Tag Archives: Hacker

Did WEF Order Cyber Attacks On US Water Supply?!

Did the WEF order devastating cyber attacks on US water supply?! Take a look at the viral claim, and find out what the facts really are!

 

Claim : WEF Orders Cyber Attacks On US Water Supply!

People are sharing an article (archive) by The People’s Voice (formerly NewsPunch), which claims that the WEF ordered devastating cyber attacks on US water supply!

Here is an excerpt of that long and (intentionally???) confusing article. Feel free to skip to the next section for the facts!

WEF Memo Orders Devastating Cyber Attacks on US Water Supply

Recommended : Is WEF Planning Cyber Attack To Disrupt 2024 Election?!

 

Truth : WEF Did Not Order Cyber Attacks On US Water Supply!

This is yet another example of fake news created / promoted by The People’s Voice, and here are the reasons why…

Fact #1 : No Evidence WEF Ordered Cyber Attacks On US Water Supply

Let me start by pointing out that there is no evidence the World Economic Forum (WEF) ordered any cyber attacks on US water supply.

The US Cybersecurity and Infrastructure Security Agency also never once suggested, never mind reported, that there was any cyberattack by the WEF.

But more importantly – why would the WEF bother with cyberattacks when it allegedly has control over world governments? It can simply order them to restrict water supply, as and when it wishes to. Why bother with cyber attacks???

Unsurprisingly, The People’s Voice article provided no evidence to back up its ridiculous claim.

Fact #2 : WEF Video Is From 2022

Instead of providing any actual evidence, The People’s Voice article posted a link to its own video, which featured Professor Mariana Mazzucato, and claimed that the WEF ordered global water rationing to starve people into submission.

The video clip appears to be taken from the May 2022 WEF press conference on The New Economics of Water (link), and not 2023 as suggested by the article.

Needless to say, the actual video does not show Professor Mariana Mazzucato admit that a water crisis would help to starve people into submission, or that the elite was going to “experiment” on humanity.

Recommended : Did Insider Reveal WEF Global Famine False Flag Op?!

Fact #3 : CISA Warned Of Cyberattacks By Iran + China

On 18 March 2024, the US Cybersecurity and Infrastructure and Security Agency (CISA) highlighted two recent and ongoing cyber attacks against critical infrastructure in the United States, including drinking water.

However, those cyber attacks were not conducted by the WEF, but rather, by threat actors affiliated or sponsored by Iran and China. From the full CISA letter to US governors (PDF):

Threat actors affiliated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC) have carried out malicious cyberattacks against United States critical infrastructure entities, including drinking water systems. In these attacks, IRGC-affiliated cyber actors targeted and disabled a common type of operational technology used at water facilities where the facility had neglected to change a default manufacturer password.

The People’s Republic of China (PRC) state-sponsored cyber group known as Volt Typhoon has compromised information technology of multiple critical infrastructure systems, including drinking water, in the United States and its territories. Volt Typhoon’s choice of targets and pattern of behavior are not consistent with traditional cyber espionage. Federal departments and agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions and/or military conflict.

To be clear – these cyberattacks on American water systems have nothing to do with the WEF.

Recommended : Did Bill Gates Order Govts To Replace Farmers With AI Bots?!

Fact #4 : WEF Screenshot Is Fake

The cover image used by The People’s Voice article and video has a screenshot which purportedly shows the World Economic Forum (WEF) posting on X (formerly Twitter) that:

Water will soon become a privilege you must earn!

That is most definitely a fake screenshot, because there is no such post on X by the WEF.

If the WEF actually posted such a shocking warning, it would have been reported by the worldwide media. But of course, that didn’t happen, because the WEF never posted it!

Yet again, and unsurprisingly, The People’s Voice article provided no evidence that such a post ever existed!

Recommended : Did WEF Pass Law To Criminalise Criticism Of mRNA?!

Fact #5 : The People’s Voice Is Known For Fake News

The People’s Voice is the current name for NewsPunch, which possibly changed its name because its brand has been so thoroughly discredited after posting numerous shocking but fake stories.

Founded as Your News Wire in 2014, it was rebranded as NewsPunch in November 2018, before becoming The People’s Voice. A 2017 BuzzFeed report identified NewsPunch as the second-largest source of popular fake news on Facebook that year.

Its articles have been regularly debunked as fake news, so you should never share anything from NewsPunch / The People’s Voice.  Here are some of its fake stories that I fact checked earlier:

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Baltimore Bridge Collapse Conspiracies Debunked!

Take a look at the conspiracy theories surrounding the collapse of the Francis Scott Key Bridge in Baltimore, after it was hit by a ship, and find out what the facts really are!

Updated @ 2024-03-28 : Added new conspiracies, and updated information
Originally posted @ 2024-03-27

 

Baltimore Bridge Collapse Conspiracies… So Far!

Right after news broke that the Francis Scott Key Bridge in Baltimore collapsed after being hit by a massive container ship, some people immediately began suggesting there was more to the tragedy than meets the eyes…

Lara Logan : Welcome to the world of cyber terrorism.
Acc to intel sources: The Baltimore bridge collapse was a 9/11 style attack but they won’t admit it and we cannot see it because it was a CYBER ATTACK.

Lauren Witzke : You know things are getting bad when you can’t tell the difference between DEI incompetency and terrorism.

Recommended : Are Soldiers Protecting Trump Properties From Seizure?!

Baltimore Bridge Collapse Conspiracies Debunked!

This is yet another example of fake news created or promoted by conspiracy theorists and conspiracists, and here are the reasons why…

Fact #1 : Baltimore Bridge Collapsed After Being Hit By Ship

Let me start by simply pointing out that the Francis Scott Key Bridge in Baltimore collapsed on March 26, 2024, after being hit by a massive cargo container ship.

This Baltimore bridge did not collapse after an explosion. Neither was its collapse caused by a planned demolition in a false flag operation.

The viral video showing the bridge collapsing after an explosion is actually a video showing the partial collapse of the Crimean Bridge after being hit by a truck bomb on 8 October 2022. It has nothing to do with the Francis Scott Key Bridge in Baltimore.

Fact #2 : Baltimore Bridge Opened In 1977

Constructed over a period of five years at an estimated cost of US$110 million, the Francis Scott Key Bridge opened in 1977. It is a 4-lane steel bridge that spanned 2.6 km across the Patapsco River, where its namesake wrote the Star-Spangled Banner in 1814 after witnessing the British defeat at the Battle of Baltimore, and the British bombing of Fort McHenry.

After the bridge collapsed, other ships could no longer leave the Port of Baltimore. Over 40 ships remain trapped inside the Baltimore port, while another 30 ships that planned to make port are no longer able to do so.

The key point is this – this bridge was built 47 years ago under Republican president Gerald Ford, and opened under Democratic president Jimmy Carter. There was no DEI at that time, and its design and construction had nothing to do with the present Biden Administration, including current Transportation Secretary Pete Buttigieg.

Recommended : Was a man killed after putting out his arm to stop the lift?!

Fact #3 : The Container Ship Lost Power

The Dali is a massive Singapore-flagged container ship that is 289 meters long, and holds up to 10,000 twenty-foot equivalent (TEU) cargo containers. At the time it hit the bridge, it was carrying 4,679 TEU containers of cargo.

It was just leaving the Port of Baltimore just after midnight when it lost power. Not only were the crew blinded in the dark, none of its electronics worked and there was no propulsion, so they were unable to control the ship.

As the crew tried unsuccessfully to restart its engine, a local pilot onboard the vessel ordered the ship to be steered to port (left), and the anchor to be dropped. While the crew managed to restore electrical power using an emergency generator, they were not able to restart its engines.

With the ship floating adrift, the two local pilots onboard issued a mayday call at 1:30 AM to warn authorities that a collision was imminent, which allowed them to stop traffic from going over the bridge. A Maryland Transportation Authority official was recorded saying at that time:

There’s a ship approaching that has lost their steering. Until you’ve got that under control, we’ve got to stop all traffic.

According to NTSB investigator in charge, Marcel Muise, the recovered voyage data recorder (VDR) helped them establish the timeline of events:

12:39 AM : Dali departs Seagirt Marine Terminal

1:07 AM : Dali enters Fort McHenry Channel

1:24 AM : Numerous alarms were recorded on audio at the ship’s bridge, and data recording stopped (due to power loss) before resuming shortly from a redundant power source.

1:26 AM : The pilots onboard Dali made a high frequency radio call for tugboats to assist the Dali.

1:27 AM : The pilot dropped the port anchor and made another radio call reporting that the Dali lost all power, and was approaching the bridge.

1:29 AM : The Dali collided with the Francis Scott Key Bridge’s support pylon, causing it to collapse.

The video below, which is being shared on WhatsApp, does not accurately reflect the truth – the ship never regained the use of its engines, but it clearly shows when the ship lost power, and when it restored electrical power.

Recommended : Was Kate Middleton cancer reveal an AI Deepfake video?!

Fact #4 : No Evidence It Was A Planned Attack

There is no evidence that this accident was a planned attack, a cyberattack or a false flag operation.

For one thing – the Dali is owned by Singapore-based Grace Ocean, and managed by Singapore-based Synergy Marine Group, and it was chartered by Danish shipping giant Maersk to carry cargo. It is highly unlikely that those Singaporean and Danish companies would be involved in a planned attack.

On top of that, there were two local pilots onboard the Dali. If it was a planned attack, they would be complicit in a plot that would have involved dozens of people and intricate planning… for the “terrifying” purpose of collapsing a single bridge. Hardly makes for a great movie plot, don’t you think?

The Baltimore Field Office of the Federal Bureau of Investigation (FBI) said in a press statement, that “There is no specific and credible information to suggest any ties to terrorism at this time.

United States Attorney for the District of Maryland Erek L. Barron also dismissed those claims in a public statement, saying “There is no evidence at this time to suggest that today’s collapse of the Francis Scott Key Bridge in Baltimore has any ties to terrorism.

Fact #5 : Dali Was Inspected Twice Last Year

Dali was involved in a July 2016 accident, in which it hit a quay as it tried to exit the North Sea container terminal at the port of Antwerp in Belgium. That incident, which damaged several meters of its hull, was blamed on the ship’s master, and the local pilot onboard.

The Dali was inspected twice last year. According to Equasis, an inspection that was carried out in June 2023 in San Antonio, Chile, found that the Dali had “propulsion and auxiliary machinery” deficiencies. The Maritime Port Authority of Singapore (MPA) said a faulty monitor gauge for fuel pressure was rectified before the vessel departed the port.

In September 2023, the Dali underwent another inspection, this time by the US Coast Guard in New York, but that inspection did not find any deficiencies at that time. However, that does not mean that the Dali did not suffer engine failure before colliding into the Francis Scott Key Bridge.

Until investigations into the Dali are complete, anyone who claims that the collision was intentional is likely lying to you.

Recommended : Did Russia Arrest Rustam Azhiev For Moscow Attack?!

Fact #6 : Loss Of Power May Be Caused By Dirty Fuel

The loss of power experienced by the Dali is common in the maritime industry (source) – as many as 600 cases each year according to FuelTrust, although most occur in open water. They are often associated with poorly mixed fuel, or changing from high-sulphur to low-sulphur fuels when entering coastal emission control areas (ECAs).

In fact, shipping experts think “dirty fuel” may be the reason for Dali to lose power before smashing into the Francis Scott Key Bridge (source).

That power loss could have been caused by dirty fuel clogging filters that lead to the ship’s main generator.

While inside a port, as the Dali was before the collision, ships typically run on a relatively light diesel fuel. That also could have been contaminated. Common contaminants include water, dirt and algae. He definitely could have had dirty fuel

– Gerald Scoggins, a veteran chief engineer in the oil and gas industry and the CEO of the Houston company Deepwater Producers

Ian Ralby, the CEO of I.R. Consilium, a maritime and resource security consultancy, also said heavy marine fuel loaded onto ships in port is mixed with what is called cutter stock, and is prone to being loaded with contaminants and is not closely regulated. Such dirty fuel could have “gummed up all of the fuel lines on the ship.”

Fact #7 : Baltimore Bridge Was In Fair Condition

According to a press aide for Pete Buttigieg (source), the Francis Scott Key Bridge was last inspected in May 2023, and “found to be in satisfactory condition with an overall rating of fair”. Such inspections are supposed to occur every 24 months

Previously, Federal Highway Administration records show the bridge was last inspected in May 2021. Back then, inspectors rated its condition as “fair” with a rating of 6 (satisfactory) out of a maximum of 9, on three parameters.

To be clear – these inspections were being carried out on the bridge every 2 years, regardless of who happens to be the Transportation Secretary at that time.

Recommended : Did Cyberattack Cause Dali To Hit Baltimore Bridge?!

Fact #8 : Baltimore Bridge Location + Design Was Problematic

In light of the accident, experts are highlighting the problems with the location of the bridge’s piers and its design.

The Francis Scott Key Bridge is a steel truss suspension bridge with three centre spans held up by piers. Engineering experts that 11 News spoke to questioned why those piers were built so close to the shipping channel. They also pointed out that the bridge piers were not built to handle such ship collisions.

The way that it collapsed, I think that was surprising to some people, in particular, because one of the piers was hit, but all three of the spans collapsed. That’s a function of the continuity of the bridge.

So, there is a lot of load-sharing that goes on among those three spans, and so, if two of them are damaged or destroyed, as was the case here, by their support, direct support being removed, then the third span is going to be severely impacted and collapsed as well.

– Rachel Sangree, an associate teaching professor in the Department of Civil and Systems Engineering at the Johns Hopkins Whiting School of Engineering

In other words – the Francis Scott Key Bridge did not collapse due to controlled demolition. Its three spans collapsed after the pier was hit due to its suspension design.

Fact #9 : Baltimore Bridge Lacked Pier Protection

Roberto Leon, a Virginia Tech engineering professor, also highlighted the fact that the piers lacked protection:

The only way the post can resist it is by bending. But it cannot absorb anywhere near the energy that this humongous ship is bringing. So it’s going to break.

If a bridge pier without adequate protection is hit by a ship of this size, there is very little that the bridge could do.

After the September 11 terrorist attacks in 2001, Maryland discussed installing pier guards, but decided against it as it was too expensive.

I think they would have been effective in all this. They would have reduced the impact, or at least prevented the ship impacting directly the piers because the way it went, it looked almost effortlessly the same. The vessel hit the pier and it just went and there was no hesitation. The bridge couldn’t handle it at all. So, I think the fenders, the bumpers would help.

– Abieyuwa Aghayere, a civil engineering professor at Drexel University

Just to be clear – this decision was made more than 20 years ago, and had nothing to do with the current Biden Administration, or current Transportation Secretary Pete Buttigieg.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did Cyberattack Cause Dali To Hit Baltimore Bridge?!

Did a cyberattack cause the Dali to hit the Francis Scott Key Bridge in Baltimore, causing it to collapse?!

Take a look at the viral claims, and find out what the facts really are!

 

Claim : Cyberattack Caused Dali To Hit Baltimore Bridge!

Right after news broke that the Francis Scott Key Bridge in Baltimore collapsed after being hit by a massive container ship, some people immediately began suggesting there was more to the tragedy than meets the eyes…

Alex Jones : Looks deliberate to me. A cyber-attack is probable. WW3 has already started..

Andrew Tate : This ship was cyber-attacked. Lights go off and it deliberately steers towards the bridge supports. Foreign agents of the USA attack digital infrastructures. Nothing is safe. Black Swan event imminent.

Recommended : Baltimore Bridge Collapse Conspiracies Debunked!

No Evidence Cyberattack Caused Dali To Hit Baltimore Bridge!

This appears to be yet another example of fake news created or promoted by conspiracy theorists and conspiracists, and here are the reasons why…

Fact #1 : Dali Lost Power Before Hitting Baltimore Bridge!

Let me start by simply pointing out that the Dali – a massive container ship, only hit the Francis Scott Key Bridge in Baltimore, after it lost engine power.

The Dali lost power soon after leaving the Port of Baltimore in the middle of the night. Not only were the crew blinded in the dark, none of its electronics worked and there was no propulsion, so they were unable to control the ship.

As the crew tried unsuccessfully to restart its engine, a local pilot onboard the vessel ordered the ship to be steered to port (left), and the anchor to be dropped. While the crew managed to restore electrical power using an emergency generator, they were not able to restart its engines.

With the ship floating adrift, the two local pilots onboard issued a mayday call at 1:30 AM to warn authorities that a collision was imminent, which allowed them to stop traffic from going over the bridge. A Maryland Transportation Authority official was recorded saying at that time:

There’s a ship approaching that has lost their steering. Until you’ve got that under control, we’ve got to stop all traffic.

The video below, which is being shared on WhatsApp, does not accurately reflect the truth – the ship never regained the use of its engines, but it clearly shows when the ship lost power, and when it restored electrical power.

Recommended : Can Canada Social Credit System Freeze Bank Accounts?!

Fact #2 : No Evidence Dali Was Hit By Cyberattack

Despite claims by people with unnamed “inside sources”, there is simply no evidence that the Dali was hit by a cyberattack which steered it right into a bridge in Baltimore.

Built by Hyundai Heavy Industries, the Dali is powered by a single MAN 9-cylinder S90ME-C9.2 crosshead diesel engine. It also has a single 3,000 kW bow thruster for manoeuvring in ports, and four diesel generators for electricity.

While those engines, and controls, may be connected to a SCADA (Supervisory Control and Data Acquisition), they are not connected to the Internet. Even if the Dali’s SCADA system was somehow taken over by malware, the lack of Internet connectivity would make it impossible for any hacker to steer it into the bridge.

An early Cybersecurity and Infrastructure Security Agency (CISA) report appears to rule out an intentional or act of terrorism, finding that the Dali “lost propulsion” as it was leaving port.

The Baltimore Field Office of the Federal Bureau of Investigation (FBI) said in a press statement, that “There is no specific and credible information to suggest any ties to terrorism at this time.

United States Attorney for the District of Maryland Erek L. Barron also dismissed those claims in a public statement, saying “There is no evidence at this time to suggest that today’s collapse of the Francis Scott Key Bridge in Baltimore has any ties to terrorism.

If the Dali was indeed hit by a cyberattack before its crash, there would be evidence of hacking or malware in its SCADA system. However, until such evidence is discovered, anyone who tells out that it was definitely hit by a cyberattack is likely lying to you.

Unsurprisingly, none of those who claimed that a cyberattack caused the Dali to lose power and hit the Francis Scott Key Bridge ever provided a single shred of evidence from behind their keyboards.

Recommended : Did Russia Arrest Rustam Azhiev For Moscow Attack?!

Fact #3 : Ship Loss Of Power Is Common

The loss of power is common in the maritime industry (source) – as many as 600 cases each year according to FuelTrust, although most occur in open water. They are often associated with poorly mixed fuel, or changing from high-sulphur to low-sulphur fuels when entering coastal emission control areas (ECAs).

In fact, shipping experts think “dirty fuel” may be the reason for Dali to lose power before smashing into the Francis Scott Key Bridge (source).

That power loss could have been caused by dirty fuel clogging filters that lead to the ship’s main generator.

While inside a port, as the Dali was before the collision, ships typically run on a relatively light diesel fuel. That also could have been contaminated. Common contaminants include water, dirt and algae. He definitely could have had dirty fuel

– Gerald Scoggins, a veteran chief engineer in the oil and gas industry and the CEO of the Houston company Deepwater Producers

Ian Ralby, the CEO of I.R. Consilium, a maritime and resource security consultancy, also said heavy marine fuel loaded onto ships in port is mixed with what is called cutter stock, and is prone to being loaded with contaminants and is not closely regulated. Such dirty fuel could have “gummed up all of the fuel lines on the ship.”

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Free TNG RFID Bar Code Scam Fact Check!

Will your phone get hacked if you scan the TNG RFID bar code?! Take a look at the viral claim, and find out what the facts really are!

Updated @ 2023-11-17 : Added new version, and more details.
Originally posted @ 2023-05-10

 

Claim : Scanning TNG RFID Bar Code Can Hack Your Phone!

This warning about an RFID bar code scam has gone viral on WhatsApp, and social media, claiming that scammers are sending people free TNG RFID stickers, and asking them to scan the bar code.

Allegedly, scanning the TNG RFID bar code will cause your phone to be hacked by these scammers!

They send the RFID to you. When you scan the bar code they hack your hp
It’s a scam

他们将 RFID 发送给您。 当您扫描条形码时,他们会入侵您
这是一个骗局

Mereka menghantar RFID kepada anda. Apabila anda mengimbas kod bar mereka menggodam anda
Ia satu penipuan ☠️👻💩😱😰

If you get this free RFID card via courier, please throw away. Another scam.

Recommended : Bank Letter QR Code Scam : What You Need To Know!

 

Truth : Scanning TNG RFID Bar Code Will NOT Hack Your Phone!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media, and here are the reasons why…

Fact #1 : TNG RFID Bar Code Cannot Hack Your Phone

First of all – let me just say that the TNG RFID bar code cannot hack your phone. In fact, no one can hack your phone just because you scan an RFID bar code.

The bar code is nothing more than a series of numbers, which you can readily see printed under the bar code. These numbers cannot possibly hack your phone / smartphone.

Fact #2 : TNG Bar Code Is Used To Register RFID Sticker

The bar code visible in the clear window of the TNG RFID self-fitment kit is merely the serial number for the RFID sticker (also known as an RFID tag).

This serial number is used to register the RFID sticker, by scanning scan the bar code using the TNG eWallet mobile app. All it does is link the RFID sticker to your TNG eWallet account, so that all toll charges are automatically deducted from that account.

Fact #3 : TNG RFID Swapping Can Be Easily Detected

One of our readers suggested that the scammer might have swapped out the bar code, to trick you into registering a different TNG RFID sticker owned by the scammer.

This would allow the scammer to use his/her TNG RFID sticker to go through highway tolls for free, while you would be charged for his/her travels.

While that is plausible, it would be quickly detected by the victim who would not be able to use the RFID sticker to get through the toll. The victim would also be able to detect the illegal charges to his/her TNG eWallet account.

Read more : TNG RFID Self-Fitment Guide : How To Do It Yourself

Fact #4 : TNG RFID Is Unique To Each Chip

One of our readers suggested that the scammer may be trying to trick people into scanning the barcode of a duplicated RFID sticker. The scammer can then use the duplicate RFID sticker to go through tolls, which would be charged to the victims’ TNG eWallet accounts.

Now, Touch ‘n Go has not revealed much about how it is protecting its RFID stickers, only saying that each TNG RFID sticker has an embedded radio-frequency chip that makes every sticker “unique to each customer”.

But that suggests that the RFID stickers are not only encrypted, the chip has a private key that prevents duplication, which makes a lot of sense. Without such encryption and private key, anyone can literally just read the number off any RFID sticker in a parking lot, and duplicate it in a programmable RFID sticker.

Unless the scammer has somehow stolen the private keys, and can perfectly duplicate the RFID stickers, this seems like an improbable scam. More so when the scammers would be limited to using the tolls for free. Hardly worth the effort, if you ask me.

Fact #5 : There Are Easier + Cheaper Ways To Hack Your Phone

Truth be told – there are far easier and cheaper ways to hack your phone, than send you a free RFID sticker and ask you to scan the bar code.

These scammers will have to put in considerable expense and technical expertise into hacking the TNG eWallet app, and inserting their malware that the fake RFID number would trigger.

But why bother? If they can hack the TNG eWallet, they don’t even need to send you any fake RFID bar code to scan!

Making fake RFID stickers (tags) that look like genuine TNG RFID self-fitment kits costs money. Sending these fake kits also put them at risk, because deliveries can be traced.

There are many other ways to compromise your smartphone. There is simply no reason why scammers to waste time and money on such a convoluted scheme.

Recommended : WhatsApp Block Button Scam : What You Need To Know!

Fact #6 : Packages Do Get Delivered Wrongly

The most plausible explanation for receiving a free TNG RFID sticker out of the blue is that it was wrongly delivered to you. If you receive one, check the name and address on the package. It may not be meant for you. In that case, contact the delivery company and have them resend it to the right person.

I have also personally experienced receiving packages that I did not order, some of which appear to be sent due to a database error of some sort – my name and phone number are on the package, but the address was wrong or non-existent.

Out of an abundance of caution, just don’t install any RFID sticker that you did not order. Or you can call up TNG to verify that the RFID sticker is legitimate.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Is It Dangerous To Exit WhatsApp Exit Scam Groups?!

Is it dangerous to exit WhatsApp scam groups? Or quitting such scam groups on WhatsApp cause your phone to be hacked?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : It Is Dangerous To Exit WhatsApp Scam Groups!

People are sharing this warning about quitting WhatsApp scam groups using the Exit Group link option! Take a look!

Here’s another Scam chat group. DO NOT CLICK ON ITS EXIT GROUP BUTTON to exit, instead go to your top right 3dots and click on exit group or report.

Clicking on the group’s exit button might have dire consequences..

Recommended : WhatsApp Block Button Scam : What You Need To Know!

 

Truth : It’s Not Dangerous To Exit WhatsApp Scam Groups!

This viral warning was likely created by well-meaning but clueless Internet “experts” who are apparently not tech-savvy enough to understand what’s going on.

Fact #1 : No Evidence Of WhatsApp Exit Group Hacking

First, let me just point out that there is no evidence that anyone was ever hacked after using the Exit Group link to get out of any WhatsApp group, whether they are scam groups or otherwise.

Even if an enterprising hacker / scammer was able to create a message with a fake Exit Group button that downloads an APK (Android Package Kit) file, it won’t automatically install that file. You will need to manually install the APK file from the Downloads folder.

Those who know how to do that would be tech-savvy enough to avoid installing APK files from unknown sources. Those who don’t know how to do that would not be able to install the downloaded APK file.

Fact #2 : WhatsApp Exit Group Option Is Genuine

The truth is – the Exit Group link that you may see in new messages from strangers is not a scam or a trick. It also does not download or install any APK file.

The Exit Group link is actually a safety feature in WhatsApp, that appears if you have been added to a WhatsApp group by someone who is not in your contact list – like a scammer, for example.

Once you open the new group you have been added to, WhatsApp warns you that you were added by someone who isn’t a contact. You are then given the option to exit the group, or click OK to continue.

There is really nothing malicious about this Exit group link in WhatsApp. Clicking on it to exit any WhatsApp group won’t harm you in any way, or cause your phone to be hacked.

Recommended : Can Israel Seismic Wave Card Hack Your Phone?!

Fact #3 : Older Exit Group Methods Still Work

The WhatsApp Exit group link offers an easy way to quickly remove yourself from a group you don’t want to be in. However, the older exit group methods still work, in case you prefer to use them:

Exit Group Only

  1. Go into the group chat you wish to leave.
  2. Tap on the kebab menu / vertical ellipsis (⋮) icon on the upper right corner.
  3. Select MoreExit group.

An even better option is to actually report the scam group, while quitting it and removing the chat at the same time.

Report + Exit Group Only

  1. Go into the group chat you wish to leave.
  2. Tap on the kebab menu / vertical ellipsis (⋮) icon on the upper right corner.
  3. Select More > Report
  4. Make sure the Exit group and delete chat option is checked.
  5. Tap Report to report and quit from the group, and delete the chat.

Fact #4 : WhatsApp + Telegram Scam Groups Are Real

Before I leave, I just want to remind all of you that there are many scam groups on WhatsApp and Telegram.

If you are added to any of these scam groups, just exit them without a thought. Do not read anything posted in these scam groups, lest you fall for the scam!

That’s why scammers often try to convince you to check out the group first, and “don’t rush to leave the group”:

Hello everyone! Please don’t rush to leave the group, thank you all for taking the time to read this message!

Ignore whatever they post in those scam groups. Hit the Exit group link, or better still – REPORT the group to WhatsApp / Telegram!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Bank Letter QR Code Scam : What You Need To Know!

Are scammers sending bank letters with a QR code that can steal your money?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Bank Letter With QR Code Is A Scam!

People are sharing a photo of a letter from a bank, claiming that the QR code in the letter can steal your money if you scan it with your phone!

Circulating In WhatsApp : If you get a letter from the bank like this and ask to update the book using the QR CODE provided in the letter that was sent, don’t ever scan it, you will lose all your daily savings or old age savings, this is another scammer’s work and method take your money, please spread it to everyone so that siblings, relatives, neighbors & family members are not affected by this kind of scam…

Peng Seong, the one : ⛔️ Another Scam ‼️

Do NOT scan the QR code per the letter even with bank’s letterhead without verifying with the bank

Recommended : WhatsApp Block Button Scam : What You Need To Know!

 

Truth : Bank Letter With QR Code Is Not A Scam!

This is likely another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : This Is Old Fake News

First, let me just point out that this photo is not new. It first went viral, with a voice message in August 2022, and has subsequently gone viral on and off over the last year or so.

Fact #2 : CIMB Letter Was Genuine

The letter, which was sent by CIMB, is genuine. CIMB even posted a reply to one viral tweet, that the letter was genuine:

FYI, this [letter] is genuinely from our bank. You can refer to the link below for more information: [link no longer available]

[U]ntuk makluman, ia adalah sah dari pihak kami. Anda boleh rujuk pautan di bawah bagi maklumat lanjut: [link no longer available]

Fact #3 : CIMB Letter Was Only Sent To Business Customers

The letter was not meant for consumers, and was only sent to CIMB business customers, to request that they update their company/organisation’s information.

Re: Update on your records to improve your banking experience

We refer to the above mattes and our letter dated 27/06/2022.

We note that you have vet to update your company/organisations information with us.

As part of the Bank’s ongoing process to know our customers better and provide a seamless banking experience, we would like to remind you to return the completed Customer Information Update form to us

This letter appears to be CIMB’s efforts to comply with KYC (Know Your Customer) requirements set out by regulators like Bank Negara Malaysia (BNM).

Recommended : Can StopNCII Remove All Nude / Deep Fake Photos?!

Fact #4 : QR Code Leads To CIMB Website

QR codes is a type of barcode, which allows people and companies to share / deliver information, that can include links. QR codes can lead you to malicious websites, but they cannot deliver malware, or hack your computer or smartphone.

The QR code in the CIMB bank letter isn’t malicious. It actually codes for a link to the CIMB website. You can verify it by simply scanning the QR code in that “CIMB scam letter”. You will see that it only leads to http://www.cimb.com.my/bizupdate [which no longer exists]

Ultimately, this viral warning was likely created by well-meaning but clueless Internet “experts” who are apparently not tech-savvy enough to even verify the QR code by simply scanning it!

Fact #5 : Form Was To Be Emailed / Delivered

The CIMB letter asked its business customers to download and fill in a form. However, that form was not to be submitted online.

Rather, the letter specifically asked its business customers to email the completed form to a legitimate CIMB email address, or to physically mail or courier it to the bank itself.

Scan the QR Code below to download the form. Once you have completed the form, please submit by email to cimb_updates@cimb.com or mail/courier to the address below within 21 days from the date of this letter, failing which, the Bank reserves the right to suspend or close the account in accordance with the account terms and conditions.

In a real scam, you will be asked to taken to a fake CIMB bank website, and asked to logged into your bank account. That’s how the scammer gets hold of your bank login credentials.

However, even that scam won’t work without access to your TAC (Transaction Authorisation Code), which is sent to your phone by SMS, or authenticated through the bank’s mobile app.

For certain, scammers cannot log into your bank account by simply gaining your company’s information through a form, unless you actually include your company’s bank account login details!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Scammers Hack Your Phone If You Call Back?!

Can scammers hack your phone if you answer their calls, or call back?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Scammers Can Hack Your Phone If You Call Back!

People are sharing this advice about scammers hacking your phone if you answer their calls, or call back!

Very Very Urgent …

Please pass this message to your family and friends NOW.

Recommended : WhatsApp Block Button Scam : What You Need To Know!

 

Truth : Scammers Cannot Hack Your Phone If You Call Back!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : This Is Old Fake News

First, let me just point out that this fake message isn’t even new. It has been circulating on WhatsApp and social media platforms since April 2020, if not earlier.

Fact #2 : This Hoax Is Based On One Ring / Wangiri Scam

This hoax appears to be based on the 2019 FCC warning about the “One Ring” or “Wangiri” scam, where scammers use robocall devices to give victims a miss call, in hopes that they would call back and get charged for Pay-Per-Call services.

The Federal Communications Commission is alerting consumers to reported waves of “One Ring” or “Wangiri” scam robocalls targeting specific area codes in bursts, often calling multiple times in the middle of the night. These calls are likely trying to prompt consumers to call the number back, often resulting in per minute toll charges similar to a 900 number. Consumers should not call these numbers back.

Recent reports indicate these calls are using the “222” country code of the West African nation of Mauritania. News reports have indicated widespread overnight calling in New York State and Arizona.

Generally, the One Ring scam takes place when a robocaller calls a number and hangs up after a ring or two. They may call repeatedly, hoping the consumer calls back and runs up a toll that is largely paid to the scammer.

Consumer Tips: · Do not call back numbers you do not recognize, especially those appearing to originate overseas. · File a complaint with the FCC if you received these calls: www.fcc.gov/complaints · If you never make international calls, consider talking to your phone company about blocking outbound international calls to prevent accidental toll calls. · Check your phone bill for charges you don’t recognize.

This scam, however, does not involve hacking any phone. It only requires you to call back the number, which is a Pay-Per-Call service.

Once you call back, you will get charged a premium rate, as the scammers try to keep you on the line for as long as possible.

Recommended : Can Israel Seismic Wave Card Hack Your Phone?!

Fact #3 : Scammers Cannot Hack Phone Through Calls

It is simply not possible to hack your phone through a voice call, even if you’re using VOIP (Voice Over Internet Protocol), or apps like WhatsApp or Telegram.

What is possible though is voice phishing, also known as vishing. This is a form of social engineering, where scammers pose as a bank or police officer (or someone with authority) to obtain your bank account information, or trick you into transferring money into their bank accounts.

Fact #4 : 90# Telephone Scam Only Works With PBX / PABX

The #90 or 90# scam is a very old phone scam that only works on business landline phones that use a PBX (Private Branch Exchange) or PABX (Private Automatic Branch Exchange) system. Here is the official US FCC warning about this scam.

In this very old scam, the scammer pretends to be a telco employee looking into a technical problem with your phone lines, and asks you to help him by either mailing 90# or transferring the call to an outside line. If you do that, you will enable the scammer to place premium-rate calls that will billed to your phone number.

To be clear – these codes do NOT work on mobile phones or smartphones, because they do not run on PBX or PABX systems.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

WhatsApp Block Button Scam : What You Need To Know!

Will clicking on the WhatsApp block button install a malicious app that will hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : WhatsApp Block Button Is A Scam!

People are sharing this advice on a new WhatsApp scam involving the Block button in messages. Take a look!

New Type of Scam in Whatsapp.

Don’t press the “Block” button within the message because when you press on it then, you are effectively downloading this Malicious App. Instead go to WhatsApp setting (3 dots on the right hand top) and block the message.

Do the same if you received this kind of message in your SMS. Someone already got scammed by this fake template.

Whatsapp 中的新型诈骗。
不要按消息中的“阻止”按钮,因为当您按下该按钮时,您实际上是在下载此恶意应用程序,而是转到 WhatsApp 设置(右上角的 3 个点)并阻止该消息。
如果您在短信中收到此类消息,请执行相同的操作。

New Type of Scam in Whatsapp. Don’t press the “Block” button within the message because when you press on it then, you are effectively downloading this Malicious App. Instead go to WhatsApp setting (3 dots on the right hand top) and block the message. Do the same if you received this kind of message in your SMS. Someone already got scammed by this fake template.

Recommended : Can Mexico Did It Photo Infect Your Phone With Virus?!

 

Truth : WhatsApp Block Button Is New Feature!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : No Evidence Of WhatsApp Block Button Scam

First, let me just point out that there is no evidence that anyone was scammed by the WhatsApp block button in messages.

Even if an enterprising hacker / scammer was able to create a message with a fake block button that downloads an APK (Android Package Kit) file, it won’t automatically install that file. You will need to manually install the APK file from the Downloads folder.

Those who know how to do that would be tech-savvy enough to avoid installing APK files from unknown sources. Those who don’t know how to do that would not be able to install the downloaded APK file.

Fact #2 : WhatsApp Block Button Is Part Of New Safety Tools

The truth is – the Block button that you may see in new messages from strangers is not a scam. It also does not download or install any APK file.

The Block button is actually part of the new Safety Tools feature that WhatsApp started introducing in July 2023.

The Safety Tools feature will only appear when you receive a message from an unknown number. You will be given some details about the safety of this new contact – whether you are in common groups, and in some cases – the country of origin.

You are given the option of either blocking this new contact, or adding it to your Contact list. You can also click on the Safety tools link for more details.

Recommended : Can Israel Seismic Wave Card Hack Your Phone?!

Fact #3 : Older Blocking Method Still Exists

The new WhatsApp Safety Tools offer an easy way to quickly block and remove obvious spammers and scammers. However, it may not be readily apparent whether the new contact is genuine, or just a spammer / scammer.

If you start messaging with this new contact – to find out if their identity / purpose, the Safety Tools option will disappear. But don’t worry – you can still block this new contact if you realise that he/she is a spammer / scammer.

  1. Go to the messaging screen for the person you want to block.
  2. Tap on the kebab menu / vertical ellipsis (⋮) icon on the upper right corner.
  3. Select More > Block.
    You can also select More > Report (to report block the scammer)

Alternatively, you can block multiple contacts using this method:

  1. Open WhatsApp, and go to the Chats screen.
  2. Tap on the kebab menu / vertical ellipsis (⋮) icon on the upper right corner.
  3. Select Settings.
  4. Tap on the Privacy option.
  5. Scroll down and tap on Blocked contacts.
  6. Tap on the Add Contacts () icon at the upper right corner.
  7. Search for the contacts you want to remove, and select them.

Now, blocking people does not remove your contact details or profile photo from their phones and devices.

However, they will no longer be able to call you, or send you messages. They will also not be able to see changes to your status updates including when you’re online / last seen, or changes you make to your profile photo.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Israel Seismic Wave Card Hack Your Phone?!

Can the Seismic Wave Card containing photos of the recent Hamas attacks on Israel hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Israel Seismic Wave Card Can Hack Your Phone!

This warning about the Seismic Wave Card containing photos of the recent Hamas attacks on Israel has gone viral on WhatsApp:

URGENT

Some people are going to upload pictures of the fighting in Jewish settlements on WhatsApp. The file is called Seismic Waves CARD.

Do not open it, it will hack your phone in 10 seconds and cannot be stopped in any way.

They talked about it on TV. A cyber attack on us from all kinds of directions is also starting.

Pass the information on to family and friends.

Recommended : Did Fukushima Just Release Black Radioactive Water?!

 

Truth : There Is No Israel Earthquake Seismic Wave Card!

This is yet another example of FAKE NEWS circulating on WhatsApp, and here are reasons why…

Fact #1 : There Is No Seismic Wave Card!

First, let me just point out that there is no such thing as a Seismic Wave Card.

The Seismic Wave Card is an Internet hoax that keeps getting recycled for every disaster that comes along, like these examples show:

They are going to upload some photos of the Moroccan earthquake on WhatsApp. The file is called Seismic Waves CARD, don’t open it and see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Share the information with your family and friends.
DO NOT OPEN IT. They also said it on TV

They are going to upload some photos of the Cariaco earthquake on Whatsapp. The file is called Waves Seismic CARD, do not open or see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. DO NOT OPEN IT. They also said it on TV.

Recommended : Can Morocco Earthquake Seismic Wave Card Hack Your Phone?!

Fact #2 : Photos Are Shared Directly On WhatsApp

There is no need to open any file, or install any app, to view photos on WhatsApp. You simply click to view photos shared by other people on WhatsApp.

Of course, people may sometimes share high-resolution photos in ZIP or RAR files, because WhatsApp greatly reduces the resolution of photos shared on its platform.

Those ZIP or RAR files may be opened using apps like WinZip (Android | iOS) or RAR (Android) or Unarchiver (iOS). However, you should be wary if you are asked to download and install any app.

Unless you know what you are doing, it’s best to only view photos and videos directly inside WhatsApp, and not download any compressed files at all.

Fact #3 : Seismic Waves Card Is Not A Browser Hijacker

Seismic Waves Card appears to be falsely labelled as a browser hijacker by at least one “cybersecurity” website:

The scam message known as Seismic Waves Card is notorious for its disruptive behavior while surfing the web. Generally, scams like this, and other like Mintnav and Lookaside fbsbx, are crafted to meddle with your browser’s settings, replacing homepages and default search engines to promote affiliated sites and generate advertising revenue.

There is no evidence that a malware or browser hijacker called Seismic Waves Card exists. The article itself does not offer any evidence to prove its existence. In fact, the article and its guide on how to “remove” the malware appears to be generic, and may possibly be AI-generated.

Recommended : Can Greeting Photos + Videos Hack Your Phone?!

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest… but it cannot hack your smartphone by itself.

Recommended : Can Restaurant Menu QR Code Hack Your Phone?!

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website. Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

This is an incredibly clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 10 seconds, as the hoax message claims.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can SIM swap attack empty bank account without warning?!

Can a SIM swap attack empty your bank account without warning?! Take a look at the viral warnings, and find out what the facts really are!

Updated @ 2023-10-07 : Added new viral message, and other updates.
Originally posted @ 2022-01-16

 

Claim : SIM Swap Attack Can Empty Bank Account Without Warning!

This message has gone viral on social media and WhatsApp, warning about a new high tech fraud called SIM Swap Fraud that can empty bank accounts without warning.

The message includes a link to a Straits Times report about a young couple who lost $120,000 in a fake text message scam targeting OCBC Bank customers.

Your BANK Account could be Emptied without an Alert!

Dear All, Please let’s be very careful.. There is a new HIGH TECH FRAUD in town called the SIM SWAP FRAUD, and hundreds of persons are already VICTIMS.

Here is a new variant circulating in 2023:

My cousin received a call , asking if he had been vaccinated, if vaccinated to press 1.

If not vaccinated, press 2. As a result, he pressed 1, the phone was blocked and his online bank information/account were all transferred. Please be Alert and Careful and forward to more people to know about this new trick/scam. Forwarded as received.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

 

Truth : SIM Swap Attack Is Real, But Don’t Work Like That

The truth is – SIM swap attacks are real and very dangerous, but they do not work like the viral messages claim.

Here is what you need to know about the viral message, and SIM swap attacks.

Fact #1 : SIM Swap Attacks Are Not New

SIM swap attacks are really not new. Scammers have been using SIM swap attacks since 2015, if not earlier.

Fact #2 : SIM Swap Warnings Are Mostly False

The viral message is correct about the risk of SIM swap attacks, but pretty much wrong about everything else.

In fact, the method by which the SIM swap attack works is completely made up. So the viral message is really FAKE NEWS.

There’s no way your bank account will be emptied without any action on your part. Neither will your bank accounts be emptied because you participate in a COVID-19 vaccination SMS survey.

Fact #3 : No Evidence Of Such Fraud

There is no evidence of SIM swap attacks requiring users to complete the process by responding to an SMS survey about vaccination.

Neither is there any evidence that SIM swap attacks alone can lead to your bank accounts being emptied.

Fact #4 : Straits Times Article Was Not About SIM Swap Attack

One of the viral messages include a link to a Straits Time article to mislead you. That’s because the article was about a phishing attack, not a SIM swap attack.

In that phishing attack, the victim received an SMS  with a link that took him to a fake website that “looked exactly like the OCBC login page“. He then keyed in his bank login details, thus handing over control of his bank account to the scammers.

The victim also ignored automated messages warning him that his “account was being setup on another phone“. That had nothing to do with a SIM swap attack. It was an SMS-based phishing attack.

Recommended : How To Turn On Two-Step Verification In Telegram!

Fact #5 : SIM Swap Attacks Generally Do Not Require Any Action

In most SIM swap attacks, scammers use your personal information, either purchased from other criminals or obtained through earlier phishing attacks or social engineering, to request for a SIM card replacement.

All that does not require any action on your part. In most cases, you only realise you’ve been hit when you lose access to your mobile number.

Fact #6 : SIM Swap Attack May Require Action In Some Cases

The Press 1 claim in the viral message is partially correct, but it only happens in a particular circumstance.

In India, scammers have tricked people by offering a free network upgrade, or to help improve signal quality on their phones :

  1. The scammer will call the victim, claiming to be from their mobile service provider.
  2. The scammer will try to get the victim to reveal his/her 20-digit SIM card number.
  3. The scammer will use the 20-digit SIM number to initiate a SIM swap with the mobile service provider.
  4. The mobile service provider will automatically send an SMS to confirm the swap.
  5. Once the victim confirms the swap, his/her SIM card will stop working.
  6. The scammer now has access to the victim’s mobile number.

Fact #7 : SIM Swap Attack Does Not Hack Your Phone

The SIM swap attack does not involve any hacking of your phone.

You only lose access to your mobile number. Your phone is not hacked.

Recommended : Can Greeting Photos + Videos Hack Your Phone?!

Fact #8 : SIM Swap Attack Does Not Empty Bank Accounts

Once the scammers successfully gain control of your mobile number, they can use it to intercept one-time passwords (OTP) like TAC numbers.

This allows them to change passwords to your bank accounts, social media accounts, etc. which is why SIM swap attacks are so dangerous and damaging.

However, it does not mean your bank accounts are immediately emptied. For one thing – the scammers need to know your bank login.

That’s why SIM swap victims often have had their bank logins and passwords stolen earlier though phishing attacks. The scammers only need their mobile numbers to receive OTP / TAC numbers to authenticate the transfers.

Fact #9 : SIM Swap Attack Can Be Used To Cheat Friends Too!

Stealing money from your bank account requires extra work, so scammers who do not have your bank login details will resort to cheating your friends.

With access to your phone number, they can easily gain access to your social media accounts (Facebook, Twitter, Instagram) as well as instant messaging apps (WhatsApp, Telegram).

Once they have control, they can send messages to your friends, pretending to be you. Naturally, they will concoct some story to ask your friends for money.

The idea is to use your (now) stolen accounts to convince your friends that you genuinely need their help. The money that they transfer goes directly to the scammers, or their mules (people who rent their bank accounts to scammers).

Now that you know the facts behind the SIM swap attack or scam, please SHARE this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Mexico Did It Photo : Can It Infect Your Phone With Virus?!

Can the “Mexico Did It” photo infect your phone with a virus in just 5 seconds?!

Take a look at the viral claim, and find out what the facts really are!

Updated @ 2023-09-13 : Revised for a new wave
Originally posted @ 2022-11-07

 

Claim : “Mexico Did It” Photo Will Infect Your Phone With A Virus!

The warning about the “Mexico Did It” photo or image that will infect your phone with a virus keeps going… viral on WhatsApp and social media.

There are two versions so far – in English, and in Spanish.

FYI: They are going to publish an image that shows how Covid 19 is cured in Mexico and it is called “Mexico did it”, do not open it because it enters the phone in 5 seconds and it cannot be stopped in any way. It’s a virus. Pass it on to your friends and family. Now they also said it on CNN and BBC. DO NOT OPEN IT

Pass it on

Van a publicar una imagen que muestra como el Covid 19 se cura en Mexico y se llama “Mexico lo hizo” no lo abran porque entra al telefono en 5 segundos y no se puede frenar de ninguna forma. Es un virus. Pasenlo a sus familiares y amigos. Ahora lo dijeron tambien en CNN y BBC

Recommended : Can Morocco Earthquake Seismic Wave Card Hack Your Phone?!

 

Truth : There Is No “Mexico Did It” Photo / Virus!

This is just another example of FAKE NEWS circulating on WhatsApp and social media like Facebook and Twitter, and here are the reasons why…

Fact #1 : This Viral Message Has Been Circulating Since 2021

The viral message about the “Mexico Did It” photo or virus has been circulating on Facebook, WhatsApp and Twitter since April 2021.

Fact #2 : This Is A Modified Version Of “Argentina Is Doing It”

This viral message is actually a modified version of an earlier fake message, which claims that a video on WhatsApp called “Argentina is doing it” will hack your phone in 10 seconds.

It just replaces Argentina with Mexico, a video with a photo, and changes it from a 10-second hack into a 5-second virus attack.

Those two fake news are, in turn, probably based on the even older fake claim that hackers are using greeting photos and videos to hack your phone.

Read more : Can Greeting Photos + Videos Hack Your Phone?!

Fact #3 : There Is No “Mexico Did It” Photo / Virus

There is no such thing as a “Mexico Did It” image or photo. Neither is there a virus called “Mexico Did It“.

There is also no known virus that can infect your phone with a virus simply using a photo or image.

Fact #4 : CNN + BBC Never Reported On Such A virus

It’s been over 2.5 years since this fake story first appeared on Facebook, Twitter and WhatsApp, but neither CNN nor BBC has ever reported on a “Mexico Did It” virus.

Fact #5 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest… but it cannot hack your smartphone by itself.

Recommended : Can Restaurant Menu QR Code Hack Your Phone?!

Fact #6 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website. Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #7 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 5 seconds, as the hoax message claims.

Generally, malware won’t wait a few seconds before it infects your devices. Waiting will only increase the risk of detection.

Unless the malware creator designed it to only infect your phone when you are sleeping (like the early hours of the morning), it pays to execute immediately.

Now that you know the facts, please SHARE this article with your family and friends, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Morocco Earthquake Seismic Wave Card Hack Your Phone?!

Can the Seismic Wave Card containing photos of the recent earthquake at Morocco hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Morocco Earthquake Seismic Wave Card Can Hack Your Phone!

This warning about the Seismic Wave Card containing photos of the recent earthquake at Morocco has gone viral on WhatsApp:

They are going to upload some photos of the Moroccan earthquake on WhatsApp. The file is called Seismic Waves CARD, don’t open it and see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Share the information with your family and friends.
DO NOT OPEN IT. They also said it on TV

他们将在WhatsApp上上传一些摩洛哥地震的照片。该文件称为地震波CARD,不要打开或看到它,它会在10秒内破解您的手机,并且无法以任何方式停止。与您的家人和朋友分享信息。
不要打开它。他们还在电视上说过

Recommended : Did Fukushima Just Release Black Radioactive Water?!

 

Truth : There Is No Morocco Earthquake Seismic Wave Card!

This is yet another example of FAKE NEWS circulating on WhatsApp, and here are reasons why…

Fact #1 : There Is No Seismic Wave Card!

First, let me just point out that there is no such thing as a Seismic Wave Card.

The Seismic Wave Card is an Internet hoax that keeps getting recycled for every earthquake that comes along, like these examples show:

They are going to upload some photos of the Cariaco earthquake on Whatsapp. The file is called Waves Seismic CARD, do not open or see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. DO NOT OPEN IT. They also said it on TV.

They are going to upload some photos of the Calvario earthquake on WhatsApp. The file is called CARD Seismic Waves. Do not open them or see them, they hack your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. Don’t open it. They also said it on TV.

Fact #2 : Photos Are Shared Directly On WhatsApp

There is no need to open any file, or install any app, to view photos on WhatsApp. You simply click to view photos shared by other people on WhatsApp.

Of course, people may sometimes share high-resolution photos in ZIP or RAR files, because WhatsApp greatly reduces the resolution of photos shared on its platform.

Those ZIP or RAR files may be opened using apps like WinZip (Android | iOS) or RAR (Android) or Unarchiver (iOS). However, you should be wary if you are asked to download and install any app.

Unless you know what you are doing, it’s best to only view photos and videos directly inside WhatsApp, and not download any compressed files at all.

Recommended : Can Greeting Photos + Videos Hack Your Phone?!

Fact #3 : Seismic Waves Card Is Not A Browser Hijacker

Seismic Waves Card appears to be falsely labelled as a browser hijacker by at least one “cybersecurity” website:

The scam message known as Seismic Waves Card is notorious for its disruptive behavior while surfing the web. Generally, scams like this, and other like Mintnav and Lookaside fbsbx, are crafted to meddle with your browser’s settings, replacing homepages and default search engines to promote affiliated sites and generate advertising revenue.

This transgression doesn’t end here; they siphon sensitive data and create vulnerabilities in your system’s security framework, providing a gateway for more perilous threats, such as malware and phishing schemes, to invade.

The protracted presence of Seismic Waves Card in your system exponentially escalates the risk of serious compromises, emphasizing the dire necessity for its immediate removal. Recognizing the malicious potential of such unwanted apps is essential in maintaining a secure and safe digital environment. Stay vigilant and prioritize your cybersecurity.

There is no evidence that a malware or browser hijacker called Seismic Waves Card exists. The article itself does not offer any evidence to prove its existence. In fact, the article and its guide on how to “remove” the malware appears to be generic, and may possibly be AI-generated.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest… but it cannot hack your smartphone by itself.

Recommended : Can Restaurant Menu QR Code Hack Your Phone?!

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website. Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

This is an incredibly clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 10 seconds, as the hoax message claims.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did Lil Tay + Jason Tian Just Die Suddenly?!

Did Lil Tay and her older brother, Jason Tian, just die suddenly?!

Take a look at the viral claims, and find out what the facts really are!

 

Claim : Lil Tay + Jason Tian Just Died Suddenly!

Some websites and YouTube channels have recently claimed that social media influencer and rapper Lil Tay, and her older brother, Jason Tian, just died suddenly under mysterious / unknown circumstances.

Outlook India : 14-Year-Old Rapper Lil Tay Dies Along With Elder Brother Jason Tian

FreshersLive : Jason Tian Obituary, Who Was Lil Tay’s Brother Jason Tian? What Happened to Jason Tian? How Did Jason Tian Die?

News.com.au : Teen rapper Lil Tay and her brother both dead

Celebritysss : Lil Tay and Her Brother Jason Tian Are Survived By Their Parents After Their Deaths | Lil Tay

Some people have also gone full frenzy about the sudden death of Lil Tay and Jason Tian on social media:

Mario Nawfal : 🚨BREAKING: RAPPER LIL TAY REPORTED DEAD

Online influencer and rapper Lil Tay has passed away at the age of 14, five years after she rose to online fame.

The news of her ‘sudden and tragic’ demise was confirmed by an unnamed family member in a statement shared on Lil Tay’s Instagram account today.

The statement also revealed that her 21-year-old brother, Jason Tian, had also passed away.

Recommended : Did Justin Bieber Just Die In A High Speed Car Crash?!

 

Truth : Lil Tay + Jason Tian Did NOT Die Suddenly!

This is yet another example of celebrity FAKE NEWS circulating on social media, and here are the reasons why…

Fact #1 : Lil Tay Death Claim Based On Single Instagram Post

All these claims that Lil Tay and her older brother, Jason Tian, died suddenly are based on a single post on her Instagram account, which was shared on Wednesday, August 9, 2023:

It is with a heavy heart that we share the devastating news of our beloved Claire’s sudden and tragic passing. We have no words to express the unbearable loss and indescribable pain. This outcome was entirely unexpected, and has left us all in shock. Her brother’s passing adds an even more unimaginable depth to our grief.

During this time of immense sorrow, we kindly ask for privacy as we grieve this overwhelming loss, as the circumstances surrounding Claire and her brother’s passing are still under investigation.

Claire will forever remain in our hearts, her absence leaving an irreplaceable void that will be felt by all who knew and loved her.

It did not help that when news agencies tried to confirm her death, her father – Christopher “Chris” Hope refused to confirm either way:

Yeah, you have the right person, but I don’t have any comment right now. I’m not able to give you any comment right now. I’m sorry — I can’t.

But the Los Angeles Police Department stated that it had no record of Claire Hope or Jason Tian dying in LA (where they live):

We have no information on either of these two individuals Claire Hope or Jason Tian being killed or dying in Los Angeles.

If the LA county medical examiners has nothing on either of them either, that would lead me to believe they are not, in fact, dead, or that it did not occur in LA.

Recommended : Celine Dion Just Died Suddenly In Hospital?!

Fact #2 : Lil Tay + Jason Tian Are Still Alive!

On Thursday, August 10, 2023, Lil Tay issued a statement to say that she is still alive – a day after the death announcement on her Instagram account went viral.

I want to make it clear that my brother and I are safe and alive, but I’m completely heartbroken, and struggling to even find the right words to say.

It’s been a very traumatizing 24 hours. All day yesterday, I was bombarded with endless heartbreaking and tearful phone calls from loved ones all while trying to sort out this mess.

Fact #3 : Lil Tay’s Instagram Account Was Hacked!

Lil Tay explained that her Instagram account was “compromised by a third party” and used to “spread jarring misinformation and rumors” about her. She thanked Meta for letting her gain access to her Instagram account again.

She did not explain why it took her more than 24 hours to confirm that she was still alive and well. But a Meta spokesperson confirmed that they helped her recover her Instagram account.

Fact #4 : Lil Tay No Longer Goes By Claire Hope

Lil Tay was born as Claire Hope to Angela Tian and Christopher J. Hope on July 29, 2007. She was also known as Claire Eileen Qi Hope.

However, Lil Tay revealed that she no longer goes by her birth name – Claire Hope, which was what the fake death announcement used.

Instead, Lil Tay appears to have dropped the surname of her estranged father, and now goes by the legal name, Tay Tian.

Recommended : Did Sinead O’Connor Die Suddenly From Vaccine / Suicide?!

Fact #5 : Lil Tay Is Accused Of Orchestrating Death Hoax

Lil Tay’s former manager – Harry Tsang, who was her last known public representative at the height of her fame in 2018, cast doubts over her statements.

Harry Tsang accused Lil Tay of lying about her Instagram account being hacked, and alleged that she orchestrated the fake statement about her death.

Upon learning about Lil Tay’s assertion of her well-being, I find relief in the fact that she is safe. However, I believe the reported hacking incident may not have occurred.

He pointed out two points of doubt over the validity of Lil Tay’s claims of being hacked:

My rationale for this perspective is twofold: firstly, the restoration of a compromised account on platforms like Meta/Instagram typically does not necessitate a 24-hour timeframe.

Secondly, the actions of Lil Tay’s brother, renowned for his propensity for extreme measures, lead me to hypothesize an alternative motive behind this occurrence.

Harry Tsang then suggested that Lil Tay and/or Jason Tian might have orchestrated this death hoax to rekindle her fame:

Simultaneously, if the underlying motive is indeed to rekindle Lil Tay’s prominence within the public sphere, I contend that such actions demonstrate a certain degree of irresponsibility.

It’s essential to consider the potential repercussions of employing such tactics, particularly given their potential impact on the perceptions and sentiments of the broader audience.

Recommended : Did Simon Cowell Just Die Suddenly In Hospital?!

Fact #6 : This Is Just Fake Celebrity News

This is yet another example of fake celebrity news created to generate page views and money through advertising, just like these examples:

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Celebrity Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Gigabyte motherboards shipped with firmware backdoor!

Millions of Gigabyte motherboards and laptops shipped with a built-in backdoor in its UEFI firmware!

Here is what you need to know about this cybersecurity danger, and what you can do about it!

 

Gigabyte Motherboards Shipped With Firmware Backdoor!

On 31 May 2023, researchers at the cybersecurity firm Eclypsium revealed that 271 Gigabyte motherboard models have been compromised with UEFI firmware with a built-in backdoor!

Eclypsium’s heuristic detection methods recently began flagging suspicious backdoor-like behaviour in Gigabyte motherboards. When its researchers looked into it, they found that Gigabyte motherboard firmware was executing a Windows native executable during the system start up process. This executable then insecurely downloads and executes additional payloads.

From their analysis, the executable appears to be a legitimate Gigabyte module called WpbtDxe.efi:

  • it checks to see if the “APP Center Download & Install” feature is enabled
  • it downloads executable payloads from Gigabyte servers
  • it has a Gigabyte cryptographic signature

They also found that the downloaded payloads have Gigabyte cryptographic signatures too, which suggest that this firmware backdoor was implemented by Gigabyte itself.

However, Eclypsium researchers discovered that the Gigabyte implementation had a number of problems, which would make it easy for threat actors to abuse the firmware backdoor:

  • one of its payload download locations lacks SSL (using plain HTTP, instead of the more secure HTTPS), allowing for Machine-in-the-middle (MITM) attacks
  • remote server certificate validation was not implemented correctly even when the other two HTTPS download locations were used, which allows for MITM attacks
  • one of its payload download locations is a local network-attacked storage device (NAS), which could allow a threat actor to spoof the location of the NAS to install their own malware
  • the Gigabyte firmware itself does not verify any cryptographic signatures, or validates the downloaded executables.

In short – millions of Gigabyte motherboards have a cybersecurity vulnerability, due to their firmware which includes an insecure / vulnerable OEM backdoor. As John Loucaides from Eclypsium put it:

If you have one of these machines, you have to worry about the fact that it’s basically grabbing something from the Internet and running it without you being involved, and hasn’t done any of this securely.

The concept of going underneath the end user and taking over their machine doesn’t sit well with most people.

Note : This vulnerability affects all computers using Gigabyte motherboards, including laptops.

 

Gigabyte Rolls Out New Firmware To Mitigate Backdoor!

After the news blew up inconveniently during Computex 2023, Gigabyte quickly rolled out new beta firmware upgrades for its AMD and Intel motherboards.

According to Gigabyte, the new beta firmware upgrades have “improved security mechanisms” that will “detect and prevent malicious activities during the boot process“. It also appeared to have implemented other changes:

  • enhanced the signature verification process for fils downloaded from its remote servers
  • conduct more thorough checks of file integrity to prevent the introduction of malicious code
  • enabled standard cryptographic verification of remote server certificates

The new firmware has just been released for AMD 600-series motherboards, as well as Intel 500- and 400-series motherboards, but will eventually be introduced for older motherboards. The new firmware will have the description, “Addresses Download Assistant Vulnerabilities Reported by Eclypsium Research“.

As Gigabyte does not intend to remove the backdoor feature, you might want to consider Eclypsium’s advice on how best to reduce the risk of malicious actors taking advantage:

  1. Scan and monitor systems and firmware updates in order to detect affected Gigabyte systems and the backdoor-like tools embedded in firmware. Update systems to the latest validated firmware and software in order to address security issues like this one.
  2. Inspect and disable the “APP Center Download & Install” feature in UEFI/BIOS Setup on Gigabyte systems and set a BIOS password to deter malicious changes.
  3. Administrators can also block the following URLs:
    – http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
    – https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
    – https://software-nas/Swhttp/LiveUpdate4

For starters, you should definitely download and update your Gigabyte motherboard or laptop with the improved firmware. Then disable APP Center Download & Install in the BIOS.

Let’s hope Gigabyte will be able to quickly issue new and improved firmware to mitigate, if not remove, the backdoor vulnerability for the affected 271 motherboard models, and its future motherboards and laptops. Even so, many users might not be aware of this vulnerability or these updates.

It seems likely that threat actors will have access to this backdoor vulnerability in many Gigabyte motherboards and laptops for years to come. Even Eclypsium’s Loucaides believes so:

I still think this will end up being a fairly pervasive problem on Gigabyte boards for years to come.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Computer | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can hackers use Good Morning greetings to hack you?!

Can hackers use Good Morning videos, pictures and messages to hack your devices, and steal your data?!

Find out what is happening, and what the FACTS really are!

Updated @ 2023-04-21 : Updated with a new 2023 version of the hoax
Originally posted @ 2022-11-01

 

Claim : Hackers Are Using Good Morning Messages To Hack You!

This post about Chinese hackers using Good Morning videos, pictures and messages to hack your devices, keeps going viral on social media and WhatsApp.

It’s a long message, so just skip to the next section for the facts!

Dear friends, please delete all welcome photos and videos in Good Morning format and the like. Read below the article to the end, which will be clear why I ask about it. From now on I will only send personally prepared greetings.

Read all! Please send this message urgently to as many friends as possible to prevent illegal intrusion.
Warning from Olga Nikolaevnas lawyer:

Recommended : Can Approve New Participant block WhatsApp hackers?!

 

Truth : Good Morning Greetings Not Being Used To Hack You!

Many of us get spammed with Good Morning or Good Night messages every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really do NOT allow hackers to hack your devices.

Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News –  does not exist!

Fact #2 : Good Morning Greetings Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these Good Morning pictures and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Recommended : Scam Alert : Watch Out For Telegram Phishing Attack!

Fact #3 : No Fraud Involving Good Morning Messages

There has been no known fraud involving Good Morning or even Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Recommended : How To Block Facebook Ads + Pay Scammers!

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

MSI Hit By $4 Million Ransomware Attack + Data Theft!

MSI just got hit by a massive ransomware attack, but even worse – it lost a ton of critical data to the hackers!

 

MSI Hit By Ransomware Attack + Data Theft!

On 7 April 2023, MSI (Micro-Star International) was hit by a ransomware attack, in which the hackers allegedly exfiltrated 1.5 terabytes of source codes, BIOS firmware, private keys and other data from its servers.

In its terse regulatory filing with the Taiwan Stock Exchange (TWSE), MSI admitted that it was hacked, but did not detail the circumstances or nature of the attack.

After detecting some information systems being attacked by hackers,MSI’s IT department has initiated information security defense mechanism and recovery procedures. The Company also has been reported the anomaly to the relevant government authorities.

MSI claimed that the attack had “[no] significant impact our business in terms of financial and operational currently“, but said that it was “enhancing the information security control measures of its network and infrastructure to ensure data security.

In a public statement, MSI also urged users to only obtain firmware / BIOS updates from its official website, and refrain from using other sources.

Read more : MSI Users At Risk Of Rogue BIOS / Firmware Updates!

 

Hackers Demand $4 Million From MSI To Not Release Stolen Data

The MSI ransomware attack and data theft appear to be committed by the Money Message ransomware gang.

While MSI has apparently restored files encrypted by Money Message’s ransomware, the gang now has access to about 1.5 terabytes of critical MSI data.

According to BleepingComputer, chats between Money Message and an MSI representative show the gang demanding a ransom payment of $4 million. Otherwise, Money Message will release the stolen files.

To show that they did indeed steal those MSI files, Money Message posted screenshots of what they describe was MSI’s Enterprise Resource Planning (ERP) databases and files containing software source code, private keys, and BIOS firmware.

Recommended : Can Approve New Participant block WhatsApp hackers?!

If Money Message releases MSI confidential data, it may not just be embarrassing for the Taiwanese company, it could allow other threat actors to use the source code and private keys to create malware targeting their customers.

In light of that, MSI users should only download and install software or BIOS firmware from the official MSI website.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Approve New Participant block WhatsApp hackers?!

Can the new Approve New Participant feature in WhatsApp block hackers?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Turn On WhatsApp Approve New Participant To Block Hackers!

WhatsApp started introducing a new feature called Approve New Participant, on 11 March 2023.

This new feature was only available to WhatsApp Group administrators, and went pretty much unnoticed by most WhatsApp users, until this claim went viral on WhatsApp and social media platforms:

CYBER SECURITY ALERT
Announcement

Let’s look sharp all admins*
WhatsApp has added a new security feature to prevent hackers from joining Groups.
I Hope Admins will take advantage of this feature.

*Admins* should go to group settings and
‘TURN ON’ Approve New Participant.

This will prevent unauthorized access for hackers.

WHATSAPP ADMINS ALERT!!!

That WhatsApp cybersecurity alert was unsigned, so we have no idea who created it. But once it went viral, WhatsApp users started asking their group administrator to turn it on to block hackers.

But does the new Approve New Participant feature really block hackers from attacking WhatsApp groups?

Recommended : Scam Alert : Watch Out For Telegram Phishing Attack!

 

Truth : WhatsApp Approve New Participant Does Not Block Hackers!

This is yet another example of FAKE NEWS circulating on WhatsApp, and social media platforms like Facebook and Twitter, and here are the reasons why…

Fact #1 : Approve New Participant Is Not A Cybersecurity Feature

First, let me just point out that Approve New Participant is not a cybersecurity feature. WhatsApp introduced the this feature to help group administrators “grow, moderate, and protect their groups“.

The Approve New Participants setting empowers admins to help grow, moderate, and protect their groups. Turning on the setting in Group Settings requires the admin to review every request to join the group before a participant is allowed to join. This feature enhances privacy and security for all participants in the group.

This feature is designed to protect private groups by preventing people from simply joining them using an invite link.

This is a major security concern for private groups, as it exposes the group chats to people who may not be authorised to view them. However, this is not a concern for open groups, as they are open to one and all.

Fact #2 : Approve New Participant Cannot Block Hackers

When a group turns on Approve New Participant, admin approval is required to join a group. People who attempt to join the group will see a Request to join button, with the message “An admin must approve your request”.

After clicking on Request to join, those who wish to join the group are allowed to share their Reason for the request, or Cancel Request.

Once the group administrators get the request, they can either approve or reject the request. Group administrators can also start a chat with the person to request more information.

All that is great for vetting people who want to join an exclusive WhatsApp group, but this new feature does not block hackers, as the group administrator will not know who is, or is not a hacker. It’s not like those WhatsApp accounts have a “hacker” or “not a hacker” label!

Hackers can use social engineering techniques to trick the group administrators into approving their requests, or they can simply use phishing attacks to take over the WhatsApp accounts of existing group participants!

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Fact #3 : Approve New Participant Is Disabled By Default

Cybersecurity features that are designed to block hackers will always be enabled by default – why would they be optional?

Yet, the new Approve New Participant feature is OPTIONAL in WhatsApp, and is DISABLED by default. That is because this is not a cybersecurity feature designed to block hackers.

Many WhatsApp groups are open for anyone to join, and turning on Approve New Participant would be pointless as group administrators would not know the identity of the people joining their groups.

This is why it is up to the WhatsApp group administrators to determine if it is suitable for them to use the new Approve New Participant feature, or not.

Private groups will want to turn this on, to vet people who request to join. But open groups will want this feature disabled, or their administrators will be overwhelmed with joining requests.

Fact #4 : Group Participants Can Always Be Removed

Here’s another reason why blocking new participants joining automatically does not block hackers – group participants can always be removed.

Let’s say a hacker, or an unauthorised person, gains access to your WhatsApp group. It doesn’t mean he/she can stay in your group forever. Any group administrator can remove that person.

This new feature only helps group administrators pre-vet people who want to join their group, instead of kicking them out after they have already joined.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : Watch Out For Telegram Phishing Attack!

Watch out for the phishing attack that will allow scammers to take over your Telegram account!

 

Scam Alert : Watch Out For Telegram Phishing Attack!

Scammers are now targeting Telegram users with a phishing attack that is designed to trick them into giving up their accounts! The Telegram phishing attack works like this:

Step 1 : The scammer gains control of your friend’s Telegram account, and sends this message to you:

Dear Telegram users. The system detects that this account is abnormal and has potential security risks.

To ensure that you can log in to your account normally, you need to invite friends for auxiliary verification  

The risk control account has not been verified. The system will cancel the account after 24 hours! 

Personal Information Authentication:[link removed]

Step 2 : The scammer, masquerading as your friend, asks you to help him/her verify his/her Telegram account by clicking on the link.

There are security risks in my account, and I need friends to help me verify it. Please click on the official link to help me verify it and follow the prompts. thank you

Step 3 : If you click on the [removed] link to help your friend, you will be taken to a website that looks like an official Telegram website. DO NOT DO THIS.

Step 4 : You will be asked to log into your Telegram account on the fake website. DO NOT DO THIS.

Step 5 : The fake Telegram website will ask you to key in your Login code, or take and upload a screenshot of your Telegram. DO NOT DO THIS.

Step 6 : If you continue, the scammer will be able to take over your Telegram account, and use it to scam your friends by asking them for money, etc.

The scammer will also have access to your Telegram chats, and all associated media including photos and videos, which could potentially be leaked or used to extort you or other people.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

 

How To Protect Against Telegram Phishing Attack

A phishing (pronounced as fishing) attack is a social engineering attack, that uses your trust for an institution (like a bank), authority (Telegram), or someone you know, to give up your login details.

Here are some ways you can protect yourself against any phishing attack on Telegram, or other platforms.

Verify Identity Before Trusting

Many people fall for phishing attacks because it is human nature to trust your friends and to help them. However, on instant messaging apps, you don’t actually know if it’s really your friend on the other end!

So if a friend messages you on Telegram, WhatsApp, Facebook, Twitter, Instagram, etc to ask for help, ALWAYS verify their identity before proceeding.

If possible, call or message your friend on the phone, or via a different platform (use WhatsApp if the request came on Telegram, for example).

But if you are unable to call your friend, try asking the other person something that only your real friend would know:

  • Do NOT ask questions like “Are you really Sarah??
  • Do NOT ask questions that can be answered by reading previous chat messages.
  • Ask something that only you and your friend would know, like “Hey Sarah, what was that restaurant we went to last week?
  • Ask a fake question that your friend would readily know is not true, like “Hey Sarah, are you coming over tonight?

If the other person cannot answer or gives you the wrong answer, he/she is not your friend, and that account has likely been taken over by a scammer.

Recommended : How To Block Facebook Ads + Pay Scammers!

Look At The Link

Whenever you see a link being shared, always check if it leads to a legitimate website, or attempts to masquerade as a real website, by substituting characters in the link.

This Telegram phishing attack, for example, uses a link to telegram.0rg.ee. The real Telegram domain name is telegram.org. This is called domain spoofing.

If you see an attempt to impersonate a legitimate website by using a similar-looking domain name, do NOT click on it.

Never Login Via A Link

It is common for people to share links on Telegram, and in Telegram groups. Heck, we share links to our article in the Tech ARP Telegram group!

Clicking on links in Telegram, WhatsApp, emails, etc. is not dangerous, because most lead to legitimate websites that do NOT require you to log in.

What is dangerous is logging into any website through a link. I cannot hammer this enough – NEVER LOG INTO ANY WEBSITE through a link!

Phishing attacks work by tricking you into going into a fake website that looks like the real website. But you still have to log into the fake website to give the scammers your login details.

If you click on a link, and you are asked to login – this is likely a phishing attack. But don’t worry – as long as you refuse to log into any website after clicking on a link, the phishing attack fails.

Turn On Two-Step Verification

All banking platforms, and many mobile apps now offer two-step verification to prevent scammers from taking over user accounts. However, this is often an optional feature that you must manually enable.

Telegram has a two-step verification feature, which prevents scammers and hackers from hijacking your account by requiring a secret password that only you will know.

Please follow our guide on how to turn on Two-Step Verification in Telegram.

Just make sure you do NOT give that password out to anyone, or key it into any website!

Read more : How To Turn On Two-Step Verification In Telegram!

Warn Your Family + Friends!

It is important to publicise phishing attacks, whenever they happen. If people are alerted, they are less likely to fall for such attacks.

However, scammers and hackers can quickly change the way their phishing attack works, so it is important that people understand how phishing attacks work in general.

You can help prevent phishing attacks by sharing this articles, and other cybersecurity warnings, with your family and friends.

Please help us FIGHT SCAMMERS by sharing this cybersecurity article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Pinduoduo App Contains Persistent Spy Malware!

One of China’s most popular apps – Pinduoduo apparently contains a malware that monitors user activities and is difficult to remove!

Take a look at what CNN and multiple cybersecurity researchers have discovered about Pinduoduo!

 

Pinduoduo : What Is It?

Pinduoduo is actually a Chinese online retailer. Think of it as China’s Amazon. While Amazon started as an online bookstore, Pinduoduo started as an online agricultural retailer.

Since then, Pinduoduo has become one of China’s most popular online shopping platform, with its app offering its 750 million users access to cheap products in China, by offering steep discounts on group buying orders.

Despite its meteoric rise, Pinduoduo has not been without its controversies. In 2018, the company was criticised for hosting inferior and imitation products, to which it responded by taking down more than 4 million listing and shutting down 1,128 stores.

In 2019, Pinduoduo was hit by hackers who stole discount coupons worth tens of millions of Yuan. And just last month, Google suspended the Pinduoduo app after discovering that versions offered outside its Play Store contained malware.

The Off-Play versions of the e-commerce app that have been found to contain malware have been enforced on via Google Play Protect.

Read more : How To Block Facebook Ads + Pay Scammers!

 

Pinduoduo App Contains Persistent Spy Malware!

Western interest may have been initiated by Google suspending the Pinduoduo app, but cybersecurity experts had already started looking into the app, and what they discovered was very troubling.

Alert First Raised By Chinese Cybersecurity Company

I think we should start by noting that it was a Chinese cybersecurity company called Dark Navy that first raised concerns about malware in the Pinduoduo app in February 2023.

Although Dark Navy did not name Pinduoduo in its report, cybersecurity researchers knew who it was referring to and soon followed up with their own investigations and reports, confirming Dark Navy’s report.

Sophisticated Malware

Half a dozen cybersecurity teams from Asia, Europe and the United States identified sophisticated malware in the Pinduoduo app that were designed to exploit vulnerabilities in the Android operating system used by many smartphones.

The malware allows the Pinduoduo app to bypass Android security features to monitor activities in other apps, check notifications, read private messages, and even change settings. It is also difficult to remove once installed.

Mikko Hyppönen, chief research officer at WithSecure, a Finnish cybersecurity firm, said that:

We haven’t seen a mainstream app like this trying to escalate their privileges to gain access to things that they’re not supposed to gain access to. This is highly unusual, and it is pretty damning for Pinduoduo.

Read more : Can SIM Swap empty bank accounts without warning?!

Dedicated Hacking Team To Look For Vulnerabilities

Even more damning, CNN reported that a current employee revealed that Pinduoduo set up a team of about 100 engineers and product managers to look for vulnerabilities in Android smartphones, and find ways to exploit them for profit.

To avoid exposure, the source said that the company targeted users in rural areas and smaller towns, and avoided users in megacities like Beijing and Shanghai.

By collecting expansive data on those users, Pinduoduo was able to create a comprehensive portrait of their habits, interests, and preferences; while improving its machine learning models to personalise push notifications and ads.

Pinduoduo App Gained More Access Than Allowed

Three cybersecurity companies – WithSecure, Check Point Research, and Oversecured conducted independent analysis of version 6.49.0 of the Pinduoduo app that was released in late February 2023, and found code designed to achieve “privilege escalation” – a type of cyberattack that exploits vulnerabilities in the operating system to gain a higher level of access to data that it’s supposed to have.

Our team has reverse engineered that code and we can confirm that it tries to escalate rights, tries to gain access to things normal apps wouldn’t be able to do on Android phones.

The Pinduoduo app was able to continue running in the background, and prevent itself from being uninstalled. This was apparently done to boost the platform’s statistic for monthly active users.

Pinduoduo App Has Access To User Data Without Consent

Delware-based app security start-up, Oversecured, found that the Pinduoduo app had access to user data like locations, contacts, calendars, notifications, and photo albums, without their consent.

The app was also able to change system settings, and access user social media accounts and chats.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Pinduoduo App Also Snooped On Other Apps

The Pinduoduo app also had the ability to snoop on competing shopping apps, by tracking activity on other shopping apps, and gathering information from them.

Pinduoduo App Able To Secretly Receive Updates

Check Point Research found that Pinduoduo was able to push updates to the app, without first going through an app store review process to detect malicious code.

Pinduoduo App Programmers Attempted To Obscure Malicious Code

Check Point Research also found that some plug-ins used by the Pinduoduo app tried to obscure potentially malicious code by hiding them under legitimate file names, such as Google’s.

Such a technique is widely used by malware developers that inject malicious code into applications that have legitimate functionality.

Pinduoduo Targeted Android Devices

According to Sergey Toshin, founder of Oversecured, Pinduoduo’s malware specifically targeted Android operating systems used by Samsung, HUAWEI, Xiaomi and OPPO.

He also described the app as “the most dangerous malware” ever found in mainstream apps, exploiting about 50 Android system vulnerabilities. Most of these exploits targeted customised OEM code used by smartphone brands to customise their smartphone software.

I’ve never seen anything like this before. It’s like, super expansive.

Recommended : Chinese Netizens Explode Over WPS Office Censorship!

Pinduoduo Removed Exploit + Canned Hacking Team

After cybersecurity researchers started reporting about the app, Pinduoduo released version 6.50.0 on March 5, which removed the exploits they found. Two days later, Pinduoduo disbanded its Android hacking team, according to the same employee.

The hacking team members found themselves locked out of Pinduoduo’s workspace communication app, called Knock, and lost access to files on the company’s internal network, with their privileges revoked.

Most of the team was later transferred to work at Pinduoduo’s sister app, Temu. A core group of about 20 cybersecurity engineers however remain at Pinduoduo.

In addition, Sergey Toshin of Oversecured noted that while the exploits were removed in the new version of Pinduoduo, the underlying code remained and could be reactivated to carry out attacks.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Block Facebook Ads + Pay Scammers!

Many Facebook users are getting hit by the Facebook Ads and Facebook Pay scams! Here is how you can prevent it from happening to you!

 

Facebook Ads + Pay Scam Hits Many Bank Customers!

Many bank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved. Some have also stated that their credit or debit cards were used to purchase goods and services using Facebook Pay.

Stephanie WongI found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately. They helped me to cancel the card but then the thing happened again this morning.

@ruffleseedI heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS. @MyMaybank has yet to answer us re: this intrusion.

@ItsNeoah : Banyak kali kena kat credit card ambank. Alhamdulilah call ambank dia mintak isi dispute form then tgok next cycle bil dah takde. Letih ngan scammer ni.

Translation : [My] Ambank credit card got hit many times. Alhamdulillah, after calling Ambank, they asked me to fill out a dispute form, then when I checked the next bill cycle [the charges] was removed. Tired of this scammer.

[/su_note]

Read more : Facebook Ads Scam Hits Many Maybank Customers!

 

How To Block Facebook Ads + Pay Scammers!

Here are some ways to prevent getting hit by the Facebook Ads scam, whether you are a bank customer in Malaysia or other countries.

Do NOT Use Debit Cards

First, you should NEVER use a debit card if you can help it. You should certainly not use a debit card online, or register it on any online or mobile payment platform, whether it’s for Apple Pay, Google Pay, or Facebook Pay.

It doesn’t matter if Bill Gates or Elon Musk or BTS endorses debit cards. DO NOT USE DEBIT CARDS!

You should certainly never use your debit card to fund Facebook advertisements. Always use a credit card, which offers you some protection against such fraudulent transactions.

Disable Your ATM Card’s Debit Card Function

Even if you have never requested for a debit card, you likely already own one – your ATM card likely doubles as a debit card! Banks have been forcing customers to take on debit cards, often by making ATM cards double as debit cards.

If possible, ask your bank to disable debit card function in your ATM card. But it is likely that they will refuse to do so – they make money from debit card transactions after all!

If your bank refuses to disable the debit card function in your ATM card, you can ask them to set the limit to ZERO. That will effectively block scammers from accessing your bank account!

Monitor Your Credit Card Transactions

Using a credit card to purchase products and services on online and mobile payment platforms offers you some protection against fraud, but you must always monitor the transactions and report any fraudulent transactions right away.

Depending on the country and card network, you usually have about 60 days to dispute credit card charges. So don’t wait. Report them as soon as you spot them! This will reduce the loss and reports you make, and speeds up the refund process.

Recommended : Maybank FB Ads Scam : How To Recover Your Money?!

Remove Your Credit Cards ASAP

If you register your credit cards for use with Facebook Ads or Facebook Pay, try to REMOVE them as soon as you are done.

Do NOT leave them registered to your Facebook Ads or Facebook Pay account, as a scammer or hacker who gains access to your Facebook account can make fraudulent purchases or run fraudulent advertisements using those credit cards without additional verification.

That appears to be the modus operandi of the Facebook Ads scam that has affected so many Maybank customers in recent weeks.

But if you have never registered your credit or debit cards with Facebook, or removed them after using, even if scammers hacked into your Facebook account or gained access through phishing attacks, they won’t be able to use your credit or debit cards!

Enable PIN For Facebook Pay

If you are using Facebook Pay, a scammer who gains access to your Facebook account could potentially use the debit or credit cards you registered earlier to make fraudulent transactions.

To prevent that, you should enable PIN confirmation for Facebook Pay:

  1. Go to Settings in the Facebook website (not app).
  2. Go to Account Settings, and select Orders and payments.
  3. In the Orders and payments page, select Settings.
  4. In the Security section, select Require PIN Confirmation.
  5. You will be asked to enter a 4-digit number as your PIN.
  6. Key in the 4-digit number again to confirm your PIN.

After that, you will be required to key in the 4-digit PIN whenever you make a payment, or change your bank account details, or connect your payment info with other Meta apps.

Recommended : Can Greeting Photos + Videos Hack Your Phone?!

Turn On Two-Factor Authentication

To make it harder for scammers / hackers to gain access to your Facebook account, turn on two-factor authentication:

  1. Go to your Security and Login Settings.
  2. Scroll down to Use two-factor authentication and click Edit.
  3. Choose the security method you want to add and follow the on-screen instructions.
When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:
Once you’ve turned on two-factor authentication, you can get 10 recovery login codes to use when you’re unable to use your phone.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Maybank FB Ads Scam : How To Recover Your Money?!

If you are one of the many Maybank (MBB) customers who got hit by the Facebook Ads scam, here is how you can recover your money!

 

Facebook Ads Scam Hits Many Maybank Customers!

Many Maybank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved.

Stephanie Wong : I think i am a very cautious person as I did not link my card to any platform or make purchase through any unsafe website at ALL, but it still happens to me.

I found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately.

They helped me to cancel the card but then the thing happened again this morning.

@ruffleseedI heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS.

@MyMaybank has yet to answer us re: this intrusion.

Read more : Facebook Ads Scam Hits Many Maybank Customers!

 

Maybank FB Ads Scam : How To Recover Money?!

Generally, you should NEVER use a debit card because it does not offer the protection a credit card does – money is withdrawn directly from your bank account, and the bank is not legally obliged to refund any money lost through scams.

However, Hafizah Ayko who was once a victim shared her experience on how she managed to recover money, even though the scammers used her debit card to run those fake Facebook advertisements.

To help you recover any money you may have lost to Facebook Ads scammers, I translated and “improved” her instructions for you:

Disable Your Debit / Credit Card

First, you need to quickly disable your debit or credit card. You can call up the bank, or in Maybank’s case:

Step 1 : Log into your Maybank2U account.

Step 2 : Go to Cards, and select Manage My Debit Card.

Step 3 : Select Debit Card – Replace, Renew, Activate & Block.

Step 4 : Select Block Debit Card. You will need to get a replacement card from any Maybank branch later.

If you feel that the above steps are too complicated, an alternative method would be to immediately transfer your money to another bank account, if you have one.

But please DO NOT transfer your money to another person’s account. Only transfer your money to another bank account that you own.

NEVER EVER transfer your money to a third party, especially they claim to be police officers or bank officers trying to help you. That is a scam!

Police departments and banks do NOT have special bank accounts to hold and protect your money during scams. And legitimate police and bank officers are NOT authorised to receive money, and will NEVER ask you to transfer money to their bank accounts.

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Disable Facebook Ads

Next, you need to immediately disable all advertisements that the scammer has set up using your Facebook account. The longer they continue to run, the more you are being charged for them!

Step 1 : Go to your Facebook account, and select See all.

Step 2 : Select Ads Manager.

Step 3 : You should see a bunch of fraudulent advertisements running. Turn all of them off.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Ask Facebook For Refund

After turning off the fraudulent advertisements, you need to report them, and ask Facebook for a refund.

Step 1 : Go to Ad account settings, and select Report a problem at the lower right corner.

Step 2 : Select Ad Policy or Fraud. Then select Fraudulent Activity.

Step 3 : Explain your situation the best you can, and upload any screenshots you have, and send the report.

After that, Facebook should respond that they would issue a refund for the fraudulent transactions in 3-5 business days!

Alternatively, you can submit report unauthorised or unknown charges to Facebook using this online form.

Recommended : Can SIM Swap empty bank accounts without warning?!

Ask Your Bank For A Refund

You should also report the fraudulent transactions to your bank and request for a refund. This works for credit cards, but you should nevertheless give it a try even if the scammers hit your debit card.

Step 1 : Download the Maybank Dispute Form.

Step 2 : Print or directly fill in the information into the PDF form.

Step 3 : Email the form to disputemgmt@maybank.com.my, together with any relevant screenshots, within 20 days from the closing date of the billing period.

Again, banks are not obliged to refund fraudulent charges to debit cards, as the money is withdrawn directly from your bank account. But there is no harm trying.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Facebook Ads Scam Hits Many Maybank Customers!

Many Maybank (MBB) customers are getting hit by the Facebook Ads scam!

Find out what’s going on, and what you can do to avoid this Facebook Ads scam!

 

Facebook Ads Scam Hits Many Maybank Customers!

Many Maybank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved.

Stephanie Wong : I think i am a very cautious person as I did not link my card to any platform or make purchase through any unsafe website at ALL, but it still happens to me.

I found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately.

They helped me to cancel the card but then the thing happened again this morning.

@ruffleseedI heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS.

@MyMaybank has yet to answer us re: this intrusion.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Fahim Fahmi : Begitu saja duit kena curi 😢

Translation : That’s how [my] money got stolen 😢

Danish Ihsan : Aku dah kena jugak, satu hari 2 transaction.. nasib sedaq awai, habis rm800.. kalau tak lagi banyak.. maybank dah tak selamat, tadi kat bank pun ada akak kena jugak transfer to others acc beribu2 jugak lah,. Solusi, jangan guna maybank buat masa sekarang..

Translation : I got with with 2 transactions in one day.. luckily, I realised early, but lost rm800.. if not it would have been more.. maybank is not safe, just now at the bank a lady transferred thousands [of ringgit] to other people’s account. Solution, don’t use Maybank for now..

Recommended : Watch Out For TNG eWallet SMS Phishing Scam!

 

Analysis : Facebook Ads Scam May Not Be Related To Maybank

Many of those customers are angry with Maybank over these fraudulent charges to their debit cards, which meant the money was directly withdrawn from their bank accounts.

However, on closer analysis, the scammers may not necessarily be taking advantage of leaked Maybank debit card information, or hacked Maybank itself…

Fact #1 : Other Bank Customers Are Affected Too

While most recent Facebook Ads scam cases appear to be affecting Maybank customers, other bank customers are reporting that they took were charged for those fraudulent advertisements.

@eeshepeeka : nohh laki cek pun kena last week tp kat CIMB. ada few transaction for 2 days nasib dia tolak sikit2. sekali deduct RM12+ sehari 3x ja. deduction description pun sama sebiji cam dlm gambaq tu. haiyaa

Translation : Well, my husband also got [scammed] last week but at CIMB. there were a few transactions for 2 days, but luckily [the scammer] deducted only small amounts. each time deducting RM12+ a day for 3 times. The deduction description is the same as the one in the picture. haiyaa

@ItsNeoah : Banyak kali kena kat credit card ambank. Alhamdulilah call ambank dia mintak isi dispute form then tgok next cycle bil dah takde. Letih ngan scammer ni.

Translation : [My] Ambank credit card got hit many times. Alhamdulillah, after calling Ambank, they asked me to fill out a dispute form, then when I checked the next bill cycle [the charges] was removed. Tired of this scammer.

Recommended : Can SIM Swap empty bank accounts without warning?!

Fact #2 : Most Of Them Ran Facebook Ads In The Past

In addition to analysing their stories, I also spoke to someone who knows several Maybank customers who got hit by the scam. From what I can ascertain, most of them ran Facebook Ads in the past.

Stephanie Wong : 3.) Did not run any ads recently, but few years ago

@wnn_tasha : I last pakai FB ad guna akaun ni tahun 2018. Silap tak remove payment method tu.

Translation : I last used FB ad using this account in 2018. My mistake for not removing the payment method.

They said that they paid for Facebook page a few years ago to boost their audience.

That said, at least two Maybank customers said that they have never registered any debit or credit card with Facebook:

Fahim Fahmi : Tak pernah ada link kad dengan FB atau social media yang lain

Translation : [I] never linked [any] card with FB or other social media

@ruffleseed : I have never set up payment methods on Facebook nor have I ever used Facebook ads.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Fact #3 : Scammer Likely Got Access To Those Facebook Accounts

What is interesting is that most of those who were affected by this Facebook Ads scam reported that their Facebook accounts were used to create and run those ads.

If their debit or credit cards were merely stolen, the scammers could have created a new Facebook account to use those stolen cards to run Facebook ads.

Fortunately, one of the victims “caught” the scammer logging into her account from the United States. This clearly shows that the Facebook Ads scam requires the scammer to gain access to their Facebook accounts.

It is likely that the scammers gained access to their victims’ Facebook accounts using phishing attacks, and simply used the debit or credit cards that those victims earlier registered with Facebook to run advertisements in the past.

Fact #4 : Facebook Auto-Fill Is Not The Problem

After these cases went viral, people blamed the Auto-Fill feature in Facebook, and shared videos and photos on how to disable it.

The truth is – this Facebook Ads scam very likely has nothing to do with Auto-Fill, which is a feature used in many other services and platforms.

Auto-Fill only makes it easier to fill in your debit or credit card details. It does not bypass any verification that is required to make a payment.

Read more : Must You Disable Facebook Auto-Fill To Block Scams?!

Fact #5 : You Can Recover Your Money!

Now, this is important – you need to move fast to cut your losses, and recover the money. You can also improve your Facebook account security to prevent it from happening again.

For more details, please read our guide – Maybank FB Ads Scam : How To Recover Money?!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Must You Disable Facebook Auto-Fill To Block Scams?!

Must you immediately disable Auto-Fill in Facebook to block scams?!

Here is what you need to know about Facebook Auto-Fill, and getting scammed on Facebook!

 

Claim : Facebook Auto-Fill Opens You To Scams!

People are sharing warnings about Facebook Auto-Fill, together with instructions on how to disable it to block Facebook Ads scams.

Guys check ur Facebook
And make sure these are OFF
this week a lot of MBB customers kena scam

1. Please check your bank account.
2. Please disable ‘auto-fill’ option in Facebook…

Recommended : Facebook Ads Scam Hits Many Maybank Customers!

 

Truth : Facebook Auto-Fill Does Not Open You To Scams

There appears to be a spate of scams involving Facebook Ads and Maybank users, but it does not appear to be related to the Facebook Auto-Fill feature, and here are the reasons why…

Fact #1 : Facebook Introduced Auto-Fill In 2013

Facebook started introducing Auto-Fill sometime in September 2013, and gradually rolled it out globally over the years, so this is not a new feature.

Fact #2 : Many App Use Auto-Fill

Facebook isn’t the only app or platform to use Auto-Fill. Many services and platforms use Auto-Fill to make it easier to fill up forms and make payments.

The Auto-Fill feature is used in most, if not all, e-commerce / online shopping / online payment platforms, to expedite payments. The idea is that if they make it easier it is for you to pay, you will tend to buy more!

Many apps and services also use Auto-Fill to help you fill onerous forms with common details like your full name, email address, address and telephone number.

Fact #3 : Facebook Does Not Automatically Have Your Details

Facebook enables Auto-Fill by default for forms and payment, but that does not mean it has access to your debit or credit cards, or even your personal details. You need to manually key in your Contact Info and/or Payment Info for Facebook Auto-Fill to work.

If you have never given Facebook your credit card details, there is no way for its Auto-Fill to automatically fill in the credit card details for any transaction. Even if a scammer gains access to your Facebook account, he/she cannot use Auto-Fill because you never keyed in your debit or credit card details in the first place!

I did a quick check on two cases involving Maybank that came up recently (first example) (second example), and noticed that both parties who reported that they got fraudulently charged for Facebook Ads never registered their credit card with Facebook at all!

So whatever may be going on, it does not appear to be a Facebook Auto-Fill issue. But just in case you are worried, here are the latest steps on how to disable Auto-Fill on the Facebook mobile app.

  1. Tap on your icon at the upper right corner of the Facebook app to access the Menu.
  2. Scroll down the Menu until you see the Settings & privacy group.
  3. Tap on Settings.
  4. Scroll down the Settings & privacy page, and tap on Browser.
  5. Scroll down the Browser settings page to the Auto-fill section.
  6. You can tap on the Contact info and Payment info to check what information you shared with Facebook.
  7. To disable Auto-fill for contact information, unselect Auto-fill contact forms.
  8. To disable Auto-fill for payment, unselect Auto-fill payment forms.

Recommended : Can SIM Swap empty bank accounts without warning?!

Fact #4 : Auto-Fill Cannot Bypass TAC Verification

Even if you registered your credit card details with Facebook, and then use Auto-Fill to make a purchase, you will still need to authenticate that purchase.

Of course, it is possible to conduct a SIM swap attack, but that’s a different story altogether…

Fact #5 : Existing Facebook Ads Account Is A Risk

Those who have earlier registered a Facebook Ads account and ran advertisements may be at risk, because their credit cards would already be linked to their Facebook Ads account.

A scammer who gains access to their account (usually through phishing attacks) can easily create and run advertisements using their existing Facebook Ads account using the credit cards that have already been registered and approved earlier.

To minimise your risk, never ever use a debit card! Always use a CREDIT CARD, and always keep an eye on the transactions. Report to the bank once you see a fraudulent transaction.

But this has nothing to do with the Facebook Auto-Fill feature, and is not a concern if you never pre-approved your debit or credit cards with a Facebook Ads account.

Fact #5 : Existing Facebook Pay Account Is A Risk

Similarly, if you are using Facebook Pay, a scammer who gains access to your Facebook account could potentially use the debit or credit cards you registered earlier to make fraudulent transactions.

Again, you should NEVER use a debit card with Facebook Pay. Use a credit card, and always keep an eye on the transactions, and report to the bank once you see something fishy.

On top of that, you should enable PIN confirmation for Facebook Pay:

  1. Go to Settings in the Facebook website (not app).
  2. Go to Account Settings, and select Orders and payments.
  3. In the Orders and payments page, select Settings.
  4. In the Security section, select Require PIN Confirmation.
  5. You will be asked to enter a 4-digit number as your PIN.
  6. Key in the 4-digit number again to confirm your PIN.

After that, you will be required to key in the 4-digit PIN whenever you make a payment, or change your bank account details, or connect your payment info with other Meta apps.

Recommended : Maybank FB Ads Scam : How To Recover Money?!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Why Leaked Data Did Not Show Pfizer Vaccine Would Kill!

Did leaked data show that Pfizer knew that its COVID-19 vaccine would kill people who took it?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Leaked Data Show Pfizer Knew Vaccine Would Kill!

People have been sharing a photo of The Irish Light newspaper, which claims that leaked data showed that Pfizer knew that its COVID-19 vaccine would kill people who took it!

It’s a long article, so feel free to skip to the next section for the facts!

Pfizer knew their vaccine would kill

Leaked data shows shocking number of fatalities and side effects now officially associated with covid shots

Recommended : Died Suddenly Movie : More Vaccine Lies Exposed!

 

Truth : Leaked Data Did Not Show Pfizer Vaccine Is Dangerous!

This is yet another example of FAKE NEWS created and propagated by anti-vaccination activists, and here are the reasons why!

Fact #1 : The Irish Light Is An Anti-Vaccination Newspaper

While many anti-vaccination activists are promoting the article as coming from an Irish newspaper, The Irish Light is a self-printed newspaper that was launched in August 2021 by two former journalists turned COVID conspiracy theorists – Gemma O’Doherty and John Waters.

Gemma O’Doherty previously worked for the Irish Independent newspaper, while John Waters used to work for The Irish Times.

Unlike regular newspapers which delivers news content, The Irish Light focuses on questioning the effectiveness of vaccines, the COVID pandemic, and other far-right ideas.

Fact #2 : EMA Cyberattack Occurred In January 2021

The Irish Light published their article called “Pfizer knew their vaccine would kill” in April 2022, as part of their 10th issue.

However, the cyber attack on the European Medicines Agency (EMA) it referred to occurred more than a year ago – in January 2021.

Fact #3 : EMA-Pfizer Data Was Leaked To Journalists + Dark Web

More than 40 MB of data was stolen in the EMA cyberattack and released on the dark web, and leaked to several journalists, including from The BMJ and academics worldwide.

The leaked data consisted of confidential documents on the Pfizer BNT162b2 vaccine candidate (later known as the Pfizer-BioNTech COMIRNATY COVID-19 vaccine), which included “internal / confidential email correspondence from November, relating to evaluation processes for COVID-19 vaccines“.

Recommended : Did Pfizer Vaccine Documents Reveal 1,291 Side Effects?!

Fact #4 : Leaked Documents Was About Quality Of Early Vaccine Batches

The BMJ reviewed the leaked documents, and found that they showed that regulators at the EMA had concerns about the quality of some early commercial batches of the Pfizer-BioNTech COVID-19 vaccine.

An email dated 23 November 2020 showed that a high-ranking EMA official complained that Pfizer was not producing its COVID-19 vaccines to the expected specifications.

Specifically, the level of intact mRNA dropped from about 78% in the clinical batches to 55% in the proposed commercial batches. Nothing in the leaked documents referred to safety issues, or side effects.

Fact #5 : Leaked EMA-Pfizer Data Was Tampered Before Release

On 15 January 2021, the European Medicines Agency (EMA) announced that their investigation showed that some of the leaked data was tampered by the hackers before being released.

Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines.

The BMJ was criticised for reviewing the leaked documents without first verifying their authenticity and accuracy.

EMA states that the information was partially doctored, and that the perpetrators selected and aggregated data from different users and added additional headings.

It is unclear to us why a respected journal chose to present unverifiable information, in the process damaging an institution that has worked for 25 years in a transparent and successful manner.

Recommended : Does Pfizer CEO aim to cut world population by 50%?

Fact #6 : Leaked Documents Showed EMA Regulation At Work

While anti-vaccination activists framed the leak as evidence of collusion between EMA and Pfizer, they actually show that EMA regulators were doing their jobs.

EMA did not cover up the quality issue, but filed two “major objections” with Pfizer, together with a host of other questions it wanted Pfizer to address.

On 25 November 2020, one of the leaked emails showed that Pfizer had already brought up the level of mRNA in their COVID-19 vaccine lots.

The latest lots indicate that % intact RNA are back at around 70-75%, which leaves us cautiously optimistic that additional data could address the issue.

Ultimately, the EMA authorised the vaccine on 21 December 2020, nothing that “the quality of this medicinal product, submitted in the emergency context of the current (covid-19) pandemic, is considered to be sufficiently consistent and acceptable.

Fact #7 : FDA Never Agreed To Withhold Pfizer Documents For 75 Years

The claim that the US FDA earlier agreed to withhold documents on the Pfizer vaccine for 75 years was debunked months earlier – in December 2021.

The US FDA never asked or agreed to withhold Pfizer COVID-19 vaccine documents for 75 years. That was merely the “interpretation” of Aaron Siri – the lawyer for PHMPT (Public Health and Medical Professionals for Transparency) – the group requesting the data that the FDA used to licence the Pfizer COVID-19 vaccine.

Read more : Did FDA Ask For 75 Years To Release Pfizer Vaccine Data?!

Fact #8 : Pfizer Documents Did Not Reveal Thousands Of Side Effects

The claim that the Pfizer COVID-19 vaccine documents revealed that it had thousands of side effects was debunked in March 2022.

The Pfizer document was publicly released on 17 November 2021, but it took antivaxxers more than 3 months to “discover” the list of 1,291 adverse events of special interest (AESI).

However, the AESI list was not a list of vaccine side effects. It was a list of “adverse events” that must be reported for further investigation.

It was also a generic list, which includes irrelevant adverse events like manufacturing and lab test issues, and even product availability and supply issues, as well as other diseases like MERS and chickenpox.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Don’t forget to protect yourself, and your family, by vaccinating against COVID-19!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | HealthTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Will Your Phone Get Hacked While You Vote In GE15?!

Will your phone get hacked while you are voting in GE15?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Your Phone Will Get Hacked While You Vote In GE15!

This warning has gone viral on WhatsApp and social media, claiming that your phone will get hacked while you are voting in GE15!

The post is long, so feel free to skip to the next section for the facts!

For first time voters, it might be tempting to bring your phone along with you to document and record your experience voting for the first time.

However, the Election Commission (EC) has announced that the use of mobile phones inside polling stations will not be allowed.

As such, you may use your phone to kill time while standing in line, but you’d have to surrender your phone once you collect your ballot paper.

Read more : New SPR Rules On Bringing + Using Phone On GE15!

 

Truth : Your Phone Won’t Get Hacked While You Vote In GE15!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media, and here are the reasons why…

Fact #1 : Phones Are Left On KTM Table In Individual Boxes

First, let us establish some basic facts about how phones are “surrendered” before voting in GE15:

  1. Each polling station (Saluran) will have two voting booths, allowing two voters to mark their ballots at the same time.
  2. The KTM (Ketua Tempat Mengundi – Head of Polling Station) will have two cardboard boxes – one for each phone.
  3. On the way to the voting booth, each voter will place his/her phone into one of the two cardboard boxes on the KTM’s table.
  4. After casting the ballots, the voter will retrieve his/her phone from the cardboard box.

The polling clerks and the head of the polling station (KTM) will NOT touch any phone. Voters must place and retrieve their phones by themselves.

Fact #2 : There Are Many Witnesses In Each Polling Station

Each polling station has at least one police officer, three polling clerks and a KTM (Head of the Polling Station), as well as two or more observers.

That’s seven or more people arranged along three sides of the room, which means the phones placed on the KTM’s table are visible to all of them. Any attempt by anyone but the voters to handle the phones would be instantly noticed.

Read more : New SPR Rules On Bringing + Using Phone On GE15!

Fact #3 : KTM Is Usually A Teacher Working In That School

In Malaysian elections, schools are generally used as voting centres, with classrooms converted into polling stations.

Usually, the Malaysia Election Commission (SPR) appoints teachers of the same school as the KTM – head of each polling station.

While this does not mean some of these teachers are not secretly awesome hackers in their spare time, it means that your phones are generally being watched by teachers.

If you can trust school teachers with your kids, you can certainly trust them to WATCH OVER your precious phone.

Fact #4 : Marking Your Ballots Take Less Than A Minute

The only time your phone is out of your view is when you are marking your ballots in the voting booth.

How long do you reckon it takes to mark X on one or two ballots, and fold them? Maybe 10 seconds? 20 seconds if you are slow. No matter what – your mobile phone will only be out of sight for less than a minute.

Do you actually believe any hacker would have the time to hook up your phone to any cable, never mind hack it, in less than one minute?

Fact #5 : Juice Jacking Requires Cable To Be Plugged Into Phone

What this “ethical hacker” is referring to is called juice jacking. Juice jacking requires a cable to be plugged into your phone. It cannot happen wirelessly, because it relies on USB vulnerabilities.

As noted in Fact #1, you will place your phone into a large cardboard box. You will be able to see that there are no cables present.

While you are marking your vote, the box containing your phone will be fully visible to at least six other people in the room, if you discount the “nefarious KTM who is secretly an evil hacker”.

Even a “nefarious KTM who is secretly an evil hacker” will have trouble taking your phone out of the box, without any of the other people in the room noticing, never mind actually plugging in a cable.

That’s why the real risk of juice jacking isn’t that 20-30 seconds you spend voting in GE15, but when you plug your phone into a free USB power socket.

If you are paranoid, just cover your phone’s USB or Lightning port with tape, before you place it in the designated box.

Fact #6 : Juice Jacking Vulnerabilities Have Been Mitigated

As ethical hackers reveal security risks like juice jacking, Google and Apple have taken measures to mitigate the risks.

Both Android and iOS, for example, no longer allow the phone to be mounted as a drive when plugged in over USB. You will get a prompt asking you to confirm the step, which is not possible for the hacker to do without first unlocking the phone.

There have also been many Android and iOS security updates that patch vulnerabilities that could potentially lead to juice jacking attacks. That’s why it’s so important to keep your phone operating system updated.

Please WATCH OUT about such FAKE NEWS on WhatsApp and social media.

Remember – democracy does not guarantee us a good government. Democracy only guarantees us the right to vote out a bad government!

Happy voting on 19 November 2022!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Mobile | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Binance Smart Chain Halts After $100M Crypto Theft!

Binance just shut down its blockchain, after getting hacked and losing over $100 million in crypto coins!

The shutdown prevented an even bigger loss of $566 million, but it defeated a key purpose of the blockchain – decentralisation.

 

Binance Smart Chain Halts After $100M Crypto Theft!

On Thursday, 6 October 2022, Binance Smart Chain was hit by a hacker who targeted 2 million Binance coins (BNB) worth $566 million.

The attack appeared to have started at around 2:30 PM EST, with the attacker’s wallet receiving two transactions of 1 million BNB coins.

Soon after that, the hacker tried to liquidate the BNB coins into other assets, by using a variety of liquidity pools.

Binance acknowledged the security incident several hours later, at 6:19 PM, and halted the BNB Smart Chain.

AT 7:51 PM EST, Binance CEO Changpeng “CZ” Zhao confirmed that an exploit was used in the BSC Token Hub to transfer the BNB coins to the attacker, and that they asked all validators to temporarily suspend the Binance Smart Chain. He also claimed that the funds are safe.

An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.

 

Binance Smart Chain Almost Lost $566 Million!

The majority of the 2 million BNB coins worth $566 million remained on the BNB Smart Chain, and was made inaccessible to the hacker, after BSC was shut down.

This is rather ironic since blockchains like BSC are supposed to be decentralised, and not meant to be so easily turned off – a fact BNB Chain acknowledged.

Decentralized chains are not designed to be stopped, but by contacting community validators one by one, we were able to stop the incident from spreading. It was not that easy as BNB Smart Chain has 26 active validators at present and 44 in total in different time zones. This delayed closure, but we were able to minimize the loss.

Even so, a BNB Chain spokesperson later confirmed that about $100 to $110 million in funds were taken off the Binance Smart Chain, and CZ said that the impact was about a quarter of the last BNB burn.

Of the funds taken off-chain, BNB Chain was able to freeze about $7 million with help from their partners in the cryptocurrency community.

So far, about $2 billion has been lost in crypto hacks in 2022, with cross-chain bridges used to transfer tokens across blockchains a popular target.

BNB Chain said that it would introduce a new on-chain governance mechanism to fight and defend against future possible attacks.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Money | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Turn On Two-Step Verification In Telegram!

Find out WHY you should turn on two-step verification in Telegram, and HOW to do that!

 

Why You Should Turn On Two-Step Verification In Telegram?

Two-Step Verification is a feature that protects your Telegram account from being hijacked by hackers and scammers.

It blocks illegal takeover of Telegram accounts, by requiring a secret password that only you know. And it lets you recover your account via email.

This prevents hackers or scammers from taking over your Telegram account, even if you accidentally share with them the login code.

Read more : Beware Of Telegram Screenshot Hack + Scam!

 

How To Turn On Two-Step Verification In Telegram!

In this guide, I will share with you how to turn on two-step verification in Telegram.

Step 1 : Open Telegram.

Step 2 : Go to Options > Settings > Privacy and Security.

Step 3 : Tap on the Two-Step Verification option.

Step 4 : In the Two-Step Verification screen, tap on the Set Password option.

Step 5 : Key in your preferred password, which can be any combination of capital or small letters and numbers.

Step 6 : You will need to key the same password again, to confirm it.

Step 7 : Next, you can create a hint to remind you of your password. This is optional, and you can skip it if you prefer.

But if you key one in, the hint will be displayed whenever you are asked to key in the password in the future.

Step 8 : After that, you will have the option of adding a Recovery Email address, just in case your account is hijacked.

This is optional as well, but I highly recommend you add a recovery email, which is simply the email address you use.

Step 9 : If you entered a Recovery Email address, Telegram will now send you an email with a 6-digit code to verify that email address.

Step 10 : Look for the Telegram verification code email, and key in the 6-digit verification code.

That’s it! You’re done! From now on, you will be required to key in the password whenever you log into a new device.

This will prevent hackers / scammers from taking over your account, even if you accidentally give them the Login code you receive by SMS.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Beware Of Telegram Screenshot Hack + Scam!

Watch out for the Telegram screenshot hack and scam! Find out how the Telegram screenshot hack and scam works, and what you can do!

 

Telegram Screenshot Hack : New Twist To Old Trick

My friend just got hit by the Telegram screenshot hack, and the hacker is now trying to scam everyone on his contact list!

The Telegram screenshot hack is a new twist to an old trick, and here is how they do it…

Step 1 : Identify A Suitable Target

After obtaining a legitimate Telegram account through phishing or other means, the hacker reads through the messages to identify a suitable target – usually a close friend whom you often chat with, and trust.

For the purpose of our example, the hacker stole your friend’s Telegram account and has identified you as a suitable target.

Step 2 : Attempt To Login From Another Device

The hacker installs Telegram in another device and attempts to log into your account. He only needs the your phone number to do that.

The login attempt triggers Telegram to send a Login code to the your registered devices to authenticate the login. Usually, that’s the Telegram app in your smartphone.

Step 3 : Ask For A Screenshot Of Telegram

Traditionally, this is when the hacker will use your friend’s Telegram account to message you and ask for that Login code. However, asking for the Login code may trigger suspicion, so hackers have now come up with a new twist.

Instead of asking you for the Login code, the hacker will use your friend’s Telegram account to ask you to take a screenshot of your Telegram app and send it to him.

What harm is there? After all, many of us take screenshots and share them with family, friends and even on social media!

The problem is – the screenshot will accidentally reveal your Telegram Login code! Take a look at the actual screenshot my friend sent – it clearly shows the Telegram Login code!

Step 4 : Terminate All Other Sessions

The hacker will immediately use the Login code to log into your Telegram account on his device.

Then he will terminate all other sessions from that Telegram account, which means you get logged out from your Telegram app on your own smartphone!

Step 5 : Change Password

To prevent you from logging back in, and terminating his Telegram session, he will change the password.

Step 6 : Scam Your Friends

Now that the hacker gained control of your Telegram account and locked you out of it, he is free to scam your friends.

In this case, my friend’s contacts all started getting pleas to borrow money for some kind of emergency. The hacker will, of course, promise to pay you back quickly.

Your unsuspecting friends may not realise that this is not you that they are talking to, and may end up sending the hacker money.

In this case though, my friend managed to quickly alert us via WhatsApp that his Telegram account was hacked, so we didn’t tall for the scam.

One of his friends toyed with the scammer, and obtained the bank details. That is obviously not my friend’s name or account number!

 

Telegram Screenshot Hack : How To Prevent It?

Now that you know how the Telegram screenshot hack works, you can pretty much figure out how to prevent it.

Here is my quick summary for those who didn’t go through the whole process above :

  1. Do NOT send anyone your Telegram Login code. Not even anyone claiming to be working for Telegram.
  2. Do NOT send anyone a screenshot of your Telegram app. Even if it’s not a scam, it reveals portions of your chats!
  3. Turn on Two-Step Verification in Telegram. This lets you recover your account, even if you accidentally let someone take over your account.

Read more : How To Turn On Two-Step Verification In Telegram!

 

Telegram Screenshot Hack : How To Recover Your Account?

If you failed to turn on two-step verification, there is still a way to recover your Telegram account after it is stolen by a hacker.

For these steps to work though, you need to have access to your phone number. You must also do this quickly, as the hacker will be alerted to your attempt.

Step 1 : Open Telegram.

Step 2 : Log into your Telegram account using your phone number.

Step 3 : You will be asked if you have the correct number. Click Yes.

Step 4 : Telegram will send a 5-digit code to all your devices with Telegram installed. You won’t receive it since the hacker has already terminated all other sessions.

Step 5 : Click on the option just above the keypad – “Send the code as an SMS“.

Step 6 : You will now receive an SMS with the 5-digit code. Key it in, and you will now have access to your Telegram account.

Step 7 : Go to Options > Settings > Privacy and Security.

Step 8 : Scroll down and tap on Devices.

Step 9 : Tap on the option – Terminate All Other Session – to boot out the hacker.

Bonus Step : Turn on Two-Step Verification to prevent this from happening again!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Greeting Photos + Videos Hack Your Phone?!

Can hackers use greeting photos and videos to hack your phone, and steal your data?

Take a look at the viral claim, and find out what the FACTS really are!

 

Claim : Greeting Photos + Videos Can Hack Your Phone!

People keep sharing this warning about greeting photos and videos, which claims that they can hack your phone and steal your data.

It’s a long message, so just skip to the next section for the facts!

Hello Family and friends,

Starting tomorrow, Please do not send network pictures. Look at the following article to understand. I’m going to stop too.

Please delete all photos and videos of Good morning, Evening and other greetings and religious messages as soon as possible. Read the following article carefully and you will understand why.

Read all! Please send this message urgently to as many friends as possible to prevent illegal intrusion.

 

Truth : Greeting Photos + Videos Cannot Be Hack Your Phone!

Many of us get spammed with Good Morning, Good Afternoon, Good Evening photos and videos every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really cannot hack your phone. Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News –  does not exist!

Fact #2 : Greeting Photos + Videos Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these greeting photos and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Fact #3 : No Fraud Involving Greeting Photos / Videos

There has been no known fraud involving Good Morning or Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Now that you know the facts, please SHARE this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Canada Internet Outage Due To Software Update, Not China!

The country-wide mobile and Internet outage in Canada was due to a software update, not hacking by China!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : China Responsible For Mobile + Internet Outage In Canada!

Within hours of news breaking that Canada suffered a massive Internet outage, Vancouver Times posted a story claiming that the Royal Canadian Mounted Police (RCMP) identified China as the responsible party.

Vancouver Times also claimed that the RCMP will issue arrest warrants for the hackers responsible, who are connected to the People’s Liberation Army (PLA).

Chinese state hackers are responsible for a massive internet outage that paralyzed large parts of Canada, according to the RCMP. The federal police agency is in the process of issuing arrest warrants for several people they believe are connected to the People’s Liberation Army.

The RCMP will be holding a press conference in the next few days to announce the arrest warrants, according to sources. Canadian intelligence agencies are reportedly receiving guidance from the CIA and the FBI.

On Friday a widespread network outage from Rogers left many Canadians without mobile and internet service. The outages caused significant problems for police, courthouses, passport offices and other facilities.

The outage also disrupted services across retailers, courthouses, airlines, train networks, credit card processors and police forces, pushing many to delay business transactions. Many people were seen at Starbucks, trying to use their internet service.

The mainstream media and big tech want to hide the truth. Beat them at their own game by sharing this article!

Read more : FBI + MI5 Issue Joint Warning On Chinese Spying!

 

Truth : Canada Internet Outage Due To Software Update, Not China!

This is yet another example of FAKE NEWS created by Vancouver Times to generate page views and money from gullible people.

Fact #1 : Vancouver Times Is A Fake News Website

Vancouver Times is a “content aggregator” (copy and paste) website that is known for creating fake news to generate more page views and money.

To look legitimate, they copy and paste news from legitimate news organisations. To drive traffic, they create fake news, sometimes masked as “satire”.

To give themselves a veneer of deniability, they label themselves as a “satire website” in their About Us section.

Vancouver Times is the most trusted source for satire on the West Coast. We write satirical stories about issues that affect conservatives.

Here are some of their fake news that we debunked :

Fact #2 : Outage Only Affected Rogers Communications

On Friday, July 8, 2022, Canada was hit by a massive mobile and Internet outage that hit businesses, banks, and even police emergency lines.

However, it only affected Rogers Communications, and did not affect rivals like BCE, Telus and Shaw Communications.

The outage was extensive because Rogers is Canada’s leading telecommunications provider, with about 11.3 million wireless subscribers, and 2.25 million retail Internet subscribers.

Read more : Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

Fact #3 : RCMP Did Not Blame China For Mobile + Internet Outage

The Royal Canadian Mounted Police did not blame China for Rogers Communications’ mobile and Internet outage.

This was made up by Vancouver Times to trigger right-wing conspiracy theorists, to go viral and draw more page views.

Fact #4 : Rogers Did Not Blame China For Mobile + Internet Outage

Rogers Communications themselves did not blame China for their mobile and Internet outage.

Fact #5 : Canada Confirmed Outage Was Not A Cyberattack

While the reason behind the outage was still unknown, a spokesperson for Canadian Public Safety Minister Marco Mendicino confirmed to CTV News that “the outage was not due to a cyberattack“.

Fact #6 : Rogers Confirmed Outage Due To Maintenance Update

On 11 July 2022, Rogers CEO Tony Staffieri apologised for the country-wide outage of its services.

He also said that the failure was due to “a maintenance update in our core network“. The maintenance work “caused some of our routers to malfunction early Friday morning“.

Fact #7 : Prior Rogers Outage Also Due To Software Update

This wasn’t the first time Rogers Communications’ network failed so drastically.

Just 15 months earlier – Rogers and its subsidiary, Fido, experienced a nationwide cellular service outage in April 2021.

That outage was ultimately traced to “a recent Ericsson software update” that “affected a piece of equipment in the central part” of their network, leading to “intermittent congestion impacting many customers across Canada“.

Fact #8 : It Would Have Been Considered An Act Of War

China attacking Canada’s mobile and Internet network would have been considered an act of war, if it was proven.

The Canadian government would at least have issued a strong statement, if not cut diplomatic ties with China and/or enact sanctions against the Chinese government.

Fact #9 : No One Else Reported This Story

China attacking Canada’s mobile and Internet infrastructure would have been major international news, reported across the globe.

Yet not only did no mainstream media cover this incredible story, it hasn’t even been reported in the usual conspiracy theory websites!

That’s because it was a fake story created by one publication – Vancouver Times, in their attempt to go viral again for more page views and ad money.

Fact #10 : There Is No Such Thing As A Publication Ban

Vancouver Times likes to use the “media blackout” claim, to explain why you can’t find any reputable media outlet reporting on China attacking Canada’s mobile and Internet infrastructure.

That’s utter and complete bullshit. No one – not a judge, not even the Canadian government – can control the worldwide media, or prevent anyone from writing about such an incredible story.

You can also be sure that even if the mainstream media in the Canada refused to run the story, it would have been reported by foreign media outlets, websites and blogs.

Yet, not a single foreign media outlet or online website published their account of this incredible story? That’s because IT NEVER HAPPENED…

Read more : Did Ghislaine Maxwell Just Commit Suicide In Prison?!

Fact #11 : Mainstream Media + Big Tech Would Have Loved The Hype

Vancouver Times is gaslighting you about how mainstream media and Big Tech want to hide the “truth” about China attacking Canada’s infrastructure.

They would all loved such shocking news, because it would have driven tons of traffic and engagement to their websites / platforms.

In fact, that was precisely why Vancouver Times created the fake story – to drive traffic, for the ad money.

Everything that Vancouver Times publishes should be regarded as FAKE NEWS, until proven otherwise.

Please help us fight fake news websites like Vancouver Times – SHARE this fact check out, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact CheckCybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!