Tag Archives: Internet security

BitiCodes Scam Alert : Fake Celebrity Endorsements!

You may have seen celebrities endorsements of BitiCodes or Biti Codes circulating on Facebook and Instagram, but they are all FAKE.

Find out why there are so many fake celebrity endorsements of Biticodes / Biti Codes, and how they are doing it!

BitiCodes / Biti Codes : Fake Celebrity Endorsements

BitiCodes or Biti Codes claims to be “the crypto industry’s most accurate AI auto-trading app“, which “works by automatically placing trades… using trading bots to strengthen your chances of making a profitable trade.”

If you never heard of it, you won’t be alone, because it’s mainly promoted via advertisements on Facebook, Instagram, etc. They are also promoting it through Google Ads like these examples, which will often appear in completely legitimate websites.

Clicking on those advertisements will lead to legitimate-looking articles from local or crypto publications, often with a celebrity endorsing Biticodes / Biti Codes.

Here in Malaysia, people will see Biticodes being endorsed by the likes of local politicians like Lim Guan Eng or Dr. Mahathir. But those in the cybersecurity industry will quickly realise that these articles are familiar because they are almost exact copies of scam articles used in the previous Bitcoin Revolution scam.

Looking for reviews of Biticodes or Biti Codes is pointless, because they appeared to have paid for advertorials in legitimate media outlets, which are (intentionally?) wrongly listed as “reviews”. Only at the very bottom do they include a disclaimer that it was a sponsored post.

Outlook India

Biticodes Reviews : Today we’ll be talking about one platform called Biticodes that you can use to make an extra source of income. It’s safe, and you do not need to worry about anything. It may help you earn good money in very less time.

Disclaimer : This is sponsored review content posted by us. All the information about the product is taken from the official website (and not fact-checked by us). Contact customer care phone number given on product’s official website for order cancellation, return, refund, payment, delivery etc. related issues. Must consult any financial specialist before investing in BitiCodes Auto-Trading Software.

Tribune India

Biticodes is real or scam review 2022 : With an astonishing success rate of 90%, BitiCodes has what it takes to be your go-to platform for cryptocurrency trading. It can execute multiple deals per second – a rate that even the most experienced cryptocurrency traders would be hard-pressed to match.

Disclaimer : The views and opinions expressed in the above article are independent professional judgment of the experts and The Tribune does not take any responsibility, in any manner whatsoever, for the accuracy of their views. Biticodes are solely liable for the correctness, reliability of the content and/or compliance of applicable laws. The above is non-editorial content and The Tribune does not vouch, endorse or guarantee any of the above content, nor is it responsible for them in any manner whatsoever. Please take all steps necessary to ascertain that any information and content provided is correct, updated, and verified.

In other words, those are NOT legitimate reviews, and the media outlets did not even test Biticodes / Biti Codes. Their disclaimers show that their “reviews” were paid content, written by Biticodes / Biticodes.

Avast Explains How BitiCodes Scam Works

In an August 2022 article, the cybersecurity company explained how the BitiCodes (also known as TeslaCoin) scam works:

The scam encourages people to pay to create an account and invest into a fraudulent crypto investment platform. There are two ways the campaign reaches potential victims: Through Facebook ads and email. Ultimately, victims can end up losing at least $250.

At the bottom of the page is a webform requesting site visitors to enter their name, email address, and phone number in order to register for the platform. The victim receives an email from a bot sparking a conversation in the victim’s language.

After a brief example exchange, the bot sends a link to a payment gateway, and asks the victim to transfer $250 in order to activate their trading account. Another scenario involves the bot emailing potential victims with steps to login to a cryptocurrency broker page, and after a few more emails, the bot sends a link to a payment gateway, asking the victim for a $250 initial investment.

I also investigated the articles and the BitiCodes website, and noticed that they are all using highly-suspicious domains and links:

celesteal.xyz/biticodes for the BitiCodes website (registered 23 Nov. 2022)
thedailypressbriefing.com/my for the BTC-News website (registered 29 Jan. 2023)
saveontaxesthisyear.tax for the BTC-News website (registered 6 Feb. 2023)

As you can see, the domains are not only completely unrelated to the article / websites, they are almost brand new! And if you go to their domain root, nothing loads. That is not how legitimate websites function. If you do a WHOIS lookup, you will discover that the owners of these domains are hidden.

Regardless of whether BitiCodes / Biti Codes itself is legitimate, you should avoid any article that do not tally with the official website, or with irrelevant domains.

Don’t fall for the scam. Avoid these BitiCodes / Biti Codes advertisements and fake celebrity endorsements.

Please help us fight fake news – SHARE this article, and SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Tenaga Nasional 33rd Anniversary Scam Alert!

Leave a reply

Please watch out for the Tenaga Nasional 33th Anniversary survey contest scam!

Find out why it is just a SCAM, and WARN your family and friends!

Tenaga Nasional 33th Anniversary Survey Scam Alert!

People are now sharing the Tenaga Nasional 33th Anniversary messages on WhatsApp :

Congratulations!

Tenaga Nasional 33rd Anniversary National Government Power Subsidy!

Through the questionnaire, you will have a chance to get 1000 Ringgit

🎉 Tenaga Nasional 33rd Anniversary National Government Power Subsidy 🎊

Electricity subsidy is being issued…

Recommended : Petronas 50th Anniversary Scam Alert!

Tenaga Nasional 33th Anniversary Survey : Why This Is A Scam!

Unfortunately, this is yet another survey scam, like the Petronas 50th Anniversary scam!

Tenaga Nasional confirmed that this survey is a scam in a scam alert on their website on 6 February 2023.

Win Cash Rewards from TNB – 6/2/2023

TNB customers are advised to ignore survey links that claim they can win cash rewards from TNB.

TNB does not organize any kind of cash prize giveaway on social media. Please be careful and avoid spreading this false information.

I know many of us are in dire straits during the COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using the same survey scam they have been using for years :

Now, let me show you how to spot these scams next time!

If you spot any of these warning signs, DO NOT PROCEED and DO NOT SHARE!

Warning Sign #1 : Bad Grammar

Most of these scammers do not have a good command of the English language, so if you spot bad grammar, stay away.

Proper contests or events sponsored by major brands like Tenaga Nasional will have at least one PR or marketing person who will vet the text before allowing it to be posted.

Read more : Petronas 50th Anniversary Scam Alert!

Warning Sign #2 : Offering You Free Money Or Gifts

Please do NOT be naive. No one is going to give you money or free gifts just to participate in a survey!

Tenaga Nasional isn’t going to give you FREE money, just because it’s their anniversary.

They are a corporation whose business is to make money, not a charity to give you free money.

Warning Sign #3 : Not Using The Real Jaya Grocer Domain

A genuine Tenaga Nasional campaign would use their real domain – www.tnb.com.my.

Or they would run it off the official Tenaga Nasional page on Facebook – www.facebook.com/TNBCareline/.

If you see nonsensical domains like merefamily.top, 0yjjg61.cn, 1eaf1rnbeef.top, ldxqw.bar, etc. that’s a sign it’s a SCAM!

Warning Sign #4 : Asking You To Forward The Offer

No brand will insist that you must share the offer with 5 groups or 20 friends on WhatsApp or Facebook Messenger.

Do not click to forward their offer to your family and friends. They will not appreciate being scammed with your help!

Warning Sign #5 : Asking You To Download + Register An App

If you click through and joined the fake survey scam, you will eventually be asked to download and register for an app.

This is VERY DANGEROUS. Never agree to download and register for any unknown app from a website.

Always download your apps from an official App Store like Google Play Store (for Android smartphones) and Apple App Store (for iPhones).

Please help us fight scams like this and SHARE this article out!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : Fake Damar Hamlin Donation Requests!

Leave a reply

Please watch out for fake donation requests for Damar Hamlin who suffered a cardiac arrest during a primetime NFL game!

Scam Alert : Fake Damar Hamlin Donation Requests!

After Damar Hamlin suddenly collapsed from cardiac arrest during the primetime NFL game between the Buffalo Bills and the Cincinnati Bengals, his GoFundMe page has exploded with donations – at publication time, it raised over $7.7 million!

However, scammers are apparently also trying to milk public concern for Damar Hamlin, and his family relayed a warning through his friend and marketing rep, Jordon Rooney, about people requesting cash app and GoFundMe donations in his name.

Damars parents wanted me to get this out there:

Beware of people requesting cash app donations and making GoFundMe’s.

If you do want to support Damar’s foundation, his initial toy drive campaign has turned into the central location for that.

Damar Hamlin Donation Shifted From GoFundMe To Website

To avoid further confusion, the Chasing M’s Foundation created a new website to handle the donations directly.

When Rooney announced the new website, he shared that Chasing M’s Foundation is a 501 (c) (3) non-profit organisation that is dedicated to “supporting the aspirations of youth and community members through sports, education, and enrichment opportunities“.

The executive director, Mario Hamlin, ask that people who wish to donate to the foundation, please do so through the new website. He also asked that people consider donating to the University of Cincinnati Medical Center trauma center, or buy your trauma center team and first responders lunch.

The Hamlin family appears to be making these moves to curb the donation scams that have mushroomed over public support for Damar Hamlin.

So please do NOT donate to any other Damar Hamlin initiatives, cash app requests, or GoFundMe pages. The only legitimate avenues for donations towards Damar Hamlin are:

The Chasing M’s Foundation website
University of Cincinnati Trauma Center

Alternatively, you can show your appreciation for first responders and trauma teams in your area, by buying them lunch.

The Real Damar Hamlin Donation GoFundMe Page!

When he was still in college at the University of Pittsburgh, Damar Hamlin started a toy drive on GoFundMe called The Chasing M’s Foundation Community Toy Drive.

Its first program with a 2020 Community Toy Drive, which set a goal of just $2,500 to buy toys for “children who have been hardest hit by the pandemic”.

As I embark on my journey to the NFL, I will never forget where I come from and I am committed to using my platform to positively impact the community that raised me. I created The Chasing M’s Foundation as a vehicle that will allow me to deliver that impact, and the first program is the 2020 Community Toy Drive.

This campaign gives you the opportunity to contribute to our first initiative and positively impact children who have been hardest hit by the pandemic. 100% of the funds raised will go toward the purchase of toys for kids in need. The time to act is now, as we will be distributing toys on December 22nd from 3:30 to 5:30 PM from Kelly and Nina’s Daycare Center at 800 Russellwood Ave., McKees Rocks, PA 15136.

If you are not able to contribute monetarily, you can support this initiative in other ways. We are accepting donated toys at the Daycare Center or simply spread the word by sharing this fundraiser on your social channels.

Thank you so much for supporting me on and off the field. I am grateful to have the opportunity to work with you to help make the holiday season a little brighter for the kids in our community.

Damar Hamlin
The Chasing M’s Foundation

After Damar Hamlin’s sudden collapse on the field, and subsequent hospitalisation in critical condition, his family reused the GoFundMe page to continue funding his community initiatives.

This fundraiser was initially established to support a toy drive for Damar’s community, sponsored by the Chasing M’s Foundation.

However, it has received renewed support in light of Damar’s current battle and we can’t thank all of you enough. Your generosity and compassion mean the world to us.

If you would like to show your support and contribute to Damar’s community initiatives and his current fight, this is the place to do so. This is the only current fund that is being used by the Hamlin Family.

Again, thank you for your thoughts, prayers and generous support during this time.

Damar created The Chasing M’s Foundation to use as a vehicle to bring lasting impact to his community. The foundation supports toy drives, back-to-school drives, kids camps, and more.

Damar Hamlin Donation Not Used To Support His Mother’s Daycare

Jordon Rooney also clarified that the official Damar Hamlin GoFundMe donation page is not being used to fund his mother’s daycare centre.

He explained that it was set up as a toy drive during his college days, and the toy giveaway was held at his mother’s daycare centre. Hence, the address listed in the GoFundMe is still his mother’s daycare centre.

Donations sent to his official GoFundMe would be used to support his foundation, which now does more than just toy drives, but also back to school drives, kids camps and more.

This came after sports business analyst Darren Rovell posted that the Damar Hamlin’s official GoFundMe would fund his mother’s daycare centre.

Damars GoFundMe does not support his mother’s daycare.. This was a toy drive that he set when he was in college and held it at the daycare.

The donations will support his foundation, which does toy drives, back to school drive, kids camps and more. Yeah

Waking up to see the incredible news that more than $3.2 million has been donated to Damar Hamlin’s GoFundMe page that supports his mother’s Day Care Center.

This is the Google Earth photo of the address of the center that corresponds to the GoFundMe. pic.twitter.com/Q5e96cDSUL

— Darren Rovell (@darrenrovell) January 3, 2023

Please WARN OTHER PEOPLE by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Sports | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Watch Out For TNG eWallet SMS Phishing Scam!

Leave a reply

In this article, we will show you many types of TNG eWallet SMS phasing scam, so you can avoid them!

Watch Out For TNG eWallet SMS Phishing Scam!

People are getting these SMS messages that appear to be from TNG eWallet, but are really just phishing scams!

RMO TNG eWallet: Bantuan e-dompet kepada golongan B40&M40 RM1000 akan dikreditkan ke dalam TNG eWallet anda. Kemaskini maklumat dan semakan status di www.tngewalletbantuangov.com

RMO T’n GO Your account function has been closed. You need to confirm the device immediately. Follow my.tngwallc.com

RMO TNG Wallet: Permohonan GOpinjam anda telah diluluskan, RM3000 telah kredit ke TNG Wallet anda. Sila semak baki dan tuntutan anda di http://logtouchngo.cc

RMO GOV: Terima kasih atas sokongan anda dari kerajaan BN. Bantuan e-dompet kepada rakyat Malaysia berjumlah RM500 telah kredit ke TNG Wallet anda. Sila sahkan identiti dan semak baki anda di https://touchngoemy.top/

How TNG eWallet SMS Phishing Scam Works!

The many examples of the TNG eWallet phishing scam employ SMS spoofing technology to send you SMS messages that appear to be from the TNG eWallet team.

What most people don’t know is that – the TNG eWallet team will never send you any SMS messages to :

offer you money from government or other agencies
inform you that money has been credited to your eWallet
ask you to log into your eWallet account using a link
ask you to update your account information using a link

The TNG eWallet team warned users against clicking on any links sent by SMS, even if they appear to be genuine. Genuine TNG eWallet SMS messages will never have a link attached.

These links do not lead to the real TNG eWallet website (https://www.touchngo.com.my/), but use similar-looking fake domains, like:

tngewalletbantuangov.com
my.tngwallc.com
logtouchngo.cc
touchngoemy.top
ewallettouchng.top
touchngosign.com
touchngolog.top
logintouchngo.cc
touchngo.life
touchngologin.cc
my.touchngo.com
my.touchwalf.com
my.touchwalp.com
my.tngowalle.com
my.tngowallet.com
tngwallet.top

If you see such domains, you should be alert that you are being targeted by a phishing scam. NEVER CLICK ON A LINK in any TNG eWallet SMS.

If you click on any of these links, you will be taken to a page that looks like a genuine TNG eWallet login page, but is really a phishing scam page.

If you key in your login details, as well as your phone number and One-Time Password (OTP), the scammers will have full access to your eWallet, and can freely transfer out your eWallet balance.

As many of us link our credit cards to the TNG eWallet, the scammers can also reload your eWallet using those credit cards, and transfer the money out.

So make sure you IGNORE any SMS message that asks you to click on a link, even if it appears to be from TNG eWallet.

Please help to fight financial scams, by SHARING this article with your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Money | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Maybank To Fully Migrate SMS OTP To Secure2u!

Leave a reply

Maybank just officially announced that it will fully migrate from SMS OTP to Secure2u, as part of efforts to crack down on scams!

Here is what you need to know…

Maybank To Fully Migrate SMS OTP To Secure2u!

On 28 September 2022, Maybank officially announced that it will fully migrate from SMS OTP to Secure2u, as part of efforts to crack down on scams!

By June 2023, all online activities or transactions involving account opening, fund transfers and payments, as well as changes to personal information or account settings, will require Secure2u authentication.

This announcement came after Bank Negara Malaysia (BNM) ordered banks to migrate from the SMS OTP (One Time Password) to more secure authentication methods.

We remain highly committed in helping our customers to avoid being scammed by fraudsters. This is done through existing security measures that are already in place and as we progressively rollout more measures that can help deter or minimise the likelihood of customers falling prey to financial scams.

We are also supportive of Bank Negara Malaysia’s announcement on 26 September 2022 in relation to the five measures to be adopted by banks in Malaysia to ensure higher standards of security, especially for Internet and mobile banking services.

The banking industry is committed to working together to combat financial scams which are increasingly prevalent in today’s digitalised environment.

– Dato’ Khairussaleh Ramli, Group President & CEO of Maybank

Details Of How Maybank Secure2u Will Replace SMS OTP

Secure2u isn’t new. It was introduced in April 2017 as a more secure way for Maybank customers to authorise Maybank2u and MAE transactions using Secure Verification (one-tap approval) and Secure Transaction activation codes (a 6-digit TAC number generated in the app), as an alternate to SMS OTP.

Maybank also revealed some details of how Secure2u will be enhanced as it replaces SMS OTP :

Only one Secure2u device will be allowed per account holder (customer) to minimise the possibility of compromise by a third party
Maybank will alert the customer by SMS, a push notification, and an email when Secure2u is registered on a new device.
In Q4 2022, Maybank will introduce a cooling-off period whenever customers enable Secure2u on a different device. This cooling-off period will give customers the opportunity to verify and report to the bank in case of any unauthorised Secure2u registration on a new device.

In addition to Secure2u, Maybank is heeding BNM’s call for tightened fraud detection rules and triggers, and has in place a call-back verification process to alert customers of suspicious transactions.

Maybank Advice On Fighting Scam

Maybank has a dedicated 24/7 hotline for customers to report financial scams at +603-5891-4744. Customers are advised to call the hotline immediately, as soon as they suspect that their banking details have been compromised, or whenever they notice suspicious transactions, so their bank accounts can be suspended swiftly.

Alternatively, customers can also contact the general Maybank Customer Care Hotline at 1-300-88-6688 to report scams / fraud, or to seek assistance in suspending their bank accounts.

Finally, here are some tips from Maybank on how to protect yourself while using online platforms:

Avoid installing/downloading apps/Android Package Kit (APK) files or clicking on suspicious links sent via chat messages such as SMS, WhatsApp, Messenger or other similar services.
Do not provide permission for any app to send or view your SMSes.
Do not ignore any warnings from your devices, especially when downloading or installing a new file.
Do not enter your banking details, especially username or password, in any suspicious apps or websites.
Always keep your antivirus software updated for constant protection.
Only download apps from the genuine app stores such as Apple App Store, Google Play Store or Huawei AppGallery and not from a link.
Be alert if you are being prompted to download a file that is not compatible with your device i.e.: iPhone/iPad device being asked to use an Android device to download a file.
Always look out for your online banking security image and phrase (i.e.: Maybank2u security image and phrase), to ensure the website and app are legitimate.
Do not root or jailbreak your device.
Update your mobile device’s operating system (OS) and apps regularly.

Finally, we must all remember to NEVER share with anyone (not even bank employees) details of our bank accounts.

Please SHARE this article and these tips with your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Business | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

BNM : Banks To Stop Using SMS OTP To Fight Scams!

Leave a reply

Bank Negara Malaysia has ordered banks to stop using SMS OTP, as a way to fight financial scams!

Here is what you need to know…

BNM : Banks To Stop Using SMS OTP To Fight Scams!

Bank Negara Malaysia (BNM) has ordered banks in Malaysia to stop using SMS OTP (One Time Passwords), and migrate to a more secure form of authentication for online transactions.

This move comes after many Malaysians were hit by scams that bypassed the security offered by SMS OTP, leading to great loss of their hard-earned money.

BNM governor Tan Sri Nor Shamsiah Mohd Yunus said major banks in Malaysia have already started migrating from SMS OTP to more secure forms of authentication.

BNM : More Measures Beyond SMS OTP To Fight Scams!

In addition to “banning” SMS OTP, BNM has ordered the further tightening of detection rules and triggers to block potential scams.

This includes adding a cooling-off period for first-time enrolments of online banking services, as well as devices being registered for authentication purposes.

Banks will also be required to set up dedicated scam hotlines, and provide convenient ways for customers to suspend their bank accounts if they suspect that those accounts have been compromised.

Banks also have to ensure that customers are able to reactivate their accounts after a reasonable period, after ensuring that their accounts have been secured.

Together with the financial industry, BNM will continue to ensure that banking and payment channels remain secure and equipped with the latest security controls. The effort to combat financial crimes also requires the support of all parties. As consumers, each of us are responsible for protecting ourselves from the threat of scams.

The reality, however, is that methods used by criminals will continue to evolve. BNM therefore continuously intensifies efforts and take steps to combat scams by introducing additional controls and safeguards from time to time.

– BNM governor Tan Sri Nor Shamsiah Mohd Yunus

Despite these efforts, it is critical that we must all learn to safeguard our personal information and avoid downloading files or installing applications from unverified sources on our computer or smartphones.

We should also check our bank and credit card statements, and notify the banks once we notice anything suspicious.

Those who believe that they are victims of a scam should contact the Commercial Crime Investigation Department Scam Response Centre at 03-2610 1559/1599 or BNMTelelink at 1-300-88-5465; and lodge a police report to facilitate investigations.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Business | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Turn On Two-Step Verification In Telegram!

Leave a reply

Find out WHY you should turn on two-step verification in Telegram, and HOW to do that!

Why You Should Turn On Two-Step Verification In Telegram?

Two-Step Verification is a feature that protects your Telegram account from being hijacked by hackers and scammers.

It blocks illegal takeover of Telegram accounts, by requiring a secret password that only you know. And it lets you recover your account via email.

This prevents hackers or scammers from taking over your Telegram account, even if you accidentally share with them the login code.

How To Turn On Two-Step Verification In Telegram!

In this guide, I will share with you how to turn on two-step verification in Telegram.

Step 1 : Open Telegram.

Step 2 : Go to Options > Settings > Privacy and Security.

Step 3 : Tap on the Two-Step Verification option.

Step 4 : In the Two-Step Verification screen, tap on the Set Password option.

Step 5 : Key in your preferred password, which can be any combination of capital or small letters and numbers.

Step 6 : You will need to key the same password again, to confirm it.

Step 7 : Next, you can create a hint to remind you of your password. This is optional, and you can skip it if you prefer.

But if you key one in, the hint will be displayed whenever you are asked to key in the password in the future.

Step 8 : After that, you will have the option of adding a Recovery Email address, just in case your account is hijacked.

This is optional as well, but I highly recommend you add a recovery email, which is simply the email address you use.

Step 9 : If you entered a Recovery Email address, Telegram will now send you an email with a 6-digit code to verify that email address.

Step 10 : Look for the Telegram verification code email, and key in the 6-digit verification code.

That’s it! You’re done! From now on, you will be required to key in the password whenever you log into a new device.

This will prevent hackers / scammers from taking over your account, even if you accidentally give them the Login code you receive by SMS.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Beware Of Telegram Screenshot Hack + Scam!

Leave a reply

Watch out for the Telegram screenshot hack and scam! Find out how the Telegram screenshot hack and scam works, and what you can do!

Telegram Screenshot Hack : New Twist To Old Trick

My friend just got hit by the Telegram screenshot hack, and the hacker is now trying to scam everyone on his contact list!

The Telegram screenshot hack is a new twist to an old trick, and here is how they do it…

Step 1 : Identify A Suitable Target

After obtaining a legitimate Telegram account through phishing or other means, the hacker reads through the messages to identify a suitable target – usually a close friend whom you often chat with, and trust.

For the purpose of our example, the hacker stole your friend’s Telegram account and has identified you as a suitable target.

Step 2 : Attempt To Login From Another Device

The hacker installs Telegram in another device and attempts to log into your account. He only needs the your phone number to do that.

The login attempt triggers Telegram to send a Login code to the your registered devices to authenticate the login. Usually, that’s the Telegram app in your smartphone.

Step 3 : Ask For A Screenshot Of Telegram

Traditionally, this is when the hacker will use your friend’s Telegram account to message you and ask for that Login code. However, asking for the Login code may trigger suspicion, so hackers have now come up with a new twist.

Instead of asking you for the Login code, the hacker will use your friend’s Telegram account to ask you to take a screenshot of your Telegram app and send it to him.

What harm is there? After all, many of us take screenshots and share them with family, friends and even on social media!

The problem is – the screenshot will accidentally reveal your Telegram Login code! Take a look at the actual screenshot my friend sent – it clearly shows the Telegram Login code!

Step 4 : Terminate All Other Sessions

The hacker will immediately use the Login code to log into your Telegram account on his device.

Then he will terminate all other sessions from that Telegram account, which means you get logged out from your Telegram app on your own smartphone!

Step 5 : Change Password

To prevent you from logging back in, and terminating his Telegram session, he will change the password.

Step 6 : Scam Your Friends

Now that the hacker gained control of your Telegram account and locked you out of it, he is free to scam your friends.

In this case, my friend’s contacts all started getting pleas to borrow money for some kind of emergency. The hacker will, of course, promise to pay you back quickly.

Your unsuspecting friends may not realise that this is not you that they are talking to, and may end up sending the hacker money.

In this case though, my friend managed to quickly alert us via WhatsApp that his Telegram account was hacked, so we didn’t tall for the scam.

One of his friends toyed with the scammer, and obtained the bank details. That is obviously not my friend’s name or account number!

Telegram Screenshot Hack : How To Prevent It?

Now that you know how the Telegram screenshot hack works, you can pretty much figure out how to prevent it.

Here is my quick summary for those who didn’t go through the whole process above :

Do NOT send anyone your Telegram Login code. Not even anyone claiming to be working for Telegram.
Do NOT send anyone a screenshot of your Telegram app. Even if it’s not a scam, it reveals portions of your chats!
Turn on Two-Step Verification in Telegram. This lets you recover your account, even if you accidentally let someone take over your account.

Telegram Screenshot Hack : How To Recover Your Account?

If you failed to turn on two-step verification, there is still a way to recover your Telegram account after it is stolen by a hacker.

For these steps to work though, you need to have access to your phone number. You must also do this quickly, as the hacker will be alerted to your attempt.

Step 1 : Open Telegram.

Step 2 : Log into your Telegram account using your phone number.

Step 3 : You will be asked if you have the correct number. Click Yes.

Step 4 : Telegram will send a 5-digit code to all your devices with Telegram installed. You won’t receive it since the hacker has already terminated all other sessions.

Step 5 : Click on the option just above the keypad – “Send the code as an SMS“.

Step 6 : You will now receive an SMS with the 5-digit code. Key it in, and you will now have access to your Telegram account.

Step 7 : Go to Options > Settings > Privacy and Security.

Step 8 : Scroll down and tap on Devices.

Step 9 : Tap on the option – Terminate All Other Session – to boot out the hacker.

Bonus Step : Turn on Two-Step Verification to prevent this from happening again!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Greeting Photos + Videos Hack Your Phone?!

Leave a reply

Can hackers use greeting photos and videos to hack your phone, and steal your data?

Take a look at the viral claim, and find out what the FACTS really are!

Claim : Greeting Photos + Videos Can Hack Your Phone!

People keep sharing this warning about greeting photos and videos, which claims that they can hack your phone and steal your data.

It’s a long message, so just skip to the next section for the facts!

Hello Family and friends,

Starting tomorrow, Please do not send network pictures. Look at the following article to understand. I’m going to stop too.

Please delete all photos and videos of Good morning, Evening and other greetings and religious messages as soon as possible. Read the following article carefully and you will understand why.

Read all! Please send this message urgently to as many friends as possible to prevent illegal intrusion.

Warning from Olga Nikolaevnas lawyer:

Attention! For those who like to send Good morning! It’s a beautiful day! Good evening!
picture. Please do not send these good messages.

Today, Shanghai China International News sent out SOS to all subscribers and experts – advise: Do not send pictures and videos of good morning, good night, etc.

The report shows that hackers who designed these images, and these images and videos are beautiful, But there is a hidden phishing code, and when everyone sends these messages, hackers use your device to steal personal information, such as bank card information and data, and break into your phone.

It is reported that more than 500,000 victims have been defrauded.

If you want to say hello to others, please write your own greetings and send your own pictures and videos so that you can protect yourself and your family and friends.

Important ! To be safe, please be sure to delete all greetings and pictures on your phone. If someone has sent you such images, remove them from your device immediately. Malicious code takes some time to deploy, so if you take action immediately, there will be no harm done.

Tell all your friends to prevent being hacked.

Say hello in your own words and only send your own created images and videos to greet, which is completely safe for yourself, your family and friends. Please understand what I mean! Everyone has a bank card attached to their mobile phone, and everyones mobile phone has many contacts. This hack creates a threat not only to yourself, but to your phone, friends and acquaintances as well! This is brutal.

This is a new technique used by terrorists to visit your mobile phone SIM card, so that you become their accomplice!!!

* * * Send this message to as many of your relatives and friends as possible to stop any unauthorised intrusions!!!

Wow !!! Dear family and friends beware!!

Show less

Truth : Greeting Photos + Videos Cannot Be Hack Your Phone!

Many of us get spammed with Good Morning, Good Afternoon, Good Evening photos and videos every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really cannot hack your phone. Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News – does not exist!

Fact #2 : Greeting Photos + Videos Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these greeting photos and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Fact #3 : No Fraud Involving Greeting Photos / Videos

There has been no known fraud involving Good Morning or Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Now that you know the facts, please SHARE this article with your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Fact Check | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Malaysia Police Denies Running Political Troll Farm!

Leave a reply

The Royal Malaysia Police (PDRM) denies running a troll farm to corrupt or manipulate public discourse!

Here is what you need to know!

Meta Accuses Malaysia Police Of Running Political Troll Farm!

On 4 August 2022, Meta directly named the Royal Malaysia Police (PDRM) as being responsible for a troll farm designed to “corrupt or manipulate public discourse“.

Here were the key findings that the Meta team revealed about the individuals behind the PDRM troll farm :

They were active on Facebook, TikTok, Twitter and Instagram.
They posted memes in Malay, in support of the current government coalition
They posted claims of corruption amongst the current government coalition’s critics
They created Facebook Pages that posed as independent news entities, and promoted police while criticising the opposition.
Their posting activity were greatest during weekdays, taking breaks for lunch.
Their fake accounts were under-developed, and some of them used stolen profile photos.

The troll farm was initially suspected to have originated in China by researchers at Clemson University in South Caroline. But when the Meta team investigated it, they found links to the Royal Malaysia Police (PDRM).

The Meta team also revealed that the PDRM troll farm spent about $6,000 (~RM26,750) in Facebook and Instagram ads, paid for primarily in Malaysian Ringgit.

They also shared how successful the PDRM troll farm was in garnering followers on Facebook and Instagram :

Facebook Pages : About 427,000 accounts
Facebook Groups : About 4,000 accounts
Instagram Accounts : About 15,000 accounts

As a result of their investigation, Meta removed 595 Facebook accounts, 180 Pages, 11 Groups and 72 Instagram accounts that were linked to this PDRM troll farm, for violating their police against “coordinated inauthentic behavior“.

What Is Inauthentic Behavior?

Inauthentic behaviour (IB) as an effort to mislead people or Facebook about about the popularity of content, the purpose of a community (i.e. Groups, Pages, Events) or the identity of the people behind it. It is primarily centered around amplifying and increasing the distribution of content, and is often (but not exclusively) financially motivated.

IB operators typically focus on quantity rather than the quality of engagement. For example, they may use large numbers of low-sophistication fake accounts to mass-post or like their content — be it commercial, social or political. They often use tactics similar to other large-scale online activities, like spam.

This behavior pattern distinguishes IB from Coordinated Inauthentic Behavior (CIB) where operators invest in mimicking human social activity as closely as possible.

PDRM Denies Meta Accusations Of Running Political Troll Farm!

On 6 August 2022, PDRM issued a short notice (with my English translation) stating that it takes Meta’s allegations seriously, denies them, and is currently gathering information about those allegations.

Penafian PDRM Atas Dakwaan Syarikat Meta Platforms Incorporated

Police Diraja Malaysia (PDRM) memandang serius laporan pihak syarikat Meta Platforms Incorporated yang mendakwa terdapat akaun-akaun palsu di media sosial yang “mempunyai hubungan dengan PDRM”.

PDRM menafikan dakwaan tersebut dan sedang mengampul maklumat lanjut mengenainya.

PDRM Denies Allegations By Meta Platforms Incorporated

The Royal Malaysia Police (PDRM) is taking seriously the report by Meta Platforms Incorporated which claimed that there are fake social media account “with ties to PDRM”.

PDRM denies these allegations and is gathering more information about it.

PDRM Troll Farm : Is That Even Legal?!

The Royal Malaysia Police (PDRM) enforces the laws of the country, including the Internet. In fact, they have a Cyber & Multimedia Criminal Investigation Unit under the Commercial Crime Investigation Department.

The PDRM works together with the National Cyber Security Agency (NACSA) to tackle cybersecurity threats, and these would include malicious influence campaigns.

All the more reason why it is both perplexing and troubling that Malaysia’s national police force has been linked to a troll farm designed to promote the current government coalition, while denigrating the opposition.

These are specifically the cybercrimes that NACSA should be looking out for, and the PDRM should be assisting them in arresting anyone in Malaysia who participated in such activities.

The PDRM will no doubt be under tremendous pressure to explain / refute Meta’s allegations.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Business | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Chinese Netizens Explode Over WPS Office Censorship!

Leave a reply

Chinese netizens are incensed over evidence that WPS Office was monitoring and deleting their files!

Find out what’s going on, and what it means for the digital privacy of WPS Office users!

Chinese Netizens : WPS Office Is Monitoring + Blocking Our Documents!

Chinese company, Kingsoft, is under fire for claims that its productivity suite WPS Office is actively monitoring and deleting user documents that might displease Beijing!

At the heart of this issue is the WPS Cloud platform that works like Microsoft 365, allowing users to store their documents in the cloud, or locally.

Chinese netizens are alleging that WPS Office was actively monitoring their documents, and even deleting those that were detected to contain content that might displease the Chinese authorities.

One novelist who goes by the pseudonym Mitu, claimed that she was unable to access her unpublished 1.3 million character document. Not only was it blocked in her cloud storage, she couldn’t access the local copy using the desktop WPS client.

She was told that “the file may contain sensitive content and access has been disabled“.

Mitu shared her experience on Lkong – an online Chinese literature forum, and the social media platform Xiaohongshu, in late June 2022; and it only began trending in Weibo in early July after an influencer reposted her complaint.

A Weibo post on her complaint appears to have been deleted, but fortunately a screenshot was captured. This was the post in Chinese, machine translated into English :

Simply put, WPS seems to have some kind of sensitive word harmony function, Then after being detected, not only the ones stored on the cloud disk will be harmonized

According to the victim’s complaint, it is not only on the cloud, but also on local files. It’s hard to escape a harmony.

At present, according to some netizens, it may be checked after being saved.Sensitive words are detected and then determined to be files that may contain sensitive information,

Directly blocked, or it may be directly locked after being remotely detected by the background server local files There is no other way but to appeal (and it will be fixed in time) but this Is it remote from the server?

Now there is a lot of panic in the online literature circle, for fear that hundreds of thousands of words of manuscripts will be blocked overnight. Asking both online and offline harmony, many people re-use ms and writing pads write file

As of now, some companies that write scripts and some industries have said they want to change the MS office.

简单来说，就是WPS似乎带了某种敏感词和谐功能，
然后被探测出来后，不单单是储存在云盘上的会被和谐
按照被害者的诉说，不单单是云上的，就连本地文件也
难逃一谐，目前根据一些网友推测，可能是保存后被检
测出敏感词，然后被判定为可能包含敏感信息的文件，
直接封锁，也可能是被后台服务器远程检测后直接锁死
本地文件
除了申诉没别的办法（而且末必能够及时弄好）不过本
地到底是被服务器远程
现在网文圈里恐慌的很，生怕几十万字的稿子被一夜之
问线上线下都和谐完犊子，好多人重新用ms和写字本
写文件
其至现在有写剧本和一些行业的公司都说要换ms office

Show less

Mitu said she reported the problem to Kingsoft, which eventually apologised and restored access to the file within two days. The company admitted that “the file was not problematic”.

However, her story spurred other Chinese netizens to come forward with their own stories. A writer in Guangzhou who goes by the pseudonym Liu Hai also said that his WPS Office document of nearly 10,000 words was similarly blocked on July 1, 2022.

These incidents have sparked concerns about privacy in China. While the Chinese government routinely monitors and censors social media content, monitoring and blocking of personal documents would represent a new level of censorship in China.

WPS Office Admits Blocking File Access

After the online furore over claims that WPS Office deleted user files, the software developer issued a terse public statement on July 11, 2022.

It said that WPS Office does not delete the “user’s local files”, and that it was a misunderstanding. They only deleted the “online document link”, and blocked “others from access the link according to the law”.

Here is the Weibo post in Chinese, machine translated into English :

Statement on the exposure of online transmission #WPS will delete the user’s local files

A recent online document link shared by a user is suspected of violating the law, and we have prohibited others from accessing the link according to law. This has been misrepresented as #WPS delete user local files.

To this end, we specifically declare: WPS, as an office software developed for more than 30 years, has always put user experience and user privacy protection first.

The statement about deleting the user’s local files is purely misleading, and we will reserve the right to safeguard our legitimate interests through legal means.

关于网传#WPS被曝会删除用户本地文件# 的声明

近期一位用户分享的在线文档链接，涉嫌违规，我们依法禁止了他人访问该链接。此事被讹传为#WPS# 删除用户本地文件。

为此，我们特地声明：WPS作为一个发展了30多年的办公软件，始终把用户体验和保护用户隐私放在第一位。关于删除用户本地文件的说法纯属误导，我们将保留通过法律途径维护合法利益的权利。

Show less

WPS Office cleverly claims that it never “censors, locks or delete users’ local files”, which is technically correct but as Mitu and Liu Hai described, WPS Office blocks access to their users’ local files.

It was discovered that the files can still be opened by other software, like Microsoft Word or Tencent Docs. But the blocked files cannot be opened by WPS Office, even if they are stored locally (in the user’s computer).

It should be noted that Mitu never shared her file online. So WPS Office’s claim that they only blocked “others” from accessing the file is misleading.

WPS Office Not The Only Cloud Provider Monitoring Content

To be fair to WPS Office and Kingsoft, they are not the only ones monitoring content uploaded to the cloud. They just took things one step further by blocking access to local files.

By default, traffic to and from cloud-based productivity services like Google Docs, Microsoft 365 and WPS Office are not end-to-end encrypted.

That means they can and most likely are reading / monitoring EVERYTHING you type or upload. This includes files uploaded and stored in cloud-based storage services like Google Drive and Microsoft OneDrive.

That is the right of cloud service providers, because you are using their servers to store your content.

Google, for example, lists content that can be automatically removed and could even lead to a ban :

Account hijacking
Account inactivity
Child sexual abuse and exploitation
Circumvention
Dangerous and illegal activities
Harassment, bullying, and threats
Hate speech
Impersonation and misrepresentation
Malware and similar malicious content
Misleading content
Non-consensual explicit imagery
Personal and confidential information
Phishing
Regulated goods and services
Sexually explicit material
Spam
System interference and abuse
Unauthorized images of minors
Violence and gore
Violent organizations and movements

People need to be aware of this, and stop assuming that they have privacy on such cloud services, even if they paid to use them.

So it is not surprising that WPS Office monitors everything its users do. If they stopped at blocking access to the online files that contravened local laws, no one would bat an eye.

What is unusual though is that it also blocked access to the users’ local files! That means that their desktop and mobile apps were specifically designed to enforce a list of blocked files issued by WPS Office / Kingsoft.

If WPS Office / Kingsoft goes to that extent, does it mean that they would also alert the Chinese authorities about users producing content that displease them?

That is something everyone should think about, not just Chinese netizens who are justifiably concerned about WPS Office.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Fact Check | Science | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Canada Internet Outage Due To Software Update, Not China!

Leave a reply

The country-wide mobile and Internet outage in Canada was due to a software update, not hacking by China!

Take a look at the viral claim, and find out what the facts really are!

Claim : China Responsible For Mobile + Internet Outage In Canada!

Within hours of news breaking that Canada suffered a massive Internet outage, Vancouver Times posted a story claiming that the Royal Canadian Mounted Police (RCMP) identified China as the responsible party.

Vancouver Times also claimed that the RCMP will issue arrest warrants for the hackers responsible, who are connected to the People’s Liberation Army (PLA).

Chinese state hackers are responsible for a massive internet outage that paralyzed large parts of Canada, according to the RCMP. The federal police agency is in the process of issuing arrest warrants for several people they believe are connected to the People’s Liberation Army.

The RCMP will be holding a press conference in the next few days to announce the arrest warrants, according to sources. Canadian intelligence agencies are reportedly receiving guidance from the CIA and the FBI.

On Friday a widespread network outage from Rogers left many Canadians without mobile and internet service. The outages caused significant problems for police, courthouses, passport offices and other facilities.

The outage also disrupted services across retailers, courthouses, airlines, train networks, credit card processors and police forces, pushing many to delay business transactions. Many people were seen at Starbucks, trying to use their internet service.

The mainstream media and big tech want to hide the truth. Beat them at their own game by sharing this article!

Truth : Canada Internet Outage Due To Software Update, Not China!

This is yet another example of FAKE NEWS created by Vancouver Times to generate page views and money from gullible people.

Fact #1 : Vancouver Times Is A Fake News Website

Vancouver Times is a “content aggregator” (copy and paste) website that is known for creating fake news to generate more page views and money.

To look legitimate, they copy and paste news from legitimate news organisations. To drive traffic, they create fake news, sometimes masked as “satire”.

To give themselves a veneer of deniability, they label themselves as a “satire website” in their About Us section.

Vancouver Times is the most trusted source for satire on the West Coast. We write satirical stories about issues that affect conservatives.

Here are some of their fake news that we debunked :

Fact #2 : Outage Only Affected Rogers Communications

On Friday, July 8, 2022, Canada was hit by a massive mobile and Internet outage that hit businesses, banks, and even police emergency lines.

However, it only affected Rogers Communications, and did not affect rivals like BCE, Telus and Shaw Communications.

The outage was extensive because Rogers is Canada’s leading telecommunications provider, with about 11.3 million wireless subscribers, and 2.25 million retail Internet subscribers.

Fact #3 : RCMP Did Not Blame China For Mobile + Internet Outage

The Royal Canadian Mounted Police did not blame China for Rogers Communications’ mobile and Internet outage.

This was made up by Vancouver Times to trigger right-wing conspiracy theorists, to go viral and draw more page views.

Fact #4 : Rogers Did Not Blame China For Mobile + Internet Outage

Rogers Communications themselves did not blame China for their mobile and Internet outage.

Fact #5 : Canada Confirmed Outage Was Not A Cyberattack

While the reason behind the outage was still unknown, a spokesperson for Canadian Public Safety Minister Marco Mendicino confirmed to CTV News that “the outage was not due to a cyberattack“.

Fact #6 : Rogers Confirmed Outage Due To Maintenance Update

On 11 July 2022, Rogers CEO Tony Staffieri apologised for the country-wide outage of its services.

He also said that the failure was due to “a maintenance update in our core network“. The maintenance work “caused some of our routers to malfunction early Friday morning“.

Fact #7 : Prior Rogers Outage Also Due To Software Update

This wasn’t the first time Rogers Communications’ network failed so drastically.

Just 15 months earlier – Rogers and its subsidiary, Fido, experienced a nationwide cellular service outage in April 2021.

That outage was ultimately traced to “a recent Ericsson software update” that “affected a piece of equipment in the central part” of their network, leading to “intermittent congestion impacting many customers across Canada“.

Fact #8 : It Would Have Been Considered An Act Of War

China attacking Canada’s mobile and Internet network would have been considered an act of war, if it was proven.

The Canadian government would at least have issued a strong statement, if not cut diplomatic ties with China and/or enact sanctions against the Chinese government.

Fact #9 : No One Else Reported This Story

China attacking Canada’s mobile and Internet infrastructure would have been major international news, reported across the globe.

Yet not only did no mainstream media cover this incredible story, it hasn’t even been reported in the usual conspiracy theory websites!

That’s because it was a fake story created by one publication – Vancouver Times, in their attempt to go viral again for more page views and ad money.

Fact #10 : There Is No Such Thing As A Publication Ban

Vancouver Times likes to use the “media blackout” claim, to explain why you can’t find any reputable media outlet reporting on China attacking Canada’s mobile and Internet infrastructure.

That’s utter and complete bullshit. No one – not a judge, not even the Canadian government – can control the worldwide media, or prevent anyone from writing about such an incredible story.

You can also be sure that even if the mainstream media in the Canada refused to run the story, it would have been reported by foreign media outlets, websites and blogs.

Yet, not a single foreign media outlet or online website published their account of this incredible story? That’s because IT NEVER HAPPENED…

Fact #11 : Mainstream Media + Big Tech Would Have Loved The Hype

Vancouver Times is gaslighting you about how mainstream media and Big Tech want to hide the “truth” about China attacking Canada’s infrastructure.

They would all loved such shocking news, because it would have driven tons of traffic and engagement to their websites / platforms.

In fact, that was precisely why Vancouver Times created the fake story – to drive traffic, for the ad money.

Everything that Vancouver Times publishes should be regarded as FAKE NEWS, until proven otherwise.

Please help us fight fake news websites like Vancouver Times – SHARE this fact check out, and SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

Leave a reply

A hacker is selling data on a billion Chinese citizens, that he stole from the Shanghai national police database!

Find out what’s going on, and what this data breach entails!

Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

A hacker who called himself “ChinaDan” posted in the Breach Forums that he hacked into the Shanghai National Police (SHGA) database and stole more than 23 terabytes of data.

He is offering to sell data on 1 billion Chinese citizens, including their name, address, birthplace, national ID number and mobile numbers, for 10 bitcoins – which is currently worth about US$204,285 / €200,227.

In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on billions of Chinese citizen.

Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.

He also posted a sample of 750,000 data entries from the three main indexes of the database, for potential buyers to evaluate.

Shanghai Police Database Left Unsecured For 14 Months!

ChinaDan claimed that the SHGA database was left unsecured on an Alibaba Cloud server. This was confirmed by several cybersecurity experts who had earlier stumbled upon the same database.

Even worse, the database was apparently left unsecured for at least 14 months! Vinny Troia – the founder of dark web intelligence first, Shadowbyte, said that he first discovered the SHGA database “around January” 2021.

Troia even downloaded one of the main indexes of the SHGA database, which contained information on nearly 970 million Chinese citizens (at that time).

And best of all – they made the data available to anybody who registers for an account!

The site that I found it on is public, anybody (could) access it, all you have to do is register for an account. Since it was opened in April 2021, any number of people could have downloaded the data.

Either they forgot about it, or they intentionally left it open because it’s easier for them to access. I don’t know why they would. It sounds very careless.

This Was Second Hack Of Shanghai National Police Database!

Bob Diachenko – a Ukrainian cybersecurity researcher – discovered the database independently in April, and noticed that the databased was attacked in mid-June by a hacker who copied the data, destroyed the copy on the server and left a ransom note demanding 10 bitcoins for its recovery.

By July 1, the ransom note disappeared, but only 7 gigabytes of data was available on the server, instead of the earlier 23 TB.

It is unknown if this data ransom “hack” was performed by ChinaDan, or a different hacker.

Diachenko said that the unsecured and exposed database continued to be used after that, until it was shut down over the weekend, after news of the data leak broke.

Maybe there was some junior developer who noticed it and tried to remove the notes before senior management noticed them.

This is shocking because it suggests that the database administrators were already aware of a prior breach, but did nothing to secure the database, or shore up cybersecurity measures.

Most Of China Affected By Shanghai Police Data Leak!

The Shanghai National Police data leak is currently the largest leak of public information ever.

It does not just cover people who live in, or have been in Shanghai. The database actually has information on over 70% of its 1.4 billion population in almost all counties in China.

The data contained information about almost all the counties in China, and I have even discovered data related to a remote county in Tibet, where there are only a few thousand residents.
– Yi Fu-Xian, a senior scientist at the University of Wisconsin-Madison

This massive data leak acutely demonstrates the risk of government collection of data. China notably collects a tremendous amount of data on its citizens, including digital and biological data through facial recognition, iris scanners, social media tracking and phone trackers.

Once such data is leaked, it is forever exposed, putting people at risk of scams, identity theft, or even extortion.

China Censors Coverage Of Shanghai Police Data Leak

The Chinese government and the Shanghai Police have both refused to comment on the massive data leak.

Instead, they started blocking related words on Weibo, like “Shanghai data leak”, “data leak”, “Shanghai national security database breach”, “1 billion citizens’ record leak”.

Censors have also scrubbed news on this data breach from WeChat, with one popular WeChat user telling his 27,000 followers that he had been summoned to be questioned by the police.

China’s major English-language media like CGTN, Global Times, Xinhua, etc. have also not published any story on the Shanghai police data leak, despite public interest and its wide-ranging consequences for China.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Enterprise | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : Nespresso 2022 Mother’s Day Contest!

Leave a reply

Please watch out for the Nespresso 2022 Mother’s Day contest scam!

Find out why it is just a SCAM, and WARN your family and friends!

Scam Alert : Nespresso 2022 Mother’s Day Contest!

People are now sharing the Nespresso 2022 Mother’s Day Contest scam on WhatsApp :

Nespresso 2022 Mother’s Day Contest

5,000 free coffee machines for your Mother!

Nespresso 2022 Mother’s Day Contest : Why This Is A Scam!

Many of us are in dire straits during this COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using the same survey scam they have been using for years :

Unfortunately, this Nespresso contest is yet another SCAM that you should NEVER participate in!

After you click on the link, you are taken to a page that looks like a genuine Nespresso contest page.
You will be asked to answer three very simple questions.
The answers are irrelevant – no matter what you answer, you are always allowed to proceed to the next step.
You are then asked to share the promotion with 30 WhatsApp contacts, or 5 WhatsApp groups.
Next, you will be asked to complete one of these tasks to receive the “free” Nespresso coffee machine :
a) install an app, which is really a malware to send you advertisements, or
b) enter your credit card details
Needless to say – proceeding with this step will open you up to great risk of monetary loss. DO NOT PROCEED!
If you install their malware, you will start receiving promotions, some of which will ask you to send an SMS to receive expensive free gifts like laptops and smartphones.
If you proceed to send the confirmation SMS messages, you will be subscribed and billed for international premium SMS services.

So never click on such contest links, even if they were sent to you by a trusted relative or friend.

They would have certainly been fooled by the scam, so please warn them too!

How To Spot Scams Like The Nespresso Survey Contest!

Now, let me show you how to spot these scams next time!

If you spot any of these warning signs, DO NOT PROCEED and DO NOT SHARE!

Warning Sign #1 : Bad Grammar

Most of these scammers do not have a good command of the English language, so if you spot bad grammar, stay away.

Proper contests or events sponsored by major brands like Nespresso will have at least one PR or marketing person who will vet the text before allowing it to be posted.

Warning Sign #2 : Offering You Free Money Or Gifts

Please do NOT be naive. No one is going to give you money or free gifts just to participate in a survey!

Petronas isn’t going to give you FREE money, just because it’s their anniversary.

They are a corporation whose business is to make money, not a charity to give you free money.

Warning Sign #3 : Not Using The Real Jaya Grocer Domain

A genuine Petronas campaign would use their real domain – www.petronas.com.

Or they would run it off the official Petronas page on Facebook – www.facebook.com/petronas/.

If you see nonsensical domains like 0yjjg61.cn, 1eaf1rnbeef.top, ldxqw.bar, etc. that’s a sign of a SCAM!

Warning Sign #4 : Asking You To Forward The Offer

No brand will insist that you must share the offer with 5 groups or 20 friends on WhatsApp.

Do not click to forward their offer to your family and friends. They will not appreciate being scammed with your help!

Warning Sign #5 : Asking You To Download + Register An App

If you click through and joined the fake survey scam, you will eventually be asked to download and register for an app.

This is VERY DANGEROUS. Never agree to download and register for any unknown app from a website.

Always download your apps from an official App Store like Google Play Store (for Android smartphones) and Apple App Store (for iPhones).

Please help us fight scams like this and SHARE this article out!

And please WARN your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Fact Check | Home Tech | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Watch Out For Nestle 2022 Anniversary Phishing Scam!

Leave a reply

Please watch out for the Nestle 2022 Anniversary phishing scam!

Find out why it is just a SCAM, and WARN your family and friends!

Nestle 2022 Anniversary Phishing Scam Alert!

People are now sharing the Nestle 2022 Anniversary message on WhatsApp (translated into English) :

CONGRATULATIONS!

Your family has been chosen to receive a lucky drag for the Nestle 2022 Anniversary at the Nestle office.

This contest has been approved by the Malaysian court / police, with the cooperation of Bank Negera Malaysia (BNM).

The link attached to the a website with the following instructions :

Winners must keep the PIN-CEK number as evidence for winner verification and prize collection
There are two ways to submit the contest form – through WhatsApp or this website.
The contest form must be completed with your details. Incomplete forms will be rejected by the sponsor without notice.
Every valid application will be shortlisted. There is no limit to the number of applications.
First Prize Winner : RM10,500
Second Prize Winner : RM9,300
Third Prize Winner : RM8,500
To redeem your prize, just use your WhatsApp to :
a) Fill in the Nestle winner application number
b) Fill in your full name and identity card number
c) Attach a clear picture of your BANK ATM CARD – front and back
d) Go to the nearest ATM machine, and WhatsApp the details above to +60124181128

Nestle 2022 Anniversary Phishing Scam : How Does It Work?

The Nestle 2022 Anniversary phishing scam is DANGEROUS. Please warn your family and friends to AVOID it.

Fact #1 : There Is No Such Nestle Giveaway!

There is no such anniversary giveaway by Nestle Malaysia. There is no reason for Nestle Malaysia to give out so much money.

They are a business, not a charity. They are in the business of selling you products, not giving you money.

Businesses do sponsor giveaway contests, but they are generally low value. Nestle Malaysia, for example, is currently giving away RM30 Shopee vouchers.

Fact #2 : Nestle Would Not Use Free Websites

Nestle is a large multinational company. It would not be using free website services like Wix.

Nestle Malaysia has its own website (https://www.nestle.com.my/) and Facebook page (https://www.facebook.com/Nestle.Malaysia) where they post official contests and promotions.

Always verify if a contest is genuine by visiting the official website / social media page.

Fact #3 : Nestle Would Never Ask For Pictures Of Your ATM Card!

Nestle, and any legitimate brand, would NEVER ask you to send them pictures of your bank ATM card!

Sending the pictures of your ATM card will allow them to clone the card, or trick bank staff into giving the scammers access to your bank account.

NEVER EVER SEND ANYONE PICTURES OF YOUR BANK ATM CARD!

Fact #4 : Nestle Would Never Ask You To Go To An ATM

No legitimate contest would require you to go to an ATM machine to receive money.

NEVER TRUST ANYONE WHO ASKS YOU TO GO TO AN ATM MACHINE.

Fact #5 : Nestle Would Never Ask For Your PIN / TAC

Nestle would never ask you for your ATM card’s PIN or any TAC number you may receive.

Giving out those details is how scammers get access to your bank account.

NEVER GIVE OUT YOUR PIN OR TAC NUMBER!

Fact #6 : This Lets Scammers Withdraw Money From Your Bank Account

I know many of us are in dire straits during this COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using such anniversary scams.

This particular Nestle 2022 Anniversary Scam is a real danger, because it will allow scammers to gain access to your bank account and withdraw money.

Also watch out for the other anniversary scams that I have covered over the years :

Please WARN your family and friends about these scams!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Business | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Why The Government Can’t Use MySJ Trace To Track You!

Leave a reply

People are worried that MySJ Trace lets the government track their location and movements 24/7.

Find out WHY this is simply not possible!

Claim : Government Can Use MySJ Trace To Track You 24/7

MySJ Trace is a new contact tracing feature that was just introduced in the MySejahtera app.

People are claiming that the government can use it to track your movements 24/7. Here is one example :

so the govt can trace our exact location at any given moment. great.

Though I guess there is probably several other apps or with the telcos help that they can already do exactly that.

Although surprisingly the police have been totally unable to locate the ex husband of Indira Gandhi or her children that the ex husband abducted, despite the court ordering the police to do so.

That’s really a typical response to any new MySejahtera feature – the government is introducing it to snoop on us. Our privacy is gone! They will know where we are!

Let’s find out what the facts really are…

Truth : No One Can Use MySJ Trace To Track You 24/7

The truth is – this is yet another example of FAKE NEWS being shared on WhatsApp, and here are the reasons why it’s not possible for anyone to use it to track you 24/7…

Fact #1 : MySJ Trace Only Tracks Your Proximity

MySJ Trace does not actually detect your location, which is why you still need to check into locations manually.

It only detects and logs the Bluetooth signals of nearby smartphones with MySJ Trace enabled, to determine how close they are and how long they remain in proximity.

MySJ Trace also broadcasts itself to nearby devices, so that they can log its presence, distance and length of contact.

Fact #2 : MySJ Trace Does Not Collect Location Data

MySJ Trace does not collect geolocation data, only these data:

Unique User ID (UUID) that is created by the MySejahtera app.
Operating system version (Android or iOS)
Time of contact
Received Signal Strength Indicator (RSSI)

The Malaysia Ministry of Health confirmed this in no. 17 of their FAQ, stating that “geolocation data will not be collected“.

So there’s no way for the government to actually know where you are using only MySJ Trace data.

Fact #3 : MySJ Trace Only Stores 14 Days Of Data

The data that MySJ Trace records is only stored for the last 14 days, on a first-in, first out (FIFO) basis.

All data older than the most recent 14 days are automatically purged.

So even if a hacker gains access to it, he/she will only have access to your proximity contact data for the last 14 days.

Fact #4 : MySJ Trace Does Not Transmit Your Data Automatically

The proximity contact data that MySJ Trace logs is NOT automatically transmitted to the Malaysia Ministry of Health (KKM).

Only when you are identified as COVID-19 positive, will you be asked to submit your proximity contact data for the last 14 days.

Fact #5 : MySJ Trace Data Is Stored + Used Only By KKM

Your proximity data that you upload will be stored in a secured database server managed by the Malaysia Ministry of Health (KKM).

Only KKM has access to your uploaded proximity data, which will be used to determine your close contacts so they can be notified.

Fact #6 : We Are Not That Interesting…

Frankly, most of us are not that interesting to the government. They are not interested in where you live or travel to, what you eat or buy, or even who you are sleeping with.

All that data is interesting and useful to corporations, but not the Malaysian government. Please remember – you are living in Malaysia, not China or North Korea.

Why would the government want to know where you are, or where you have gone, or who you have met?

Fact #7 : There Are Easier Ways To Find You…

Finally, the “fear” of the government using MySJ Trace to track where you are at all times is frankly, ludicrous because there are far easier ways to do it.

The truth is – our geolocation data is readily available to your mobile service provider, as well as cloud and social media service providers (Google, Facebook, Instagram, WhatsApp, etc.)

If the government really wants to know where you are, they can simply get a court order to force your mobile service provider to tell them where you are right now.

They don’t have to rely on an opt-in feature in the MySejahtera app, and wait until you submit your own proximity data…

Now that you know the facts, please TURN ON MySJ Trace, to improve contact tracing!

And please SHARE this fact check with your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Fact Check | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Steam Partially Blocked In China! What’s Going On?

Leave a reply

On Christmas Day 2021, Steam was partially blocked in China!

Did China just ban Steam? Let’s take a look at what’s going on…

Steam Partially Blocked In China, What’s Going On?

On 25 December 2021, while people were celebrating Christmas across the world, the Steam store and API domains (and subdomains) suddenly became inaccessible in China.

Store.Steampowered.com
Steamcommunity.com

According to SteamDB, the global Steam Store and API subdomains appear to experience “connection resets” on some Akamai IP addresses, which is typical for domains blocked by China’s Great Firewall.

However, the Steam client and other subdomains, including partner sites, continue to be accessible in China. So the Steam ban that everyone was reporting about, is only partial and intermittent.

Gamers in China can still play their games using the Steam client, and some users say that they are still able to access the Store and purchase games.

From what we understand, only port 443 is being blocked, and the connection is reset after a period of time. So it is an intermittent interference like what happened to GitHub.

The Steam China Store is not affected, but offers a far limited selection of games and features, as it was built to comply with the Chinese government’s strict regulations on games and Internet usage.

Steam Troubles In China : Warning Or Actual Ban?

The Steam downtime does not seem to be due to a DNS poisoning attack. Rather, it seems to be some kind of action sanctioned by the Chinese government.

The intermittent and partial nature of Steam’s downtime in China suggests that this isn’t an actual ban… yet.

Gamers, for example, can still continue to play games using the Steam client, and some could even access the global store and make game purchases, at least intermittently.

Interestingly, there has been no bombastic editorial from Global Times or any of the other Chinese state media, which suggests that this is a subtle warning to Steam to “play ball” with the Chinese government.

It could be related to the CCP’s crackdown on video games and Internet usage some three months ago :

Strict limits on how long minors can engage in online games – up to one hour per day, and only from 8 PM to 9 PM on Fridays, Saturdays, Sundays and legal holidays.
Real name registration of online game accounts – gamers must register using their real names.

Or it could be related to the strict approval of online games. China, for example, suspended video game approvals for 3 months in September 2021.

If so, access to the global Steam store may miraculously be restored in full once Steam has made the required “corrections” or at least committed to those “corrections”.

The global Steam store could also end up being banned for real, leaving only the minuscule Steam China Store to cater to China’s domestic consumption.

Either way, many netizens and gamers have expressed gratitude that they are living on the right side of the Great Firewall.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Gaming | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Why Facebook, Messenger, WhatsApp, Instagram Went Down!

Leave a reply

Facebook and ALL of its messaging and social media platforms went down for about six hours, including Messenger, WhatsApp and Instagram!

Find out why they all went down at the same time, and for so long!

Facebook, Messenger, WhatsApp, Instagram + More DOWN!

The entire slew of messaging and social media platforms owned by Facebook was inaccessible for about six hours, including :

Facebook
Facebook Messenger
WhatsApp
Instagram
Oculus
Workplace

The failure also extended to Facebook authentication, which you may be using to log into third-party apps and games, with Pokemon Go and Match Master gamers have reported problems logging in.

This left Twitter as the only major social media network still up and running, which is ironic since it became the only way for Facebook to reach out to the world…

To the huge community of people and businesses around the world who depend on us: we're sorry. We’ve been working hard to restore access to our apps and services and are happy to report they are coming back online now. Thank you for bearing with us.

— Facebook (@Facebook) October 4, 2021

This massive outage couldn’t come at a worse time for Facebook, whose stock slumped about 5.5% after former employee and whistleblower, Frances Haugen, leaked internal documents to the Wall Street Journal.

She also accused her former firm of repeatedly and knowingly allowing the proliferation of hate speech and misinformation for profit. Really tough times for Team Zuckerberg indeed…

Even Edward Snowden chimed in, saying that the world has become a healthier place for one shining day…

Facebook and Instagram go mysteriously offline and, for one shining day, the world becomes a healthier place. #facebookdown

— Edward Snowden (@Snowden) October 4, 2021

Why Did Facebook, Messenger, WhatsApp, Instagram, etc. Go DOWN?

This massive, unprecedented GLOBAL outage appears to be caused by a DNS (Domain Name Server) failure.

The DNS service “translates” the plaintext link we use (www.facebook.com for example) into its actual numerical IP address (123.123.123.123 for example), allowing your app or browser to connect to the right server.

Without a working DNS service, no one is able to connect to any Facebook-owned service because the Internet no longer knows how to locate the right server.

CloudFlare senior vice-president Dane Knecht shared that the Facebook BGP (Border Gateway Protocol) routes have been “withdrawn from the Internet”, causing failure to connect through CloudFlare’s DNS service.

. @Facebook DNS and other services are down. It appears their BGP routes have been withdrawn from the internet. @Cloudflare 1.1.1.1 started seeing high failure in last 20mins.

— Dane Knecht (@dok2001) October 4, 2021

This was likely due to a configuration error on Facebook’s side, but coming one day after the story broke on Frances Haugen? It would be folly to rule out internal sabotage or a rush to remove some controversial features before she testified to the US Congress.

The conspiracy theory that it was a DDOS (Distributed Denial-of-Service) attack by Anonymous or some vigilante group is really farfetched. It would require an incredible amount of resources and coordination to not only bring down Facebook, but all the other services as well… at the same time!

Facebook’s Vice-President of Infrastructure, Santosh Janardhan, later confirmed that “configuration changes” on their “backbone routers” caused the 6-hour long failure.

Our engineering teams have learned that configuration changes on the backbone routers that coordinate network traffic between our data centers caused issues that interrupted this communication. This disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt.

He also asserted that it was a faulty configuration change, and no user data was compromised.

Our services are now back online and we’re actively working to fully return them to regular operations. We want to make clear at this time we believe the root cause of this outage was a faulty configuration change. We also have no evidence that user data was compromised as a result of this downtime.

While he blamed “the underlying cause” for impacting their ability. to “quickly diagnose and resolve the problem”, it is notable that it took Facebook engineering teams more than 6 hours to resolve a DNS failure.

It is now believed that the changes were made to Facebook’s Border Gateway Protocol, a mechanism that exchanges routing information to help figure out the fastest route for any request.

Apparently, the changes “withdrew” Facebook services from the DNS system, making it impossible for anyone to connect to them.

Even worse, Facebook ran their own systems through the same servers, so everything from engineering tool, messaging services and even security systems that controlled the key fob locks were no longer accessible.

So their engineering team had to rush to their data centres to manually reset the servers there.

Needless to say, this will be a big wake-up call for their engineering teams, and in the words of Russell Peters – “Somebody’s gonna get a hurt real bad!”

It is also a big wake-up call for everyone using Facebook services. This massive outage is a reminder that we should NOT put all our eggs in one basket.

I believe it will at least temporarily spur the adoption of alternative messaging services like Telegram and Signal. Even Twitter should see a nice boost in Tweets and maybe new users.

Now, I’m not into conspiracy theories… but what are the odds of this failure happening just one day after Frances Haugen came out publicly against Facebook, and a day before she was set to testify before the US Congress?

Could these “configuration changes” be designed to remove some controversial features before Haugen’s testimony to the US Congress?

Could Facebook’s own engineering team have accidentally triggered the failure in their rush to remove those controversial features before she testified?

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Internet | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Jaya Grocer 20th Anniversary Scam Alert!

Leave a reply

Please watch out for the Jaya Grocer 20th Anniversary survey scam!

Find out why it is just a SCAM, and WARN your family and friends!

Jaya Grocer 20th Anniversary Survey Scam Alert!

People are now sharing these Jaya Grocer 20th Anniversary messages on WhatsApp :

Jaya Grocer 20th Anniversary!

Click to enter to participate in the survey, have a chance to win $1000!

Jaya Grocer 20th Anniversary!

Through the questionnaire, you will have a chance to get 2000 Ringgit .

Jaya Grocer 20th Anniversary Survey : Why This Is A Scam

Unfortunately, this is yet another survey scam, like the FamilyMart 70th Anniversary scam!

For one thing – Jaya Grocer was established in 2007, with its first outlet in Jaya 33 in Petaling Jaya 2007.

So they would only be celebrating their 20th anniversary in 2027!

Jaya Grocer also confirmed that this survey is a scam.

I know many of us are in dire straits during this COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using the same survey scam they have been using for years :

Now, let me show you how to spot these scams next time!

If you spot any of these warning signs, DO NOT PROCEED and DO NOT SHARE!

Warning Sign #1 : Bad Grammar

Most of these scammers do not have a good command of the English language, so if you spot bad grammar, stay away.

Proper contests or events sponsored by major brands like Jaya Grocer will have a PR or marketing person who will vet the text before allowing it to be posted.

Warning Sign #2 : Offering You Free Money Or Gifts

Please do NOT be naive. No one is going to give you money or free gifts just to participate in a survey!

Jaya Grocer isn’t going to give you FREE money, just because it’s their anniversary.

They are a corporation whose business is to make money, not a charity to give you free money.

Warning Sign #3 : Not Using The Real Jaya Grocer Domain

A genuine Jaya Grocer campaign would use their real domain – www.jayagrocer.com.

Or they would run it off the official Jaya Grocer page on Facebook – www.facebook.com/jayagrocer/.

If you see nonsensical domains like uglyarticle.club, ldxqw.bar, etc. that’s a sign of a SCAM!

Warning Sign #4 : Asking You To Forward The Offer

No brand will insist that you must share the offer with 5 groups or 20 friends on WhatsApp.

Do not click to forward their offer to your family and friends. They will not appreciate being scammed with your help!

Warning Sign #5 : Asking You To Download + Register An App

If you click through and joined the fake survey scam, you will eventually be asked to download and register for an app.

That is VERY DANGEROUS. Never agree to download and register for any unknown app from a website.

Always download your apps from an official App Store like Google Play Store (for Android smartphones) and Apple App Store (for iPhones).

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Business | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : COVID-19 Relief Fund By Federal Government!

Leave a reply

Please watch out for the COVID-19 Relief Fund by Federal Government scam!

Find out why it is just a SCAM, and WARN your family and friends!

Scam Alert : COVID-19 Relief Fund By Federal Government!

People are now sharing this COVID-19 RELIEF FUND message on WhatsApp :

Apply For The Covid-19 Relief Fund Provided By The Federal Government. Hurry Up, It takes few seconds to apply. Dont [sic] miss this opportunity.

Apply Here

Note : I added the Scam Alert overlay to prevent it from being further abused.

COVID-19 Relief Fund : Why This Is A Scam

I know many of us are in dire straits during this COVID-19 pandemic, having lost jobs, income or even loved ones. Unfortunately, scammers are counting on our desperation to prey on us.

I will now show you why this COVID-19 Relief Fund message is just another scam. Please warn your family and friends!

Fact #1 : No Global Relief Fund By Any Federal Government

When a scam tells you that “the federal government” is giving away money, you should always ask yourself – WHICH federal government???

No government in the world is giving away money to anyone across the world. Not even the three richest economies in the world – US, China and the EU – have a COVID-19 relief fund to give money away like that.

Fact #2 : The Three Questions Are A Red Herring

Most of these scams employ simple but useless questions to trick you into thinking that this is genuine. Look at the three questions this scam is asking :

What’s your age range?
How much money do you want to receive?
What’s your employment status?

In a real government relief programme, your eligibility status will be based on some official document – your identity card, driver’s licence, passport, etc.

No one is going to give you money simply because you answer a few questions. And NO ONE is ever going to ask you how much you want to receive!

Fact #3 : No Government Will Ask You To Invite Friends / Groups

A real government relief programme will NEVER ask you to invite friends and groups on WhatsApp, much less insist that you invite 15 friends or 5 groups before they give you money.

That’s a dead giveaway that this is a scam, and the scammers want you to help them scam other people. So NEVER invite your friends to join the scam.

Fact #4 : SNF Global Relief Initiative Is Not By Any Federal Government

To make the scam look legit, the scammers used the SNF Global Relief Initiative for the COVID-19 Pandemic graphics.

That initiative is not by any government, but by the Stavros Niarchos Foundation (SNF).

And just in case you are wondering, no, the SNF does not give away money to individuals. They only make grants to non-profit organisations and collaborative funds.

Fact #5 : The Domain Is New + Protected

If you check the domain “relief-fund.live“, you will see that it was only created on 24 March 2021.

Even more suspiciously, all contact and ownership details have been REDACTED FOR PRIVACY. That’s often a sign that the owners are worried about being sued or prosecuted.

Name: relief-fund.live
Registry Domain ID: ac787c4c5c19460696fa1bf46d133faa-DONUTS

Nameservers:
dns1.registrar-servers.com
dns2.registrar-servers.com

Registry Expiration: 2022-03-24 11:41:35 UTC
Updated: 2021-03-29 11:42:31 UTC
Created: 2021-03-24 11:41:35 UTC

Name: REDACTED FOR PRIVACY
Organization: Privacy service provided by Withheld for Privacy ehf
Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tel: REDACTED FOR PRIVACY
Fax: REDACTED FOR PRIVACY
Mailing Address: REDACTED FOR PRIVACY Capital Region REDACTED FOR PRIVACY IS

Fact #6 : The Comments Are Completely Faked

You may notice a bunch of comments at the bottom of the scam website. They are only there to trick you into thinking that other people received the money.

Try refreshing them. They will never change, unlike a real live comment stream. The time codes will not change either.

Try clicking on the Like option. Nothing will happen. Your Like will not register.

That’s because this is a fake comment stream. It’s all hardcoded and fixed.

Now that you know that this is just another scam, please warn your family and friends.

And please remember – no one gives away money like that. Don’t fall for these scams!

Help Support My Work!

If you would like to support my work, you can do so via bank transfer / PayPal / credit card.

Name : Adrian Wong

Credit Card / Paypal : https://paypal.me/techarp
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)

Thank you in advanced! ❤️

Go Back To > Fact Checks | Tech ARP

Support Tech ARP!

If you like our work, please support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Thank you!

Was US Soldier Caught Spreading COVID-19 In Wuhan?

Leave a reply

Was a US soldier caught spreading COVID-19 in Wuhan by smearing his saliva in a train?

Take a look at the viral video, and find out what the FACTS really are!

Was US Soldier Caught Spreading COVID-19 In Wuhan?

A video of an American soldier smearing his saliva on a train pole is circulating on social media, accompanied by this message :

Just to share this clip and its comments from China:

The surveillance cameras in Wuhan have a road map of the US soldiers and a video record of the time.

The American soldier had put on a mask during the military games. Began to spread the epidemic virus by subway.

If you look at the movement of that hand carefully, from the mouth to the armrest, you will know the evil and evil heart of Americans.

Poor Wuhan citizens are infected with the ruthless epidemic virus. ☝☝☝

The viral message implies that the Chinese have determined that Patient Zero is an American soldier who attended the 2019 Military World Games that was held in Wuhan, China from 18 to 27 October 2019.

It also implies that the Americans brought COVID-19 to Wuhan, and used one of their soldiers to spread it to the Chinese. And the video is the evidence.

Even the Chinese Foreign Ministry’s spokesperson Zhao Lijian pushed the same fake claim, saying, “When did patient zero begin in the US? It might be the US army who brought the epidemic to Wuhan!”

Well, all that is HOGWASH. Let us show you why…

US Soldier Spreading COVID-19 In Wuhan Hoax Debunked!

The truth is the video was recorded on 9 March 2020 in a Belgian subway, not October 2019 in Wuhan.

The man in the video was not a US soldier, but an intoxicated Belgian who licked his finger and rubbed it on the subway pole.

He was later arrested for doing that, and the train removed and disinfected.

This is just another piece of Chinese propaganda trying to shift the blame for the COVID-19 pandemic to the United States.

Please be wary of such fake news. China has been actively creating and sharing these fake videos and stories on social media.

Share this with your family and friends, so they won’t get fooled!

Why Is China Pushing This Fake US Soldier COVID-19 Story?

With China’s aggressive foreign policy moves in recent years, it is not uncommon to see fake pro-China, anti-America stories being created and shared.

Many believe it’s part of a concerted attempt to burnish China’s image overseas, and drown out negative coverage of China’s controversial Belt and Road Initiative, and their aggressive moves in the South China Sea..

China has also been blamed for not handling the initial COVID-19 epidemic better, and unfairly – for being the origin of this new virus.

Hence, they have been trying their best to deflect blame by casting aspersions unto others, using aggressive Wolf Warrior diplomacy tactics, propaganda outlets like GlobalTimes and CTGN, and their 50 Cent Army.

Help Support My Work!

If you would like to support my work, you can do so via bank transfer / PayPal / credit card.

Name : Adrian Wong

Credit Card / Paypal : https://paypal.me/techarp
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)

Thank you in advanced! ❤️

Go Back To > Fact Check | Health | Tech ARP

Support Tech ARP!

If you like our work, please support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Thank you!

Facebook Rolls Out Click To WhatsApp Ads!

Leave a reply

You may not have noticed this, but Facebook has started rolling out Click to WhatsApp ads!

Find out what this means for business and customers on Facebook, Instagram and WhatsApp!

Facebook Rolls Out Click To WhatsApp Ads!

WhatsApp founders may have promised not to monetise their platform by selling ads, but that was nine years ago, and before they sold out to Facebook in 2014.

At that time, Jan Koum promised that WhatsApp wouldn’t collect and share data of its users. That changed in 2016 and 2021.

So it seems inevitable that Facebook will eventually introduce ads in WhatsApp. They even accidentally let it slip (see below).

But for now, you can rest easy. They are only introducing Click to WhatsApp ads on Facebook and Instagram at the moment…

Originally kicking off in 2017, Facebook has started pushing Click to WhatsApp ads in Asia. Page owners may be surprised by reminders to connect their pages to WhatsApp.

Ignoring this reminder will invite the warning that you cannot run WhatsApp ads, or add a WhatsApp button to your Page.

We are not sure if that’s a Freudian slip, but Facebook actually mentioned WhatsApp ads. LOL!

Click To WhatsApp Ads : What Are They?

These are regular Facebook and Instagram ads, with the additional Send Message button.

Clicking on that button will open a conversation thread in WhatsApp with the Facebook / Instagram business owners (using the WhatsApp Business app).

This allows you to interact directly with the business, like you would using Facebook Messenger.

This makes it easier for businesses to reach the 1.5 billion WhatsApp users around the world, who will like how much easier it is to directly message them using WhatsApp.

On the other hand, it is likely to make it easier for scammers who are already leveraging Facebook ads to cheat people.

Go Back To > Business | Software | Tech ARP

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Scam Alert : CIMB Customers Hit By Fake SMS Messages!

Leave a reply

Scammers continue to target CIMB customers, using many different kinds of fake SMS messages.

Do NOT click or call if you receive any of these fake SMS messages!

And please warn your family and friends!

Scam Alert : CIMB Customers Hit By Fake SMS Messages!

Whether you are a CIMB Bank customer or not, you may receive one of these alarming SMS messages :

RM 0.00 CIMB: Confidential!

Dear CIMB users, your account will TERMINATED on 24/12/20. Verify via http://www.cimbclickikm.cc to keep on using CIMB Clicks services.

Please make verification within 24hours to avoid service interruption.

RM0 CIMB: Instant Transfer RM4998.78 to CHAY LEE FEN/HONG LEONG on 23-Dec-2020, 13:06:35. Call the no. at the back of your card for queries.

If you receive any of these SMS messages, please DO NOT click on the link, or call the number. JUST IGNORE THEM, or delete them.

RM0.00 CIMB: MYR 2968.00 was charged on your card num 4204 at Shopee.MY. If this is not your txn, call 1800-9767 now.

Cimb Your account is judged as high risk by the system, PLS re-verify your account. cimbclicksecurity.com

Note : These scams do not just affect CIMB Bank. In fact, all banks are affected :

Why These CIMB SMS Messages Are Fake

Let us show you how to identify these fake CIMB SMS messages.

If you spot any of these warning signs, BACK OFF and DO NOT PROCEED!

Warning Sign #1 : Grammatical Mistakes

If you carefully read the first SMS messages above, you can easily spot numerous grammatical mistakes. A bank will never send such poorly worded messages to their customers.

However, they may copy the real SMS message from CIMB to trick you into thinking that this is a real transaction. Such fake SMS messages will have proper grammar.

Warning Sign #2 : Embedded Links

Banks will NEVER embed links (URLs) into the message. If you see embedded links, always think – SCAM SMS!

Unlike the Public Bank SMS scam, they used a copy of the real SMS message to trick you into clicking the URL in the first message.

Warning Sign #3 : Wrong Links

And always check the link – www.cimbclickikm.cc and cimbclicksecurity.com are not the correct addresses for the CIMB Bank websites (www.cimbclicks.com.my or www.cimb.com.my).

The best policy is to manually key in the bank website address. NEVER click on any link in an SMS, even if it looks legit.

When you see any website with .cc links, be wary because the .CC domains are registered in the Cocos (Keeling) Islands – an Australian territory of only 14 km², with only about 600 inhabitants.

Warning Sign #4 : No Personal Login Phrase / Picture

To avoid phishing attacks, banks now give you a secret response (like a picture or a phrase) to confirm that you are visiting their legitimate website.

If the website you are visiting gives you the wrong picture or secret phrase, you have been tricked into visiting a fake website designed to mimic the real bank website.

You should also remember that the bank website must show you secret picture or phrase right after you enter your login, but BEFORE you key in your password.

If you are asked to key in your password without the website displaying the secret phrase or picture, you have been tricked into visiting a fake website designed to mimic the real bank website.

CIMB Advice To Protect Against Fake SMS / Email Scams

Here is a list of DOs and DON’Ts to protect yourself against fake SMS / email scams.

Please DO follow these good practices

Pay attention to your transaction alerts and check your account activities regularly. In case of any unusual activity, please contact us immediately.
If you wish to contact us, ONLY call the number on the back of your card or refer to CIMB website “Contact Us” page.
Always check the URL of the website that you are making purchases from. Ensure the “lock” icon or “https” appears on the website’s address bar.
Always find a reputable seller on online marketplaces by searching for reviews from other customers to know their experience.
To access CIMB Clicks, type the entire URL as follows: www.cimbclicks.com.my
Always remember to log out once you have completed your banking transactions.

Please DO NOT follow these bad practices

Don’t panic and give personal information to fraudsters impersonating representatives of government agencies etc. even if they deploy fear tactics. Immediately call the number on the back of your card to verify with CIMB.
Never apply for personal financing through unverified links or individuals promising a lower rate. CIMB does not impose any application charges for personal financing applications.
Never take instructions from anyone to change the mobile number in CIMB records to any number other than your own mobile number.
When transacting online, never continue with a purchase if you have any doubts if the seller is not genuine.
Never share details such as your card number / User ID / PIN / password / TAC with anyone or key them in in any website other than CIMB Clicks.
(Note: CIMB will never ask for your ‘User ID’, ‘Password’ or ‘TAC’ under any circumstances outside of CIMB Clicks).
Do not click on links or open email attachments from unknown / unreliable senders / sources.
(Note: Emails from CIMB will always end with @cimb.com such as cimb.marketing@cimb.com)

Go Back To > Cybersecurity | Business | Home

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Scam Warning : Public Bank Customers Hit By Fake SMS!

Leave a reply

Scammers continue to target Public Bank customers, using many different kinds of fake SMS messages.

Do NOT click or call if you receive any of these fake SMS messages!

Public Bank : Fake SMS Scam Warning! Do NOT Click / Call!

Whether you are a Public Bank customer or not, you may receive one of these alarming SMS messages.

Please DO NOT click on the link, or call the number. JUST IGNORE THEM, or delete them.

The safest thing to do is NEVER CLICK ON A LINK in any SMS. If you need to log into your bank account, key in the website address manually.

RM0 PBB/PIBB: Your PBB account will TERMINATED on 02Dec20 01:30:00 AM. Please make verification via http://www.mypbebank.cc to avoid service interruption. Verify now keep on using PBB services.

RM0 Credit Cash out RM3,000 form card ending no 7102 successful on 01 DEC. Information system sending. Call PBB 1800-81-9566 for any query

Warning: Your account is marked as insecure, please click Return PAC immediately to confirm that it is safe to use. (https://pbevip.vip/)

PBe Your account is in a high-risk state PLS log in immediately and return the PAC to protect your account security https://www.pbebanks.top

PBe Warning: Phishing URLs are frequent recently, PLS log in immediately to strengthen account security. 2Mar21 13:14 https://se1.pbevip.top/

PB e Your account is in a high-risk by the system, PLS re-verify your account https://pbbanks.red/ <security reminder is normal>

RM0 PIBB: Thank you for using your card ending 1098@senQ MYR 2899, Pls call 03-56260232 now, if you didn’t use it

RM0 PBB/PIBB: Trx amt MYR2699.00 @LAZADA for card ending 5738. Call PB 1-800-81-2337 now if didn t perform.

PBB: Your account is judged as high risk by the system. PLS re-verify your account https://www.pbebanks.asia/ <security reminder is normal>

PB e Alarm Your banking Suit now is marked as insecure, PLS re-verify your account https://online-pbebank.com <security reminder is normal>

Public Bank Fake SMS Scam : What Happens If You Click?

Clicking on the links will often lead you to a phishing website, a fake website designed to look like a Public Bank website.

You will be asked to key in your personal information, including your Public Bank user name and password. DO NOT KEY IN YOUR INFORMATION!

But if you are free and want to help screw these scammers, key in fake information as many times as possible.

Note : These scams do not just affect Public Bank. In fact, all banks are affected :

Public Bank : How To Identify Fake SMS Messages

With a little help from Public Bank, let’s show you how to identify fake SMS messages.

If you spot any of these warning signs, BACK OFF and DO NOT PROCEED!

Warning Sign #1 : Grammatical Mistakes

Read the two SMS messages above, and you can easily spot numerous grammatical mistakes. A bank will never send such poorly worded messages to their customers.

Warning Sign #2 : Embedded Links

Banks will NEVER embed links (URLs) into the message. If you see embedded links, always think – SCAM SMS!

Warning Sign #3 : Wrong Links

And always check the link – www.mypbebank.cc is not the correct address for the Public Bank website (www.pbebank.com)

When you see any website with .cc links, be wary because the .CC domains are registered in the Cocos Islands – an Australian territory of only 14 km², with only about 600 inhabitants.

The same goes for generic, top level domains like .TOP, .VIP, .TOP, .RED, .ASIA, etc.

Warning Sign #4 : No Personal Login Phrase / Picture

To avoid phishing attacks, banks now give you a secret response (like a picture or a phrase) to confirm that you are visiting their legitimate website.

If the website you are visiting gives you the wrong picture or secret phrase, you have been tricked into visiting a fake website designed to mimic the real bank website.

You should also remember that the bank website must show you secret picture or phrase right after you enter your login, but BEFORE you key in your password.

If you are asked to key in your password without the website displaying the secret phrase or picture, you have been tricked into visiting a fake website designed to mimic the real bank website.

Go Back To > Cybersecurity | Business | Home

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

macOS, iOS, iPadOS, Safari CVE-2021-1844 Bug : Fix It Now!

Leave a reply

Apple just rushed out macOS Big Sur 11.2.3, iOS 14.4.1, iPadOS 14.4.1 and Safari 14.0.3 to patch a critical security bug.

Find out what they fix, and why you need to update your MacBook, iPhone and iPad right away!

Apple Rushes Out macOS, iOS, iPadOS, Safari Critical Bug Fixes!

Released on 8 March 2021, macOS Big Sur 11.2.3 patches only one bug, which may mislead users into thinking that it’s not very important.

WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

On the same day, Apple also released iOS 14.4.1 and iPadOS 14.4.1 – both patching the same CVE-2021-1844 vulnerability.

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

Apple also released Safari 14.0.3, which patches the same vulnerability for macOS Catalina and macOS Mojave :

WebKit

Available for: macOS Catalina and macOS Mojave

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

Why Install These macOS, iOS, iPadOS, Safari Bug Fixes ASAP?

While they appear to only patch WebKit in macOS Big Sur, iOS, iPadOS and Safari, they are CRITICAL bug fixes that you need to install right away.

They patch the new CVE-2021-1844 vulnerability, which was discovered by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research.

This vulnerability allows a remote attacker to trigger a buffer overflow when the victim opens a specially-crafted web page, allowing the attacker to execute arbitrary code on the target system.

It is not known if this vulnerability has been exploited yet, but it is critical to install the new updates to prevent that from happening.

Go Back To > Software | Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

CD PROJEKT RED Hack : Source Codes + Docs Stolen!

Leave a reply

CD PROJEKT RED just had their source codes and internal documents stolen in a MAJOR HACK, and they may all end up being leaked!

CD PROJEKT RED Hack : Source Codes Stolen, Servers Encrypted!

On 9 February 2021, CD PROJEKT RED announced that their data – including source codes and internal documents – were stolen in a hack, and could possibly be leaked.

Their servers were also encrypted in a secondary ransomware attack by the same hackers, but they had backups of the encrypted data.

CD PROJEKT RED publicly ruled out negotiating with the hackers, or giving in to their demands.

This would likely mean that their source codes and internal documents will eventually be released publicly by the hackers.

The only silver lining – CD PROJEKT RED noted that they do not have any evidence that the personal data of their employees were accessed or stolen.

CD PROJEKT RED Hack : The Hackers’ Threats

According to the ransom note left on their servers, the hackers stole :

FULL source codes for Cyberpunk 2077, Witcher 3, GWENT and the unreleased version of Witcher 3.
ALL of their internal documents on accounting, administration, legal, HR, investor relations and more

They also encrypted all of their CD PROJEKT RED’s servers, but acknowledged that they would most likely recover the data from their backups.

The hackers are giving the CD PROJEKT RED team 48 hours to contact them to negotiate.

If there is no agreement, they threaten to sell or leak the source codes, and release their internal documents to the media.

They claim that the internal documents will make CD PROJEKT RED look bad, causing their stock prices to fall and their investors will lose trust in them.

CD PROJEKT RED : Official Statement On Hack

This is the official statement by CD PROJEKT RED on the hack :

Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.

An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.

We will not give in to the demands nor negotiate with the factor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.

We are still investigating the incident, however at this t time we can confirm that – to the best of our knowledge – the compromised systems did not contain any personal data of our players or users of our services.

We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate the incident.

Go Back To > Cybersecurity | Games | Software | Home

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Ministry of Education Website Uses Plain Text CAPTCHA!

Leave a reply

It is unbelievable, but the Malaysia Ministry of Education’s website uses plain text CAPTCHA that can be copied and pasted!

Take a look at this incredulous security lapse, and find out why it could put your data at risk!

Ministry of Education Website Uses Plain Text CAPTCHA!

The recent threat by Anonymous Malaysia to attack government websites over their lack of security appears to be well-justified.

Qusyaire Ezwan spotted an incredulous security lapse in the official Malaysia Ministry of Education website – plain text CAPTCHA!

On top of that, the code can actually be copied and pasted!

Ministry of Education Plain Text CAPTCHA : A Serious Cybersecurity Risk!

The CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) test is something most of us are familiar with.

It is a test that helps to identify real humans, and weed out bots, before they are allowed to access a service. This prevents bot fraud and hacking attempts.

In the Ministry of Education website, the plain text CAPTCHA was used to “secure” the retrieval of forgotten passwords for their Student Management Module.

A real CAPTCHA uses distorted images to prevent a bot from “reading” the numbers or letters, thereby ensuring that only a real human being would be able to key in the correct code.

As this screenshot shows, the CAPTCHA used in the Ministry of Education website just uses random sequences of letters and numbers in PLAIN TEXT!

This means a bot can easily copy and paste the plain text code, and bypass the CAPTCHA test.

Frankly, this doesn’t even qualify as a CAPTCHA test, because it cannot differentiate between humans and bots.

Now, the password is still sent to the registered email accounts, not to the hackers or bots. So your data is not in immediate danger.

However, this is still a SERIOUS cybersecurity risk, because a hacker can pair this design flaw with compromised email accounts.

It would allow their bots to easily and quickly make password retrieval requests for compromised email accounts, and then retrieve your Ministry of Education password.

Having access to the Student Management Module would give hackers access to a ton of information on children and their parents :

child : name, date of birth, telephone number, home address
school : location, class name, teacher’s name,
parent : name, occupation, workplace address, contact number, declared salary

On top of that, many people reuse their passwords, so hackers will use the password retrieved from the Ministry of Education website on other websites and online services you may use.

If you use the same password for your banking account, for example, that would expose your banking account to the hacker.

That is why CAPTCHA is important. It doesn’t prevent hacking attempts, but it greatly slows it down by blocking bots from making mass requests.

The use of plain text CAPTCHA in an official government website is a fiasco. A basic cybersecurity checklist would have prevented software vendors from using plain text CAPTCHA in government websites.

The Malaysian government needs to take the security of official websites seriously. This is a disgrace.

Go Back To > Cybersecurity | Software | Home

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Why You Should NOT Move WhatsApp Chats To Telegram!

Leave a reply

Telegram just highlighted the ability to migrate WhatsApp chats to their app, but you really should NOT do that.

Find out why this is a BIG security and privacy risk than just leaving your chats in WhatsApp!

Telegram : Moving Chat History From WhatsApp, Line + KakaoTalk

In a recent version 7.4 update for their iOS app, Telegram announced a new feature – the ability to move your chat messages from other apps like WhatsApp, Line and Kakaotalk to their app.

Curiously, that ability has actually been part of WhatsApp since 2018, when they introduced the ability to export chats to email and other apps.

And while this feature is purportedly available only with the iOS version of Telegram Messenger, you can already do that with existing versions of WhatsApp and Telegram.

Why You Should NOT Move WhatsApp Chats To Telegram!

You should note that the privacy risks with WhatsApp have been grossly exaggerated by the media and many Internet “experts”.

For one thing – WhatsApp users have been sharing metadata with Facebook since September 2016, a fact initially lost on many media outlets and “experts”.

But we understand the fear – Facebook is a real snoop. Even so, it would be a mistake to migrate from WhatsApp to Telegram.

Let us share with you why you should NOT migrate from WhatsApp to Telegram, and why it is a BIG mistake to migrate your WhatsApp data to Telegram.

Fact #1 : Telegram Is LESS Secure Than WhatsApp

WhatsApp fully implemented end-to-end encryption across all of their apps and network since 5 April 2016.

End-to-end encryption prevents WhatsApp or Facebook from reading your messages. Only the sender and receiver(s) can read them.

WhatsApp shares a considerable amount of data and metadata that Facebook can use to identify and track your movements and activities. But not the content of your messages.

Telegram, on the other hand, has STILL NOT implemented end-to-end encryption for all messages by default.

Instead, they still insist on offering end-to-end encryption only when you create a Secret Chat.

This leaves the bulk of your messages completely readable by Telegram and anyone who intercepts those messages as they travel from your device through the Internet to the recipient.

The very presence of Secret Chats between certain people is itself metadata that can help oppressive regimes identify their enemies or whistleblowers.

Fact #2 : Your Data Is Stored In Telegram Cloud Servers

All WhatsApp data is stored only in your registered device. WhatsApp also does not retain messages in their servers after they are delivered, and will only store files (like photos and videos) and undelivered messages for 30 days.

It’s the opposite with Telegram – all of your data – messages, photos, videos, documents – is stored in their cloud servers. Even though they are encrypted in storage, Telegram holds the encryption keys, NOT YOU.

This ability has its advantages like convenient access across multiple devices, but it also makes Telegram less secure.

Telegram has access to your encrypted files, including the ability to decrypt them for authorities that legally compels them to do so.

Fact #3 : Moving Your Messages + Media To Telegram Exposes Them

While your chats and media remain within your WhatsApp app, they are encrypted and not available to anyone but yourself (and the recipients).

Migrating your chat messages and media to Telegram would involve sending them unencrypted to Telegram’s servers.

This exposes your hitherto secure chats and media to a man-in-the-middle attack – allowing a third party to snoop or grab a copy of the data as it travels unencrypted to the Telegram servers.

Fact #4 : Facebook Already Has Your Metadata

As we pointed out earlier, WhatsApp has been sharing our metadata with Facebook since September 2016.

So moving your existing chats out of WhatsApp won’t limit or reduce your exposure. That horse has long bolted from the stable.

Moving your chat history and files to Telegram will just offer a new attack surface for cybercriminals and oppressive regimes.

Fact #5 : Facebook Will Still Have Your Data If You Still Use Facebook!

Here is the other thing that people don’t realise – migrating from WhatsApp to another messaging app is pointless if you do not also stop using Facebook.

As long as you still use Facebook, they will still have access to a consideration amount of metadata. Losing your WhatsApp metadata just gives them less metadata.

After all, Facebook can track your movements and activity even if you are NOT on Facebook! This is what they call Off-Facebook Activity.

Go Back To > Cybersecurity | Software | Home

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Hello? WhatsApp Is Already Sharing Data With Facebook!

Leave a reply

People are worried that a new WhatsApp privacy policy update will force them to share data with Facebook.

Well, here’s the real surprise – don’t you know that WhatsApp is already doing that?

Find out what’s going on, and what WhatsApp is really changing…

New WhatsApp Privacy Policy : Share Data With Facebook?

Many of you may have woken up to this pop-up on WhatsApp, alerting you to a change in its terms and privacy policy, which takes effect on 8 February 2021.

While you can delay the decision by clicking NOT NOW, you have to accept the new terms and privacy policy, to continue using WhatsApp.

Otherwise, the alert subtly suggests, you should “delete your account”.

Hello? WhatsApp Is Already Sharing Data With Facebook!

Many WhatsApp users are shocked by this new development, and pondering about whether they should jump to Telegram or some other instant messenger.

What’s more egregious though is that many websites are “warning” their readers about this new, shocking development.

The fact of the matter is – WhatsApp has been sharing data with Facebook for years!

In The Beginning : Private Communication Assured

After Facebook bought WhatsApp for a cool US$19 billion, Jan Koum set the record straight on 17 March 2014 :

Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible: You don’t have to give us your name and we don’t ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that.

2016 : WhatsApp Starts Sharing Data With Facebook

In August 2016, WhatsApp announced that they would start sharing data with Facebook, after rolling out end-to-end encryption.

[B]y coordinating more with Facebook, we’ll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook’s systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them. For example, you might see an ad from a company you already work with, rather than one from someone you’ve never heard of.

At that time, WhatsApp offered existing users a special one-time only option to opt-out of the data sharing, but only if they did it within 30 days.

If you are an existing user, you can choose not to have your WhatsApp account information shared with Facebook to improve your Facebook ads and products experiences. Existing users who accept our updated Terms and Privacy Policy will have an additional 30 days to make this choice by going to Settings > Account.

If you did not opt-out within 30 days back in August 2016, your data would be shared with Facebook.

This opt-out option was NOT provided to new WhatsApp users who registered on or after 25 August 2016.

After 24 September 2016 : WhatsApp Has Been Sharing Data With Facebook

With the singular exception of existing users who managed to opt-out by 24 September 2016, the data of every other WhatsApp user has been shared with Facebook.

8 February 2021 Onwards : More Information Is Shared

What will really change from 8 February 2021 onwards is the additional information that WhatsApp will share with Facebook :

Status Information. You may provide us your status if you choose to include one on your account. Learn how to use status on Android, iPhone, or KaiOS.
Transactions And Payments Data. If you use our payments services, or use our Services meant for purchases or other financial transactions, we process additional information about you, including payment account and transaction information. Payment account and transaction information includes information needed to complete the transaction (for example, information about your payment method, shipping details and transaction amount). If you use our payments services available in your country or territory, our privacy practices are described in the applicable payments privacy policy.
Location Information. We collect and use precise location information from your device with your permission when you choose to use location-related features, like when you decide to share your location with your contacts or view locations nearby or locations others have shared with you. There are certain settings relating to location-related information which you can find in your device settings or the in-app settings, such as location sharing. Even if you do not use our location-related features, we use IP addresses and other information like phone number area codes to estimate your general location (e.g., city and country). We also use your location information for diagnostics and troubleshooting purposes.
User Reports. Just as you can report other users, other users or third parties may also choose to report to us your interactions and your messages with them or others on our Services; for example, to report possible violations of our Terms or policies. When a report is made, we collect information on both the reporting user and reported user.
Businesses On WhatsApp. Businesses you interact with using our Services may provide us with information about their interactions with you. We require each of these businesses to act in accordance with applicable law when providing any information to us.When you message with a business on WhatsApp, keep in mind that the content you share may be visible to several people in that business. In addition, some businesses might be working with third-party service providers (which may include Facebook) to help manage their communications with their customers. For example, a business may give such third-party service provider access to its communications to send, store, read, manage, or otherwise process them for the business. To understand how a business processes your information, including how it might share your information with third parties or Facebook, you should review that business’ privacy policy or contact the business directly.

Opted Out In 2016? It Is Still Honoured!

WhatsApp will apparently continue to honour the decision of those who opted-out of data sharing in August 2016.

For those who opted out, you can agree to the new policy, and your data will still NOT be shared with Facebook.

To check if you opted-out in August 2016, you will need to check in your WhatsApp account – Settings > Account > Request Account Info.

Go Back To > Cybersecurity | Software | Home

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Lazada RedMart Data Breach : What You Need To Know!

Leave a reply

Lazada just admitted that a data breach involving their RedMart customer database that could affect some 1.1 million customers!

Find out what happened, and what it could mean for Lazada and RedMart customers!

Lazada RedMart : What Is It?

RedMart is an online grocery platform in Singapore that was founded in August 2011.

Lazada acquired RedMart in November 2016, and started to integrate it into their platform in March 2019.

This March 2019 date is important, because that was when the RedMart database was last updated.

Lazada RedMart Data Breach : What Happened?

The Lazada RedMart database was spotted for same in an online forum, amongst many other databases stolen from other e-commerce websites.

In this screenshot, you can see that it claims to have details on 1.1 million Lazada RedMart customers :

Email address
Password
Mailing address
Name
Phone number
Partial credit card information

Picture Credit : CNA

In a statement posted on 30 October 2020, Lazada confirmed the data breach involving their RedMart database.

They assert that only the old RedMart database that was “18 months out of date” when it was last updated in March 2019.

Singapore, 30 October 2020 – Lazada places great importance on protecting your personal information, and we value the trust you have placed with us. On 29 October 2020, as part of our proactive monitoring, our cybersecurity team discovered a data security incident in Singapore, involving a RedMart-only database hosted on a third-party service provider. The customer data hosted on this database is more than 18 months out of date as it was last updated in March 2019.

The customer information that was illegally accessed include the names, phone numbers, emails, addresses, encrypted passwords and partial credit card numbers of RedMart customers. We have taken immediate action to block unauthorised access to the database. This data was used on the previous RedMart app and website, which are no longer in use. Lazada customer data in Southeast Asia is not affected by this incident.

Protecting the data and privacy of our users is of utmost importance to us. Apart from reviewing and fortifying our security infrastructure, we are working very closely with the relevant authorities on this incident and remain committed to providing all necessary support to our users.

We want to be transparent about this incident with all of our customers and reassure you that we are taking it seriously.

They also set their platform to log out all Lazada users, and require them to register a new password.

They are also warning their users to be on the alert for spam mails requesting personal information.

Lazada RedMart Data Breach : What’s The Implication?

A Data Breach Is A Data Breach Is A Data Breach

Lazada may claim that the data and privacy of their users are of the utmost importance, but the data breach says otherwise.

They left a database they no longer used since March 2019 on a third-party service provider, and accessible online all this time.

Any half-decent cybersecurity specialist would have told them to take the database offline, unless it was essential to the operation of the website.

Closing The Barn Door After The Horses Have Bolted

Lazada immediately blocked unauthorised access to their RedMart database, but that’s like closing the barn door after the horses have bolted.

Once the data was stolen, all it does is prevent other attackers from stealing the data for themselves.

Lazada Migrated RedMart Users In March 2016

It seems a little disingenuous for Lazada to announce that the data was used in “the previous RedMart app and website, which are no longer in use“.

They appear to have migrated RedMart users to Lazada on 15 March 2016 using the same data that was just stolen.

Unless RedMart users changed their passwords, addresses, phone numbers, email addresses or credit card details AFTER they were migrated to the Lazada platform, they remain exposed by the data breach.

The Data Isn’t Necessarily Outdated

Most of us don’t change our logins and passwords that often. And we often reuse the same login and password combination for different websites.

So it is scant assurance that their RedMart database was last updated in March 2019, even if we take their word that it was more than 18 months out of date.

This data breach exposes all affected RedMart users to the possibility of their other accounts being breached as well.

Only Ex-RedMart Users Affected

The only saving grace we can see here is that it looks like only former RedMart users are affected by this data breach.

That means Lazada users who never registered or used the RedMart app or website are not affected.

Lazada RedMart Data Breach : What Can You Do?

If you ever registered for, or used, RedMart before their migration to the Lazada platform in March 2016, we highly recommend that you :

change your Lazada password
change the password of accounts that use the same password as your Lazada / RedMart account
do NOT click on links in emails warning you about this data breach and asking you to change your password
do NOT respond to calls or messages warning you about this data breach
do NOT respond to requests for personal information

Go Back To > Cybersecurity | Business | Home

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

BitiCodes / Biti Codes : Fake Celebrity Endorsements

Avast Explains How BitiCodes Scam Works

Please Support My Work!

Recommended Reading

Support Tech ARP!

Tenaga Nasional 33th Anniversary Survey Scam Alert!

Tenaga Nasional 33th Anniversary Survey : Why This Is A Scam!

Please Support My Work!

Recommended Reading

Support Tech ARP!

Scam Alert : Fake Damar Hamlin Donation Requests!

Damar Hamlin Donation Shifted From GoFundMe To Website

The Real Damar Hamlin Donation GoFundMe Page!

Damar Hamlin Donation Not Used To Support His Mother’s Daycare

Please Support My Work!

Recommended Reading

Go Back To > Cybersecurity | Sports | Tech ARP

Support Tech ARP!

Watch Out For TNG eWallet SMS Phishing Scam!

How TNG eWallet SMS Phishing Scam Works!

Please Support My Work!

Recommended Reading

Go Back To > Cybersecurity | Money | Tech ARP

Support Tech ARP!

Maybank To Fully Migrate SMS OTP To Secure2u!

Details Of How Maybank Secure2u Will Replace SMS OTP

Maybank Advice On Fighting Scam

Please Support My Work!

Recommended Reading

Go Back To > Business | Cybersecurity | Tech ARP

Support Tech ARP!

BNM : Banks To Stop Using SMS OTP To Fight Scams!

BNM : More Measures Beyond SMS OTP To Fight Scams!

Please Support My Work!

Recommended Reading

Go Back To > Business | Cybersecurity | Tech ARP

Support Tech ARP!

Why You Should Turn On Two-Step Verification In Telegram?

How To Turn On Two-Step Verification In Telegram!

Please Support My Work!

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

Support Tech ARP!

Telegram Screenshot Hack : New Twist To Old Trick

Telegram Screenshot Hack : How To Prevent It?

Telegram Screenshot Hack : How To Recover Your Account?

Please Support My Work!

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

Support Tech ARP!

Claim : Greeting Photos + Videos Can Hack Your Phone!

Truth : Greeting Photos + Videos Cannot Be Hack Your Phone!

Please Support My Work!

Recommended Reading

Go Back To > Cybersecurity | Fact Check | Tech ARP

Support Tech ARP!

Meta Accuses Malaysia Police Of Running Political Troll Farm!

PDRM Denies Meta Accusations Of Running Political Troll Farm!

PDRM Troll Farm : Is That Even Legal?!

Please Support My Work!

Recommended Reading

Go Back To > Cybersecurity | Business | Tech ARP

Support Tech ARP!

Chinese Netizens : WPS Office Is Monitoring + Blocking Our Documents!

WPS Office Admits Blocking File Access

WPS Office Not The Only Cloud Provider Monitoring Content

Please Support My Work!

Recommended Reading

Go Back To > Fact Check | Science | Tech ARP

Support Tech ARP!

Claim : China Responsible For Mobile + Internet Outage In Canada!

Truth : Canada Internet Outage Due To Software Update, Not China!

Please Support My Work!

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

Shanghai Police Database Left Unsecured For 14 Months!

This Was Second Hack Of Shanghai National Police Database!

Most Of China Affected By Shanghai Police Data Leak!