessing sensitive data.
  • Citing data security concerns, private U.S. business operations have also banned TikTok from company devices, including Wells Fargo.
  • Once accessed by personnel in Beijing, there is no check on the CCP using the extensive, private, and sensitive data about U.S. users for espionage activities because compliance with the PC’s 2017 National Intelligence law is mandatory in China.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Are MySejahtera 68808 SMS Messages A Scam?!

Are MySejahtera messages sent through the 68808 SMS service really a scam?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : MySejahtera 68808 SMS Messages Are A Scam!

People are sharing this warning on social media – Facebook, Instagram, Twitter, as well as in WhatsApp and Telegram groups :

MySejahtera 通过 68808 发送短信要求用户 重置资料,请不要点击链接,这是钓鱼陷阱 骗局。
请转发广传出去给大家警惕,谢谢。

MySejahtera sending sms through 68808 to ask users to reset, pls do not click link. It’s a scam.

 

MySejahtera 68808 SMS Messages Not Necessarily A Scam!

Many Malaysians are rightfully wary about clicking on links sent by SMS or WhatsApp.

There have been many scams involving fake SMS or WhatsApp messages, which we covered here in Tech ARP :

However, Malaysians are also too gullible, accepting all warnings on WhatsApp as genuine, without first verifying if they are even true.

Here are the reasons why the MySejahtera reset messages delivered by the 68808 SMS service are not necessarily a scam!

Fact #1 : 68808 Is Used By MySejahtera

Despite what people may tell you – 68808 is an official SMS service number used by MySejahtera.

In fact, MySejahtera uses three SMS service numbers to send you notifications (like your vaccination appointments), as well as your password renewal link :

68808
68088
63001

Fact #2 : 68808 Messages Are Generally Legitimate

Despite what is shared on social media, messages sent through 68808 are genuine. What you need to be wary of are SMS messages sent via other numbers.

Take a look at this example of fake news shared on social media, and some websites. It was touted as an example of fake MySejahtera messages sent by 68808.

The truth is “original” message was sent through 63839, which is not a legitimate MySejahtera SMS service. The “fake” message was sent through 68808, which is a legitimate MySejahtera SMS service.

In this misleading example, you can also see a prior SMS message on vehicle servicing in the 63839 channel. Official MySejahtera SMS channels (68808, 68088 and 63001) will only show messages from MySejahtera, not other services.

Note : The links in both messages appear to be genuine, linking to https://mysejahtera.malaysia.gov.my/.

Fact #3 : MySejahtera Sends Reset Links Via SMS

Despite what social media “experts” may tell you – MySejahtera will send password reset links through SMS, as a verification method.

If you are trying to reset your MySejahtera password (because you forgot it), you will be sent an SMS message with a link to https://mysejahtera.malaysia.gov.my/, as the example above shows.

Fact #4 : SMS Messages Can Be Spoofed

That said, SMS messages can be spoofed to appear to come from the three legitimate MySejahtera channels – 68808, 68088 and 63001.

So you should avoid clicking on MySejahtera password reset links, even from legitimate channels, unless you have specifically asked to reset the MySejahtera password.

Fact #5 : MySejahtera Team Clarified This In April

The MySejahtera team actually refuted these false claims in April 2022. Unfortunately, people still continue to share this fake news.

So please help us fight fake news – share this fact check with your family and friends!

 

How To Avoid MySejahtera (Or Other) SMS Scam!

So here is what I recommend when it comes to SMS messages, whether they were sent by MySejahtera, banks, etc. :

  1. Always check to make sure they come from legitimate SMS channels. For MySejahtera, that’s 68808, 68088 and 63001.
  2. If you are not sure about an SMS message from the authorities / banks / telcos, please do not hesitate to call them to verify the authenticity of that message.
  3. Never click on a link to log into a website (like your bank). Always use your banking app, or log in manually using a Internet browser on your computer or phone.
  4. Only click on a link in specific circumstances that do not require a login – for example : to verify your request to reset your MySejahtera password.
  5. Do NOT click on any link to confirm that you are resetting a password, or confirm your new SIM card, unless you just requested to performed those actions.
  6. Before you click on a link, always check the link goes to the official website (like https://mysejahtera.malaysia.gov.my/). Never click on a link that goes to suspicious websites.

I hope this article helps you differentiate between fake claims circulating on social media and WhatsApp groups, and proper cybersecurity measures we should take to prevent being scammed of our hard-earned money!

Please help to SHARE this fact check article out, and please SUPPORT our work! Thank you!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

TikTok Leak : China Repeatedly Accessed Private User Data!

Leaked audio from internal TikTok meetings show that private user data has been repeatedly accessed from China!

Here is what you need to know…

 

Privacy Promise By TikTok : Overseas Data Stored In US + Singapore

For many years now, TikTok has repeatedly assured users that all data collected from users outside of China, stays out of China and is thus, not accessible to anyone in China.

To ensure that the Chinese government has no access to the data, one of the measures they took was to store all data collected overseas in servers located in the United States, with backups in Singapore.

This was explicitly stated in their New Privacy Policy :

We store the information described in the What Information We Collect section in servers located in the United States and Singapore.

Most people may not realise this, but they also added a caveat right after that, stating that their Corporate Group (in China) may remotely access the data…

When entities in our Corporate Group need information to help us provide the Platform, they remotely access the information pursuant to authorised and secure access controls.

 

TikTok Leak : China Repeatedly Accessed Private User Data!

Buzzfeed News recently received audio recordings from more than eighty (80) internal TikTok meetings, in which employees admitted that engineers in China accessed private user data.

This was despite a TikTok executive’s sworn testimony at an October 2021 US Senate hearing at the same time period, that a “world-renowned, US-based security team” decides who gets access to the private user data.

Instead, the leaked audio revealed that US staff did not have permission or knowledge of how to access the data. Rather, it was their colleagues in China who determined how and who accessed the private user data.

The leaked tapes ultimately show that TikTok may have misled lawmakers, users, and the public by downplaying the fact that their private data is readily accessible by employees in China, and potentially, the Chinese government.

Everything Is Seen In China

Eight different employees stated in nine statements that they had to refer to their colleagues in China to make those decisions.

Everything is seen in China“, said a member of TikTok’s Trust and Safety department in a September 2021 meeting.

In another September 2021 meeting, a TikTok director referred to a Beijing-based engineer as a “Master Admin” who “has access to everything“.

There’s Some Backdoor To Access User Data…

Fourteen of the leaked audio recordings were with, or about, a team of Booz Allen Hamilton consultants that TikTok brought in to investigate how data flows through TikTok and ByteDance’s internal tools.

In September 2021, one Booz Allen Hamilton consultant told colleagues that the tools felt like they had backdoors to access user data :

I feel like with these tools, there’s some backdoor to access user data in almost all of them, which is exhausting.

Oracle Only Providing Storage For Project Texas

TikTok has been working on what they call Project Texas – securely storing overseas data in Oracle cloud servers to comply with CFIUS (Committee on Foreign Investment in the United States).

Project Texas is limited to protecting the private information of US users, like phone numbers and birthdays – details that are not publicly visible, or have been set to private.

Such data will be stored at an Oracle datacenter in Texas – hence the name, and would only be accessible to specific US-based TikTok employees.

However, TikTok’s head of global cyber and data defense made clear that Oracle was only providing the data storage space for Project Texas. Ultimately, TikTok would be setting up the servers, and controlling everything.

It’s almost incorrect to call it Oracle Cloud, because they’re just giving us bare metal, and then we’re building our VMs [virtual machines] on top of it.

Unique IDs Not Protected Information

In one of the leaked audio recordings from a January 2022 meeting, TikTok’s head of product and user operations announced with a laugh that the Unique ID (UID) will not be amongst the protected content under the CFIUS agreement.

The conversation continues to evolve. We recently found out that UIDs are things we can have access to, which changes the game a bit.

Other Data Not Stored On Oracle Servers

The problem with Project Texas is that it only addresses US users… and only a small subset of their data.

Everything else – including private user data from non-US countries – will stay in their US and Singapore servers that remain accessible to ByteDance’s Beijing offices.

 

Response By TikTok : 100% US Data Traffic Routed To Oracle

TikTok publicly announced on the same day – June 17, 2022, that it changed the “default storage location of US user data“, and that “100% of US user traffic is being routed to Oracle Cloud Infrastructure“.

Although they “expect” to fully pivot to Oracle cloud servers located in the US, they will continue to use their existing US and Singapore servers for backup, and delete US users’ private data over time.

While this may address some of the privacy concerns for US users, it does not address the other privacy concerns revealed in the leaked audio recordings… or the privacy concerns of non-US users.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Watch Out For SVCReady Malware In MS Word Documents!

Please watch out for a new malware called SVCReady that is being embedded in Microsoft Word attachments!

Here is what you need to know about the new SVCReady malware!

 

Watch Out For SVCReady Malware In MS Word Documents!

The HP Threat Research just uncovered a new malware called SVCReady, which they first picked up on 22 April 2022 through HP Wolf Security telemetry.

SVCReady is being distributed in phishing emails with Microsoft Word attachments. On opening the infected Word document, an embedded Visual Basic for Applications (VBA) AutoOpen macro is used to run shellcode stored in the properties of the document.

Splitting the macro from the shellcode is a way to evade security software that would normally detect the malicious code.

Document properties containing shellcode, namely a series of nop instructions as represented by 0x90 values. Credit : HP

The SVCReady malware begins by downloading and loading its payload from the web, and connecting to its Command and Control (C2) server.

It then starts gathering and sending information to the C2 server like :

  • username
  • computer name
  • time zone
  • whether the computer is joined to a domain
  • HKEY_LOCAL_MACHINE\HARDWARE|DESCRIPTION\System registry key
  • running processes
  • installed software

The SVCReady malware also connects to its C2 server every 5 minutes to report its status, send information, receive new instructions, or validate the domain.

Currently, the malware appears to only gather and send information. However, that will change as the malware persists in the system, and is capable of receiving both updates and instructions from the C2 server.

In fact, the HP team observed the SVCReady retrieve and load a Readline stealer payload on an infected computer. It’s a sign of things to come.

The HP team believes that the SVCReady malware is still in early development, with an influx of updates adding features like encrypted C2 communications, and detection evasion.

They also found evidence linking SVCReady to past malware documents by the TA551 (Shatak) group from 2019 and 2020.

SVCReady will eventually be used for more nefarious purposes once it is good and ready. Until then, the malware will stay hidden, lurking and waiting for its master’s commands.

 

How To Avoid SVCReady Malware In MS Word Documents?

The HP team discovered that the malware creates a new registry key, which could serve as a signature for security software to detect it : HKEY_CURRENT_USER\Software\Classes\CLSID\{E6D34FFC-AD32-4d6a-934C-D387FA873A19}

But until security software are updated to detect SVCReady, the best way to avoid this malware is simple – do NOT open Word document attached to emails!

If you regularly receive Word documents in your emails, please VERIFY with the sender before opening them.

These phishing emails are designed to look legitimate. So be very careful about what you open!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : Nespresso 2022 Mother’s Day Contest!

Please watch out for the Nespresso 2022 Mother’s Day contest scam!

Find out why it is just a SCAM, and WARN your family and friends!

 

Scam Alert : Nespresso 2022 Mother’s Day Contest!

People are now sharing the Nespresso 2022 Mother’s Day Contest scam on WhatsApp :

Nespresso 2022 Mother’s Day Contest

5,000 free coffee machines for your Mother!

 

Nespresso 2022 Mother’s Day Contest : Why This Is A Scam!

Many of us are in dire straits during this COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using the same survey scam they have been using for years :

Unfortunately, this Nespresso contest is yet another SCAM that you should NEVER participate in!

  1. After you click on the link, you are taken to a page that looks like a genuine Nespresso contest page.
  2. You will be asked to answer three very simple questions.
    The answers are irrelevant – no matter what you answer, you are always allowed to proceed to the next step.
  3. You are then asked to share the promotion with 30 WhatsApp contacts, or 5 WhatsApp groups.
  4. Next, you will be asked to complete one of these tasks to receive the “free” Nespresso coffee machine :
    a) install an app, which is really a malware to send you advertisements, or
    b) enter your credit card details
    Needless to say – proceeding with this step will open you up to great risk of monetary loss. DO NOT PROCEED!
  5. If you install their malware, you will start receiving promotions, some of which will ask you to send an SMS to receive expensive free gifts like laptops and smartphones.
    If you proceed to send the confirmation SMS messages, you will be subscribed and billed for international premium SMS services.

So never click on such contest links, even if they were sent to you by a trusted relative or friend.

They would have certainly been fooled by the scam, so please warn them too!

 

How To Spot Scams Like The Nespresso Survey Contest!

Now, let me show you how to spot these scams next time!

If you spot any of these warning signs, DO NOT PROCEED and DO NOT SHARE!

Warning Sign #1 : Bad Grammar

Most of these scammers do not have a good command of the English language, so if you spot bad grammar, stay away.

Proper contests or events sponsored by major brands like Nespresso will have at least one PR or marketing person who will vet the text before allowing it to be posted.

Read more : Watch Out For Nestle 2022 Anniversary Phishing Scam!

Warning Sign #2 : Offering You Free Money Or Gifts

Please do NOT be naive. No one is going to give you money or free gifts just to participate in a survey!

Petronas isn’t going to give you FREE money, just because it’s their anniversary.

They are a corporation whose business is to make money, not a charity to give you free money.

Warning Sign #3 : Not Using The Real Jaya Grocer Domain

A genuine Petronas campaign would use their real domain – www.petronas.com.

Or they would run it off the official Petronas page on Facebook – www.facebook.com/petronas/.

If you see nonsensical domains like 0yjjg61.cn, 1eaf1rnbeef.top, ldxqw.bar, etc. that’s a sign of a SCAM!

Warning Sign #4 : Asking You To Forward The Offer

No brand will insist that you must share the offer with 5 groups or 20 friends on WhatsApp.

Do not click to forward their offer to your family and friends. They will not appreciate being scammed with your help!

Warning Sign #5 : Asking You To Download + Register An App

If you click through and joined the fake survey scam, you will eventually be asked to download and register for an app.

This is VERY DANGEROUS. Never agree to download and register for any unknown app from a website.

Always download your apps from an official App Store like Google Play Store (for Android smartphones) and Apple App Store (for iPhones).

Please help us fight scams like this and SHARE this article out!

And please WARN your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Home TechTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Petronas 50th Anniversary Scam Alert!

Please watch out for the Petronas 50th Anniversary survey contest scam!

Find out why it is just a SCAM, and WARN your family and friends!

 

Petronas 50th Anniversary Survey Scam Alert!

People are now sharing the Petronas 50th Anniversary messages on WhatsApp :

Petronas 50th Anniversary!

Click to enter to participate in the survey, have a chance to win 2000 Ringgit!

 

Petronas 50th Anniversary Survey : Why This Is A Scam

Unfortunately, this is yet another survey scam, like the FamilyMart 70th Anniversary scam!

For one thing – Petronas was incorporated on 17 August 1974, so their 50th anniversary would be on 17 August 2024!

Petronas confirmed that this survey is a scam in a Facebook post :

PETRONAS has been made aware of a scam online “survey” conducted supposedly in conjunction with “PETRONAS’ 50th Anniversary”.

We wish to inform that neither PETRONAS nor any of our subsidiaries within the Group of Companies are involved in this “survey”, and we appeal to the public not to respond or take part.

I know many of us are in dire straits during this COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using the same survey scam they have been using for years :

Now, let me show you how to spot these scams next time!

If you spot any of these warning signs, DO NOT PROCEED and DO NOT SHARE!

Warning Sign #1 : Bad Grammar

Most of these scammers do not have a good command of the English language, so if you spot bad grammar, stay away.

Proper contests or events sponsored by major brands like Petronas will have at least one PR or marketing person who will vet the text before allowing it to be posted.

Warning Sign #2 : Offering You Free Money Or Gifts

Please do NOT be naive. No one is going to give you money or free gifts just to participate in a survey!

Petronas isn’t going to give you FREE money, just because it’s their anniversary.

They are a corporation whose business is to make money, not a charity to give you free money.

Warning Sign #3 : Not Using The Real Jaya Grocer Domain

A genuine Petronas campaign would use their real domain – www.petronas.com.

Or they would run it off the official Petronas page on Facebook – www.facebook.com/petronas/.

If you see nonsensical domains like 0yjjg61.cn, 1eaf1rnbeef.top, ldxqw.bar, etc. that’s a sign of a SCAM!

Warning Sign #4 : Asking You To Forward The Offer

No brand will insist that you must share the offer with 5 groups or 20 friends on WhatsApp.

Do not click to forward their offer to your family and friends. They will not appreciate being scammed with your help!

Warning Sign #5 : Asking You To Download + Register An App

If you click through and joined the fake survey scam, you will eventually be asked to download and register for an app.

This is VERY DANGEROUS. Never agree to download and register for any unknown app from a website.

Always download your apps from an official App Store like Google Play Store (for Android smartphones) and Apple App Store (for iPhones).

Please help us fight scams like this and SHARE this article out!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > CybersecurityBusiness | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Are These Shanghai Disneyland Robot Dancers Real?!

Did China create these amazing robot dancers at the Shanghai Disneyland, beating even the Japanese?

Watch the viral clip for yourself, and find out what the FACTS really are!

 

Claim : China Created Classic Robot Dancers At Shanghai Disneyland!

Here is the video that countless people have been sharing on social media and even on YouTube. It is often paired with a short explanation in (broken) English.

This classic dance is only created in China and broadcast in Shanghai Disneyland. They are not female dance artists, but all robots made in China.

The performance time is only about 5 minutes, but the ticket queue time takes 4 hours. The ticket price is 499 yuan.

It has surpassed Japan in complexity, and its perfect facial expressions. Send this video to everyone to watch. Let us enjoy together…

 

Truth : They Are NOT Robot Dancers At Shanghai Disneyland!

The agility and grace of these dancers are amazing, but they are NOT robot dancers created by China for Shanghai Disneyland!

The less gullible would point out that it is something you would only expect from professional human dancers, and they would be right.

Fact #1 : That Is A Video Of A CBDF Competition

That was actually a video clip from one of the many competitions organised and broadcast by the CBDF (Chinese Ballroom Dance Federation).

Although we cannot ascertain who the dancers are, you can see the CBDF logo in the background, at 4:03 and 4:38.

No robot made today can match their agility and grace.

Fact #2 : 499 Yuan Was The Entry Price To Shanghai Disneyland

The fake story claimed that the ticket to watch this performance costs 499 Yuan – about US$73 / £55 / RM303. That would be ridiculously exorbitant for a single show.

In truth, that was the cost of an entry ticket to the Shanghai Disneyland when it first opened in February 2016.

Since 6 June 2018, it has been priced at 399 Yuan (off-peak), 575 Yuan (peak) and 665 Yuan (peak holiday).

Fact #3 : Disneyland Does Not Charge Extra To Watch Certain Shows

Anyone who has been to Disneyland knows that the entry fee is pricey. That’s because it covers all rides and shows inside Disneyland.

You only need to pay for food and drinks, and arcade games. Or if you opt to purchase Disney Fastpasses (Fastpass, FastPass+, MaxPass) to bypass long queues at popular rides or shows.

Otherwise, all rides and shows are free to enjoy once you enter Disneyland.

Fact #4 : That Is Not The Only Fake Video Of Chinese Robot Dancers

That is not the only fake video of Chinese robot dancers.

This one circulated earlier, claiming to be of a female robot dancer that handily beats all Japanese made-robots.

In that example, they took the video clip from the 2018 World Dance Sport Federation Championship in Lithuania…

Recommended : Did China Create This Amazing Female Dancing Robot?

 

Who Would Create Fake Stories About Robot Dancers?

With China’s aggressive foreign stance in recent years, it is not uncommon to see such fake stories being created and shared.

Some believe it’s part of a concerted attempt to burnish China’s image overseas.

Others believe the many fake stories are being created to drown out the negative coverage of China’s controversial Belt and Road Initiative, and their aggressive moves in the South China Sea.

Whatever the reasons may be, it is our duty as global citizens to stop the proliferation of such fake stories.

Please share this fact check with your friends, so they know the truth!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Photo + VideoTech ARP

 

Support Tech ARP!

If you like our work, please support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Thank you!