Tag Archives: Security

PDRM Warning : Watch Out For MyBayar Scam!

PDRM is warning motorists not to fall for the MyBayar scam! Here is what you need to know about the MyBayar PDRM scam!

PDRM Warning : Watch Out For MyBayar Scam

On 7 August 2023, the Cyber Crime division of the Royal Malaysia Police (PDRM) posted an alert warning motorists not to fall for the MyBayar scam.

The MyBayar PDRM scam starts with an official-looking email that warns motorists that they have been caught contravening the law, and offers a cheap RM50 fine if paid within 5 days:

Last notice of contravention before prosecution

Dear recipient,

We are writing to draw your attention to a recent traffic violation in Malaysian jurisdiction.

Our traffic enforcement staff have observed your vehicle parked in a no-parking zone. This contravenes section (no. 2016-691] of the Road Traffic Act.

As a result of this infringement, a fine of MYR 50 has been imposed. This fine must be paid within 5 days of the date of this notification to avoid further legal consequences.

Failure to pay the fine within the allotted time may result in legal proceedings being taken against you, which could lead to increased fines, penalties and the possible suspension of your driving license.

MyBayar PDRM Scam : How Does It Work?!

Many people who received the MyBayar PDRM email might be shocked to find out that they were caught committing a traffic violation, and then relieved that it was only RM50 if they paid quickly.

That’s how the scammers trap their victims – by offering a cheap RM50 fine, when we all know that fines for traffic offences are at least RM150, and can go all the way up to RM1,000!

Those who received this fake MyBayar PDRM email would be tempted to quickly pay the cheap RM50 fine, before it becomes a lot more expensive!

But if you take a closer look at the email, you will spot some problems with it:

Weird English : The email title of “Last notice of contravention before prosecution” is nonsensical.
Typo in the name : The fake email used My Bayar PDRM, instead of MyBayar PDRM.
Lack of name and personal details : The fake email refers generically to “Dear recipient“, without listing your full name and MyKad number.
Lack of vehicle details : The fake email doesn’t mention the vehicle make and plate number.
Lack of location details : The fake email does not mention where the offence occurred, or even when it occurred.
Fine is much too low : PDRM traffic fines are never as low as RM50. The cheapest fine is RM150 for Category 4 offences, but you can pay as low as RM70 within 15 days.
No such law : The fake email refers to the Road Traffic Act. There is no such act in Malaysia. The proper name is the Road Transport Act 1987 (Act 333).
No such section : If you look at the Malaysia Road Transport Act 1987 (PDF download), you will see that there is no such thing as Section 2016-691.

The email appears to be from My Bayar PDRM (typo in the name), but if you inspect the email address, you will see that it was sent by “in-to-no-reply@silverbackgames.xxx” or “hello@sooqr.com” or some other email address.

Obviously, this email did not originate from an official PDRM email address! This should immediately tell you that this is a fake or scam email!

If you click on the Pay My Fine link in the scam email, you will be taken to a fake My Bayar PDRM website (with the same typo in the name).

You may notice that you now have 7 days to pay the RM 50 fine, instead of just 5 days in the email. Odd, isn’t it?

Also odd is the fact that the page does not mention your name, your MyKad number, your vehicle type and model, or even its plate number! The page also doesn’t mention where the offence took place, or the time you were caught committing said offence.

Do NOT proceed after this point… This is a scam website!

But if you have itchy fingers, and click on the Pay The Fine button, you will be asked to pay for the RM50 fine using your debit or credit card.

Needless to say, PLEASE DO NOT SUBMIT YOUR DEBIT / CREDIT CARD DETAILS!!!

If you provide these scammers with your debit / credit card details and TAC / OTP numbers, they will be able to charge ANY AMOUNT they want to your credit card, or withdraw ANY AMOUNT they want from your bank account!

It’s even worse if you are asked to log into your bank account to pay the fine. DO NOT DO THAT!

If you provide them with your bank login and password, as well as OTP/TAC number, these scammers will be able to transfer money out of your bank account!

Please note – this is a scam! This is a phishing attack to gain access to your credit card and/or bank account.

Regardless of how you get any notification from PDRM about any traffic offence you may have committed, you should always check the status through these official MyBayar PDRM options:

MyBayar PDRM website : https://mybayar.rmp.gov.my/
MyBayar PDRM app for Android : Google Play Store
MyBayar PDRM app for iOS : Apple App Store

Please SHARE this warning with your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Automotive | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How WithSecure Offensive Security Drives Business Resilience!

Leave a reply

Find out how WithSecure harnesses the power of offensive security to drive business resilience and enhance protection for its clients!

WithSecure Drives Business Resilience Through Offensive Security!

WithSecure (formerly known as ‘F-Secure Business’) is harnessing the power of offensive security in its co-security and co-monitoring products and services. This revolutionary approach is designed to anticipate and mitigate cyber threats by understanding them from an attacker’s perspective.

During the SPHERE security conference 2023, WithSecure’s Chief Product Officer, Antti Koskela, shed light on their game-changing offering called ‘attack surface management.’ This managed service offers a comprehensive view of vulnerabilities in a company’s cloud-based estate.

As a result, WithSecure’s focus on the digital perimeter empowers businesses to reduce their overall attack surface, enhancing their cybersecurity posture in the ever-evolving threat landscape.

How WithSecure Offensive Security Drives Business Resilience!

WithSecure also introduced three groundbreaking services that amplify their commitment to ‘outcome-based security’ and ‘co-security’. This groundbreaking development was revealed by WithSecure Executive Vice President (Solutions) Scott Reininga, also at the SPHERE security conference 2023.

Reininga underscored WithSecure’s unparalleled expertise in offensive security, revealing that they are the home of one of the world’s most proficient offensive security teams. This team, a fusion of penetration testers (pentesters), red, blue and purple teamers, has profound knowledge of adversary tactics, tradecraft, and techniques.

Penetration testing is a cybersecurity practice that aims to discover vulnerabilities in a system by simulating controlled attacks. Their goal is not to cause damage but to pinpoint weaknesses for rectification. This proactive method, which can involve exploiting software vulnerabilities or simulating social engineering tactics, is key in any comprehensive cybersecurity strategy, offering a practical evaluation of potential risks rather than a theoretical one.

Our relentless pursuit of research and system testing allows us to uncover system vulnerabilities proactively. This crucial data is the building block of our products that are proactive, minimally disruptive, and crafted from the perspective of an attacker.

– Scott Reininga, WithSecure Executive Vice President (Solutions)

These insights were unveiled by Reininga during his recent product launch event titled ‘Co-security and co-managed services for partners’. He was joined on stage by WithSecure Vice President (Offering and Customer Experience) Niko Isotalo.

Expanding on WithSecure’s strategic approach, Isotalo said that the company’s outcome-based security framework model “connects Chief Information Security Officers (CISOs) and board members, offering clarity about the interplay between security outcomes and business objectives.”

This alignment clarifies the indispensable role of security in the core business framework to board members.

– Niko Isotalo, WithSecure Vice President (Offering and Customer Experience)

Reininga and Isotalo unveiled the three new offerings during their joint session. The first, termed “co-monitoring,” is a partnership model. WithSecure validates the genuineness of security incidents before alerting the duty manager, effectively curbing false alarms.

WithSecure collaborates with clients to supervise their digital ecosystems, particularly during periods when they are stretched thin on resources. This service, providing support beyond standard working hours, can also deliver round-the-clock monitoring if necessary.

Isotalo further introduced the second service, incident readiness software, recognising that many organisations lack comprehensive incident readiness plans.

Our software simplifies the creation, testing, and updating of such plans, which serve as essential shields against cyber threats.

Focusing on the urgency of immediate incident response, Reininga introduced the third service, an incident response retainer.

Our incident response retainer provides unlimited incident response within the critical initial 72 hours of an event. We eliminate the need for negotiation about budget and resource allocation.

We engage consultants rapidly, supported by our globally lauded 24/7 incident response team and top-tier threat intelligence unit, guaranteeing our customers industry-leading service level agreements (SLAs).

By integrating offensive security acumen, co-monitoring capabilities, incident readiness software, and swift incident response, WithSecure empowers organisations to effectively safeguard their digital assets and curtail the impact of potential breaches.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Business | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

WithSecure Takes Offensive Security Approach To Cloud Threats!

Leave a reply

WithSecure is harnessing the power of the offensive security approach in tackling evolving cloud threats!

WithSecure Takes Offensive Security Approach For Cloud Threats!

In a shifting cybersecurity landscape, WithSecure (formerly known as ‘F-Secure Business’) is harnessing the power of offensive security in its co-security and co-monitoring products and services. This revolutionary approach is designed to anticipate and mitigate cyber threats by understanding them from an attacker’s perspective.

During the recent SPHERE security conference 2023 in Helsinki, Finland, WithSecure’s Chief Product Officer, Antti Koskela, shed light on this approach.

We’ve done identity assessments for many cloud-based companies, unveiling weaknesses in their cloud platforms.

Our offensive security approach is about understanding the attack surface of a cloud-based estate. We focus on the digital perimeter, which is crucial to reducing the overall attack surface.

Koskela went on to explain that WithSecure has distilled this insight into an innovative managed service offering called ‘attack surface management’. This service provides a comprehensive view of a company’s vulnerabilities, including IP addresses, port vulnerabilities, exposed APIs and web services, identity matters, patching levels and more.

With more open architecture, control over your attack surface becomes paramount. ‘Zero trust’ alone isn’t the answer as human errors happen. Our holistic approach helps mitigate this.

WithSecure’s product suite integrates various cloud-native solutions to deliver protection based on specific client requirements. This collaborative process, termed ‘co-security’, is driven by the security and business outcomes defined by the clients. Koskela emphasised the tripartite focus of their solution:

It’s about process, people, and technology. We collaborate to secure the outcomes, letting company directors steer the course of business.

Our WithSecure Elements platform is the cornerstone of our technology, built collaboratively with our clients.

Koskela acknowledged the evolution of the IT industry, from client-server in the ‘90s to hosted services in the 2000s, cloud computing in the 2010s and cloud-native in the 2020s. He underscored the need for a new security approach to match the evolving business environments:

The cloud offers agility, speed, cost-efficiency. But with new technologies come new security considerations.

WithSecure has been proactive, creating solutions for every technological shift – be it firewalling and endpoint protection during the hosted services era, or data security and VPNs for the cloud computing era.

And now, with the rise of cloud-native tech, we’re helping clients to understand and secure their digital perimeter through our offensive security approach.

WithSecure Chief Product Officer, Antti Koskela (left), and APAC Regional Director Yong Meng Hong (right)

WithSecure Elements Picking Up In APAC

Since its mid-2021 debut, WithSecure’s Elements platform has gained considerable momentum here in Malaysia and the broader Asia-Pacific region. This comprehensive cybersecurity platform has made its mark by providing organisations with a unified solution to their security needs.

Elements equips enterprises with the insight, adaptability, and technology to tackle evolving threats and changing business environments.

Offering unified endpoint protection across devices, clouds and servers, Elements consolidates everything from vulnerability management and collaboration protection to detection and response into one easy-to-navigate security console.

– WithSecure Asia-Pacific Regional Director Yong Meng Hong

Yong further emphasised that the cloud-based Elements platform provides real-time visibility across an entire IT infrastructure, simplifying how enterprises manage their cybersecurity.

Flexible licensing options, including fixed-term subscriptions and usage-based billing, ensure that organizations can tailor their cybersecurity services according to their specific needs.

Elements offers centralised management capabilities, giving IT managers a comprehensive overview of their enterprise’s IT infrastructure, enhancing their reassurance and control.

Today, WithSecure is globally recognised, trusted by a myriad of enterprises to safeguard against cyber threats, while also protecting tens of millions of consumers through over two hundred service providers and telecommunications partners.

For organisations looking to navigate the cloud’s security challenges, WithSecure’s offensive security approach could be just the safeguard they need.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Business | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How A University Student Lost RM22K In Online Job Scam!

Leave a reply

Find out how a university student just lost over RM22,000 in an online job scam!

Please SHARE this article to warn your family and friends to avoid such online job scams!

Online Job Scam Are Targeting The Poor + Desperate!

Online job scams have been around for a long, long time. But fake job syndicates have become more active recently, probably because more people are getting laid off, and inflation is eating into our money.

Online job scams come in a variety of ways, but most commonly, you get unsolicited messages through WhatsApp or iMessage, offering you the opportunity to make a lot of money through part-time work, in the comfort of your own home.

This is especially appealing to people who are currently jobless and desperate. Or in this recent case – a university student who is just starting out in life.

I am Shirley , a permanent employee at XXXX Company in the recruitment department. The HR department sent me this number and asked me to contact you to get you to a job opportunity.

Hello! I am Miss Aisyah Binte Ahmed, from The Recruitment Dept. at YYYY Digital, Malaysia. Our company is hiring part-time and full-time online Employees. Can I briefly share the details with you?

How A University Student Lost RM22K In Online Job Scam!

I had earlier written about how fake job syndicates cheat people of their hard-earned money, but I didn’t realise that these scammers are also targeting university students!

A university student recently shared how he quickly lost over RM20,000 to an online job scam, despite being warned that it could be a scam!

How They Reel The Student In…

These online job scams always start by offering their victims an EASY way to make A LOT of money!

It all started two days ago, when an unknown person asked me if I’m interested in a part time job. I usually don’t decline offers like this because I’m also a student looking for internship or job opportunities.

He gave me simple tasks, like subscribing to YouTube channels and get RM10 for each subscription. I was interested as money did really go to my account.

Then, I was added into a group. They would give these free tasks of subscribing to YouTube channels.

These scammers also know that people are now wary of scams, and will always demonstrate their willingness to pay… at least in the beginning.

And occasionally will provide merchant tasks throughout the day, which you bank in a certain amount of money to them, which was said to help improve crypto merchant’s reputation or some sort, then they’ll return you a good amount of earnings after the task is completed. It takes around half an hour to do so. So for these two days I earned around RM500.

This is how the scammers establish trust with their victims, and convince them to “invest” to get even more money!

Recommended : Watch Out For Telegram Phishing Attack!

The Scam Happens Very Quickly

The “merchant tasks” is when they start scamming you, and the scam occurs very quickly. You may think that you’re earning a lot of money, but you will never see a cent of it.

So here’s where the fishing begins. A merchant task has started. A rule was stated that I must complete all the tasks given or I will not get the money that I banked in before.

It doesn’t matter how little you “invest” in this “merchant task” scheme. Once you are in, they will quickly use your “earnings” to force you to keep paying them!

I chose the least risk package, give RM300 to get RM360. Then, I was required to continue the next task. Same, I chose the smallest amount RM2000 to get RM2600. Again, need to continue the next task, I chose the smallest RM5000 to get RM7000. Then, RM15000 to get RM19500.

Then, RM40000 to get RM52000. At this point, I still haven’t realize it’s a scam. All I’m focussed on is I need to take back the money that I banked in, so I’m just thinking about completing the tasks given.

By The Time He Realised… It Was TOO LATE!

Because the university student was so engrossed in getting back the money he “invested” earlier, he didn’t realise that he was giving the scammers more and more money… until it was much too late.

There’s one trick that this scammer is using. He let me start with a small investment, then proceed with stages. They force me to continue because I want to rescue the money that I put in in the previous task. So it keeps getting bigger and bigger.

Unfortunately, by the time the university student realised his mistake, it was much too late… He had already lost over RM22K!

At that time, I have not enough money in my bank to fork out RM40k. So I panic and find my friend to lend me some money.

Luckily my friend as a sideliner noticed that this is a scam and stopped me. I woke up finding that evervthing was too late. Just like that, two days, RM22300, gone.

Scammers caught on CCTV by hacker

Many People In The Group Are Scammers

As the university student later realised, many of the people in the group are part of the online job scam syndicate. Their job is to give the victims the perception that this is a legitimate job with many people participating.

During merchant tasks, I’m asked to leave the big group and will be joining a small group of 3-4 members. One of the scary parts in this operation after I realize it’s a scam is that, all the group members in the group are actually controlled by the same person.

Out of the 4 members, two might be playing rich vips who will play the highest package, pressuring you to play with more money, the other person looks like a newcomer like me and plays along with me, choosing the lowest package.

Precautions Were Useless

The university student was actually warned by his parents that it could be a scam. He even prepared for the possibility he could be scammed:

Some Precautions | Made While Attempting This:

I was being very careful with this. I shared with my parents on the first night. My parents did warned me about it being a scam, but didn’t stop me from it since I’m earning something. They just ask me to be extra cautious.

I have two bank accounts, so I moved most of my savings such that I have a “small” account and a “big” account, to prevent losses if anything goes wrong.

I also created a new chat account with another phone number solely for this “part time job”. I also made a plan and promise to only invest my earnings, so I cannot touch my savings.

But as German Field Marshal Helmuth von Moltke once said, “No plan survives contact with the enemy“, and the student’s precaution was useless when he got “emotionally invested” in getting his money back, and ended up taking out all of his saving from the “big account”!

I believe we always read about news of scams in Malaysia, asking why are they so dumb, why they fall into these type of scams. Until I’m in their shoes. I was being very cautious taking the above steps and always remind myself to not be greedy, play only the least risk.

The worse part is, when I’m within that situation and cannot think straight. I even use my savings from my “big” account, just because I want to rescue the money I put in.

Recommended : How To Block Facebook Ads + Pay Scammers!

The university student is now “emotionally depressed” and “thinking about suicide” over the loss of so much money. But do the scammers care? No, they couldn’t care less if people commit suicide over the loss of their hard-earned money.

He has also contacted his bank fraud hotline, and lodged a police report. Unfortunately, he is unlikely to ever recover any of the money he lost. But I hope he understands that his life matters more to his family than money, and he can always make back the money as long as he lives.

Please SHARE this article out, and WARN your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

New Cyber Crime Rules For WhatsApp Fact Check!

Leave a reply

Did WhatsApp just implement new cyber crime rules to help the government monitor and record your calls and messages?!

Take a look at the viral claim, and find out what the facts really are!

Claim : WhatsApp Has New Cyber Crime Rules!

People are sharing this warning about WhatsApp implementing new cyber crime rules, to help the government monitor and record all calls and messages!

Tʜᴇ ɴᴇᴡ ᴄᴏᴍᴍᴜɴɪᴄᴀᴛɪᴏɴ ʀᴜʟᴇs ғᴏʀ WʜᴀᴛsAᴘᴘ ᴀɴᴅ WʜᴀᴛsAᴘᴘ Cᴀʟʟs (Vᴏɪᴄᴇ ᴀɴᴅ Vɪᴅᴇᴏ Cᴀʟʟs) ᴡɪʟʟ ʙᴇ ɪᴍᴘʟᴇᴍᴇɴᴛᴇᴅ ғʀᴏᴍ ᴛᴏᴍᴏʀʀᴏᴡ: –

01. Aʟʟ ᴄᴀʟʟs ᴡɪʟʟ ʙᴇ ʀᴇᴄᴏʀᴅᴇᴅ.
02. Aʟʟ ᴄᴀʟʟ ʀᴇᴄᴏʀᴅɪɴɢs ᴡɪʟʟ ʙᴇ sᴀᴠᴇᴅ.
03. WʜᴀᴛsAᴘᴘ, FᴀᴄᴇBᴏᴏᴋ, Tᴡɪᴛᴛᴇʀ, Iɴsᴛᴀɢʀᴀᴍ ᴀɴᴅ ᴀʟʟ sᴏᴄɪᴀʟ ᴍᴇᴅɪᴀ ᴡɪʟʟ ʙᴇ ᴍᴏɴɪᴛᴏʀᴇᴅ.
04. Yᴏᴜʀ ᴅᴇᴠɪᴄᴇs ᴡɪʟʟ ᴄᴏɴɴᴇᴄᴛ ᴛᴏ ᴛʜᴇ Mɪɴɪsᴛʀʏ sʏsᴛᴇᴍ.
05. Tᴀᴋᴇ ᴄᴀʀᴇ ɴᴏᴛ ᴛᴏ sᴇɴᴅ ᴛʜᴇ ᴡʀᴏɴɢ ᴍᴇssᴀɢᴇ ᴛᴏ ᴀɴʏᴏɴᴇ.
06. Tᴇʟʟ ʏᴏᴜʀ ᴄʜɪʟᴅʀᴇɴ, sɪʙʟɪɴɢs, ʀᴇʟᴀᴛɪᴠᴇs, ғʀɪᴇɴᴅs, ᴀᴄϙᴜᴀɪɴᴛᴀɴᴄᴇs ᴛʜᴀᴛ ʏᴏᴜ sʜᴏᴜʟᴅ ᴛᴀᴋᴇ ᴄᴀʀᴇ ᴏғ ᴛʜᴇᴍ ᴀɴᴅ ʀᴀʀᴇʟʏ ʀᴜɴ sᴏᴄɪᴀʟ sɪᴛᴇs.
07. Dᴏ ɴᴏᴛ sᴇɴᴅ ᴀɴʏ ʙᴀᴅ ᴘᴏsᴛ ᴏʀ ᴠɪᴅᴇᴏ ᴀɢᴀɪɴsᴛ ᴛʜᴇ ɢᴏᴠᴇʀɴᴍᴇɴᴛ ᴏʀ ᴛʜᴇ Pʀɪᴍᴇ Mɪɴɪsᴛᴇʀ ʀᴇɢᴀʀᴅɪɴɢ ᴘᴏʟɪᴛɪᴄs ᴏʀ ᴛʜᴇ ᴄᴜʀʀᴇɴᴛ sɪᴛᴜᴀᴛɪᴏɴ.
08. Iᴛ ɪs ᴄᴜʀʀᴇɴᴛʟʏ ᴀ ᴄʀɪᴍᴇ ᴛᴏ ᴡʀɪᴛᴇ ᴏʀ sᴇɴᴅ ᴀ ʙᴀᴅ ᴍᴇssᴀɢᴇ ᴏɴ ᴀɴʏ ᴘᴏʟɪᴛɪᴄᴀʟ ᴏʀ ʀᴇʟɪɢɪᴏᴜs ɪssᴜᴇ, ᴅᴏɪɴɢ sᴏ ᴄᴀɴ ʟᴇᴀᴅ ᴛᴏ ᴀʀʀᴇsᴛ ᴡɪᴛʜᴏᴜᴛ ᴀ ᴡᴀʀʀᴀɴᴛ.
09. Tʜᴇ ᴘᴏʟɪᴄᴇ ᴡɪʟʟ ɪssᴜᴇ ᴀ ɴᴏᴛɪғɪᴄᴀᴛɪᴏɴ, ᴛʜᴇɴ ʙᴇ ᴘʀᴏsᴇᴄᴜᴛᴇᴅ ʙʏ Cʏʙᴇʀ Cʀɪᴍᴇ, ᴡʜɪᴄʜ ɪs ᴠᴇʀʏ sᴇʀɪᴏᴜs.
10. Aʟʟ ʏᴏᴜ ɢʀᴏᴜᴘ ᴍᴇᴍʙᴇʀs, ᴍᴏᴅᴇʀᴀᴛᴏʀs ᴘʟᴇᴀsᴇ ᴄᴏɴsɪᴅᴇʀ ᴛʜɪs ɪssᴜᴇ.
11. Bᴇ ᴄᴀʀᴇғᴜʟ ɴᴏᴛ ᴛᴏ sᴇɴᴅ ᴛʜᴇ ᴡʀᴏɴɢ ᴍᴇssᴀɢᴇ ᴀɴᴅ ʟᴇᴛ ᴇᴠᴇʀʏᴏɴᴇ ᴋɴᴏᴡ ᴀɴᴅ ᴛᴀᴋᴇ ᴄᴀʀᴇ ᴏғ ᴛʜᴇ sᴜʙᴊᴇᴄᴛ.

Bᴇ ᴍᴏʀᴇ ᴀᴡᴀʀᴇ ᴏғ ᴀʟʟ ɪɴ ᴛʜᴇ ɢʀᴏᴜᴘ …

Iᴍᴘᴏʀᴛᴀɴᴛ ɪɴғᴏʀᴍᴀᴛɪᴏɴ ᴀʙᴏᴜᴛ WʜᴀᴛsAᴘᴘ’s ɴᴇᴡ ʀᴜʟᴇs ᴛᴏ ɢʀᴏᴜᴘ ᴍᴇᴍʙᴇʀs …

1. ✓ = ᴍᴇssᴀɢᴇ sᴇɴᴛ.
2. ✓✓ = ᴍᴇssᴀɢᴇ ʀᴇᴀᴄʜᴇᴅ.
3. Tᴡᴏ ʙʟᴜᴇ ✓✓= ᴍᴇssᴀɢᴇ ʀᴇᴀᴅ.
Tʜʀᴇᴇ ʙʟᴜᴇ ✓✓✓ = Tʜᴇ ɢᴏᴠᴇʀɴᴍᴇɴᴛ ᴛᴏᴏᴋ ɴᴏᴛᴇ ᴏғ ᴛʜᴇ ᴍᴇssᴀɢᴇ.
5. Tᴡᴏ ʙʟᴜᴇ ✓✓ ᴀɴᴅ ᴏɴᴇ ʀᴇᴅ ✓= ᴛʜᴇ ɢᴏᴠᴇʀɴᴍᴇɴᴛ ᴄᴀɴ ᴛᴀᴋᴇ ᴀᴄᴛɪᴏɴ ᴀɢᴀɪɴsᴛ ʏᴏᴜ.
6. Oɴᴇ ʙʟᴜᴇ✓ ᴀɴᴅ ᴛᴡᴏ ʀᴇᴅ✓✓ = ᴛʜᴇ ɢᴏᴠᴇʀɴᴍᴇɴᴛ ɪs ᴄʜᴇᴄᴋɪɴɢ ʏᴏᴜʀ ɪɴғᴏʀᴍᴀᴛɪᴏɴ.
7. Tʜʀᴇᴇ ʀᴇᴅ ✓✓✓ = Tʜᴇ ɢᴏᴠᴇʀɴᴍᴇɴᴛ ʜᴀs sᴛᴀʀᴛᴇᴅ ᴘʀᴏᴄᴇᴇᴅɪɴɢs ᴀɢᴀɪɴsᴛ ʏᴏᴜ ᴀɴᴅ ʏᴏᴜ ᴡɪʟʟ ɢᴇᴛ ᴀ ᴄᴏᴜʀᴛ sᴜᴍᴍᴏɴs sᴏᴏɴ.

sʜᴀʀᴇ ᴡɪᴛʜ ʏᴏᴜʀ ғʀɪᴇɴᴅs …!!😀😀😀

Show less

Recommended : How To Block Facebook Ads + Pay Scammers!

Truth : WhatsApp Does Not Have New Cyber Crime Rules!

And here is why this is nothing more than yet another Internet hoax :

Fact #1 : Only China Can Do This

The only country that has accomplished most of what was shared above is China, but it took them decades to erect the Great Firewall of China.

It’s not just the massive infrastructure that needs to be created, it also requires legislation to be enacted, and considerable manpower and resources to maintain such a system.

That’s why China is leaning heavily on AI and cloud computing capabilities to automatically and quickly censor information it deems “sensitive”.

However, no other country has come close to spending the money and resources on a similar scale, although Russia, Cuba, Vietnam, Zimbabwe and Belarus have imported some surveillance technology from China.

Fact #2 : WhatsApp, Instagram + Facebook Messenger Have End-to-End Encryption

All three Facebook-owned apps now run on the same common platform, which provides end-to-end encryption.

End-to-end encryption protects messages as they travel through the Internet, and specifically prevents anyone (bad guys or your friendly government censor) from snooping into your conversations.

That is also why all three apps are banned in China…

Fact #3 : Governments Generally Have No Control Over Those Apps

Outside of authoritarian countries like China and Russia, governments generally have little to no control over social media and instant messaging apps. Even then, their control is generally limited to banning access if they don’t get their way.

The ability to keep conversations and messages safe and private is key to the success of instant messaging apps, in particular. So WhatsApp, Telegram and Signal would never allow governments access to user messages or voice calls, never mind record and monitor them for governments!

In fact, by implementing end-to-end encryption, these companies themselves do not have access to your messages and calls.

Fact #4 : WhatsApp Does Not Have Three Check Marks!

WhatsApp messages only have two ticks / check marks to notify users about the status of their messages:

: The message was successfully sent.
: The message was successfully delivered to the recipient’s phone or any of their linked devices.
: The recipient has read your message.

There is no third check mark, as claimed by the viral message.

Fact #5 : Governments Won’t Tip You About Investigations

It is illogical for WhatsApp to inform you when the government is checking your information, or when it has started proceedings against you.

In fact, it doesn’t make sense for any government to inform you by instant messaging check marks! If the government is charging you with a crime, it will send police officers, not check marks on WhatsApp!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Internet | Fact Check | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Disable Android TV Lock Screen Requirement!

Leave a reply

If you own an Android TV, or Android TV box, you might need to disable the Lock Screen requirement. Find out how to do that!

Why Do You Need To Disable Android TV Lock Screen?

Android TV, whether it’s already integrated into your television set, or in a separate box, requires a Google account to download and install apps through the Google Play Store.

If you have been using your Google Workspace account, or the Free Legacy G Suite account, you will likely encounter this error message:

To access your work account on this device, you’ll need to set a lock screen. This is your organization’s mobile device policy.

A lock screen? Android TV has a TV lock option, but by default, that’s disabled and rightly so – TVs traditionally do not require a password when you turn them on!

You can ignore it, and continue to use your Android TV or Android TV box, but you cannot log into Google Play Store to download and install any apps.

How To Bypass Android TV Lock Screen Requirement!

This Android TV Lock Screen error message appears because Google, by default, sets company accounts to require a Lock Screen on all mobile devices.

The easiest way to bypass this Android TV Lock Screen requirement is to simply use a personal Google Account. Or better still, create a new personal Google Account just for your Android TV.

Once you switch to a personal Google account, you won’t have to face this Lock Screen requirement, and can freely download and install apps from the Google Play Store. However, this method only works for people who only intend to download and use free apps.

If you intend to download and install a paid app, like Minecraft for example, then this method won’t work because that paid app is tied to your Google Workspace / Free Legacy G Suite account.

How To Disable Android TV Lock Screen Requirement!

If you need to use your Google Workspace / Free Legacy G Suite account (which is tied to a company) with your Android TV, then you need to disable the Lock Screen policy. In this video tutorial, we will show you just how to do that.

Just in case you prefer a step-by-step guide, here are the steps with screenshots.

Step 1 : Log into Google Admin (https://admin.google.com/) for your Google Account.

Step 2 : Type “Universal Settings” in the search box at the top, and a list of relevant options will appear.

Step 3 : Click on Universal Settings. Alternatively, you can navigate manually using the menu on the left : Devices > Mobile and endpoints > Universal settings

Step 4 : In the Universal Settings page, click on General : Turn on device management and password controls to reveal the available general settings.

Step 5 : In the General section, you will see two options – Mobile management and Password requirements.

Either option will let you disable the Lock Screen requirement in Android devices. So you will need to select one of them.

I will share the two available methods as Option A and Option B below. Choose one.

Option A : Disable Mobile Management

By default, your account is set to Basic (Agentless) mobile management, which applies basic password controls (including requiring the Lock Screen).

Step 6A : Select Turn off mobile management (Unmanaged).

Step 7A : Click on Save to save the changes. The change generally happens instantaneously but can take a few minutes to propagate.

As turning off basic mobile management will deprive you of the ability to wipe work accounts, and remove compromised device protection, I would recommend you try Option B as the first resort, and keep Option A as a back up alternative.

Option B : Disable Password Requirements Recommended!

By default, your account is set to Require users to set a password, which has a basic requirement of “Any screenlock“.

Step 6B : Untick the Require users to set a password checkbox.

Step 7B : Click on Save to save the changes. The change generally happens instantaneously but can take a few minutes to propagate.

I personally recommend using this option, as it would leave you the ability to perform some basic mobile management of your devices.

Step 8 : While the change happens within seconds to minutes, you must remove your Google Account from your Android TV / Android TV box.

Step 9 : Log into Google Play Store using your Google Account again. It should now work properly, without asking you to register a Lock Screen.

I hope you found this guide useful. Please SHARE this guide out, and SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Home Tech | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Restaurant Menu QR Code Hack Your Phone?!

Leave a reply

Did the FBI just warn people to avoid using the restaurant menu QR code, because it can hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

Claim : FBI Says Restaurant QR Code Can Hack Your Phone!

People are sharing a Daily Mail article, or screenshots of it, which claims that the FBI just warned people not to use any restaurant menu QR code because it can allow hackers to steal your data!

Here is an excerpt from the Daily Mail article. Feel free to skip to the next section for the facts!

Why you should ALWAYS ask for a physical menu: FBI warns hackers are planting fake QR CODES in restaurants that steal your data when you click the link

Scammers are making fake QR codes to place on top of real ones
This is letting them access smartphones and steal personal data

QR codes have become the new default for accessing restaurant menus across the US post-Covid — but scammers are seizing upon the new practice.

The FBI warns thieves are creating fake QR codes and planting them at eateries, retail shops and even parking meters.

Instead of taking you to an online menu or checkout, the links instantly download malware onto your device, stealing your location and personal information

The FBI has urged consumers to look out for typos or misplaced letters in URLs accessed through QR codes and ask restaurants for a physical menu.

Truth : FBI Did Not Say Restaurant QR Code Can Hack Your Phone!

This appears to be a “misunderstanding” of an actual FBI warning about QR codes. Here is what you need to know about the risks of scanning a QR code for a restaurant menu.

Fact #1 : FBI Issued QR Code Warning In January 2022

I could find no reference to a recent QR code warning by the FBI, and oddly enough, The Daily Mail did not provide a source or link to the FBI warning its article was referring to.

The FBI only released one public service announcement (PSA) about QR codes, and that was Alert Number 1-011822-PSA which was released on January 18, 2022.

If that was the source for the Daily Mail article, then it’s more than a year old, and not recent as the article appears to suggest.

Fact #2 : FBI Warned About General QR Code Risk

The FBI advisory was a general warning about the risks of tampered QR codes. Specifically, it warned about cybercriminals tampering with both digital and physical QR codes.

The FBI is issuing this announcement to raise awareness of malicious Quick Response (QR) codes. Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.

Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site…

Fact #3 : FBI Advisory Did Not Mention Restaurant / Menu

Interestingly, the entire FBI advisory did not once mention restaurants or menus, and that makes a lot of sense.

It is odd to focus on the risk of using QR codes for online menus in restaurants, when they are used in so many other ways today – from making mobile payments, as mobile tickets, login tokens, etc.

Any security risk involving restaurant menu QR codes would also apply to QR codes used for other purposes. So it really doesn’t make sense for the FBI to “pick on” restaurant menu QR codes.

Fact #4 : QR Code Is Not Malicious In Nature

QR code (which is short for Quick Response code) is not nefarious or malicious in nature. The FB advisory specifically pointed that out – “QR codes are not malicious in nature“.

The QR code is merely a type of two dimensional barcode that was invented in 1994 by the Japanese company, Denso Wave, to track automotive parts. It has since been adopted for other purposes because it is more efficient and can support more than just numbers. For example, Version 40 QR code can contain up to 7,089 numbers or 4,296 characters.

Ultimately, a QR code is nothing more than a series of numbers or characters – data which can be used for a variety of purposes, including providing a link to an online restaurant menu.

Fact #5 : QR Code Can Be Tampered With

It is true that QR codes can be tampered with. In fact, the FBI advisory was issued after Texas police departments discovered fraudulent QR code stickers on parking meters in San Antonio and Austin. Drivers who scanned those fake QR codes were taken to a scam website. instead of the real payment website.

Hence, the FBI issued that warning to remind people to check the URL link to make sure that it is the intended website, and not a phishing page with a similar link. For example, the fake website may use www.quikpay.com when the real website is www.quickpay.com.

To completely avoid this risk, avoid using QR code to access a payment website. Always go directly to the payment website on your smartphone’s web browser by keying in the link yourself. Genuine payment labels with a QR code will often include a direct URL link for you to use as a safer alternative.

Recommended : How To Block Facebook Ads + Pay Scammers!

Fact #6 : Restaurant Menu QR Code Is Low Risk

While scammers can place fraudulent QR codes over genuine ones at restaurants, bars, and other eateries, this is a very unlikely attack vector.

That’s because restaurants often use QR codes to redirect you to an online system to order food and drinks for your table. Imagine if you scan a fraudulent QR code and are asked to key in your credit card details. That would be absurd, and you would surely complain to the waiter since you haven’t even ordered your food!

In most cases, you are not expected to pay at the table using QR code. You either pay using cash / credit card / mobile payment using QR code at the payment counter. Even if that QR code is compromised, the cashier would notice it immediately as any payment made using that QR code would not reflect in the restaurant’s point-of-sale (POS) system.

And payment only occurs after dining – a fraudulent QR code that leads you to a fake website won’t allow you to actually order anything, since it’s not connected to the real restaurant and its ordering system. That’s why this attack vector is highly improbable.

In any case, many restaurants now generate temporary QR codes on disposable paper stubs to avoid this risk. The QR code is only valid for your dining session. The next person to dine at the same table will receive a different QR code.

Fact #7 : QR Code Can Potentially Inject Malware

It is possible for QR code to inject malware into the smartphone that you are using to scan. In fact, there are apps like QRGen that allow scammers / hackers to easily generate malicious QR codes. However, it isn’t quite as simple as the article makes it out to be.

For one thing – malware and exploits are limited to specific operating systems or phone models. For example, an Android exploit / malware won’t work on iPhones. Or an exploit / malware that makes use of an Android 11 vulnerability won’t work on newer / updated Android smartphones since they would have patched the exploit.

Second – any malware will require considerable amounts of code to load. The scammer / hacker will have to use an enormous QR code like the version 40 example below, or it will need to convince you to download and install the malware package itself.

Genuine restaurant menu QR codes are simple – like the version 1 / version 10 examples above, because they only serve a link to their online menu / ordering system. If you see a large and complex QR code like the version 40 example, avoid scanning it, and ask the restaurant staff to verify its authenticity.

Restaurant menu QR codes would also never ask you to download or install anything. They only serve to load a link to an online menu / ordering system, so if you are asked to download or install anything, do NOT proceed, and notify the restaurant.

These tips also apply to other businesses that use QR codes to show you a menu, discounts, offers, information, etc.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Money | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Microsoft : No More Windows 10 Updates, EOL In 2025!

Leave a reply

Microsoft will no longer issue major Windows 10 updates, and will end support for the operating system in October 2025!

Microsoft : No More Windows 10 Updates, EOL In 2025!

On Thursday, 27 April 2023, Microsoft announced that it will no longer issue any further major Windows 10 update. The current 22H2 version that was released in October 2022, and entered broad deployment on November 18, 2022, would be the final version of Windows 10.

In addition, Microsoft announced that all editions of Windows 10 will reach the end of support on October 14, 2025.

Windows 10 Home
Windows 10 Pro
Windows 10 Enterprise
Windows 10 Education
Windows 10 Pro Education
Windows 10 Pro for Workstations
Windows 10 IoT Enterprise

However, Microsoft will continue to issue monthly security update releases (including Windows Defender updates) until that EOL date.

Windows 10 will reach end of support on October 14, 2025. The current version, 22H2, will be the final version of Windows 10, and all editions will remain in support with monthly security update releases through that date. Existing LTSC releases will continue to receive updates beyond that date based on their specific lifecycles.

The only exception will be existing LTSC (Long Term Servicing Channel) releases – they will continue to receive updates beyond that EOL date, based on their specific lifecycles.

Windows 10 Enterprise LTSC 2019 : Jan. 9, 2029
Windows 10 IoT LTSC 2019 Core : Jan. 9, 2029
Windows 10 IoT Core LTSC : Jan. 9, 2029
Windows 10 Enterprise LTSC 2021 : Jan. 12, 2027
Windows 10 IoT Enterprise LTSC 2019 : Jan. 9, 2029
Windows 10 IoT Enterprise LTSC 2021 : Jan. 13, 2032

Microsoft also took the opportunity to announce that two Windows 11 LTSC releases will be available in the second half of 2024:

Windows 11 Enterprise LTSC
Windows 11 IoT Enterprise LTSC

Enterprise users who want to plan and test applications and hardware while waiting for a Windows 11 LTSC release, should start doing so with the current Windows 11 22H2 edition.

Microsoft : Please Upgrade Before Windows 10 EOL!

Microsoft is therefore encouraging users to transition to Windows 11, because it will no longer release any feature upgrades.

Despite Windows 11 being introduced over 1.5 years ago, many Windows 10 users still refuse to upgrade / migrate to Windows 11.

According to the both Steam Store’s March 2023 and StatCounter’s survey, more than 73% of Windows-based PCs are still running on Windows 10!

On its part, Microsoft stopped selling Windows 120 downloads in January 2023, but until Microsoft starts cutting off security updates in October 2025, there will be little impetus for Windows 10 users to migrate to Windows 11.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Business | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Approve New Participant block WhatsApp hackers?!

Leave a reply

Can the new Approve New Participant feature in WhatsApp block hackers?!

Take a look at the viral claim, and find out what the facts really are!

Claim : Turn On WhatsApp Approve New Participant To Block Hackers!

WhatsApp started introducing a new feature called Approve New Participant, on 11 March 2023.

This new feature was only available to WhatsApp Group administrators, and went pretty much unnoticed by most WhatsApp users, until this claim went viral on WhatsApp and social media platforms:

CYBER SECURITY ALERT
Announcement

Let’s look sharp all admins*
WhatsApp has added a new security feature to prevent hackers from joining Groups.
I Hope Admins will take advantage of this feature.

*Admins* should go to group settings and
‘TURN ON’ Approve New Participant.

This will prevent unauthorized access for hackers.

WHATSAPP ADMINS ALERT!!!

That WhatsApp cybersecurity alert was unsigned, so we have no idea who created it. But once it went viral, WhatsApp users started asking their group administrator to turn it on to block hackers.

But does the new Approve New Participant feature really block hackers from attacking WhatsApp groups?

Truth : WhatsApp Approve New Participant Does Not Block Hackers!

This is yet another example of FAKE NEWS circulating on WhatsApp, and social media platforms like Facebook and Twitter, and here are the reasons why…

Fact #1 : Approve New Participant Is Not A Cybersecurity Feature

First, let me just point out that Approve New Participant is not a cybersecurity feature. WhatsApp introduced the this feature to help group administrators “grow, moderate, and protect their groups“.

The Approve New Participants setting empowers admins to help grow, moderate, and protect their groups. Turning on the setting in Group Settings requires the admin to review every request to join the group before a participant is allowed to join. This feature enhances privacy and security for all participants in the group.

This feature is designed to protect private groups by preventing people from simply joining them using an invite link.

This is a major security concern for private groups, as it exposes the group chats to people who may not be authorised to view them. However, this is not a concern for open groups, as they are open to one and all.

Fact #2 : Approve New Participant Cannot Block Hackers

When a group turns on Approve New Participant, admin approval is required to join a group. People who attempt to join the group will see a Request to join button, with the message “An admin must approve your request”.

After clicking on Request to join, those who wish to join the group are allowed to share their Reason for the request, or Cancel Request.

Once the group administrators get the request, they can either approve or reject the request. Group administrators can also start a chat with the person to request more information.

All that is great for vetting people who want to join an exclusive WhatsApp group, but this new feature does not block hackers, as the group administrator will not know who is, or is not a hacker. It’s not like those WhatsApp accounts have a “hacker” or “not a hacker” label!

Hackers can use social engineering techniques to trick the group administrators into approving their requests, or they can simply use phishing attacks to take over the WhatsApp accounts of existing group participants!

Fact #3 : Approve New Participant Is Disabled By Default

Cybersecurity features that are designed to block hackers will always be enabled by default – why would they be optional?

Yet, the new Approve New Participant feature is OPTIONAL in WhatsApp, and is DISABLED by default. That is because this is not a cybersecurity feature designed to block hackers.

Many WhatsApp groups are open for anyone to join, and turning on Approve New Participant would be pointless as group administrators would not know the identity of the people joining their groups.

This is why it is up to the WhatsApp group administrators to determine if it is suitable for them to use the new Approve New Participant feature, or not.

Private groups will want to turn this on, to vet people who request to join. But open groups will want this feature disabled, or their administrators will be overwhelmed with joining requests.

Fact #4 : Group Participants Can Always Be Removed

Here’s another reason why blocking new participants joining automatically does not block hackers – group participants can always be removed.

Let’s say a hacker, or an unauthorised person, gains access to your WhatsApp group. It doesn’t mean he/she can stay in your group forever. Any group administrator can remove that person.

This new feature only helps group administrators pre-vet people who want to join their group, instead of kicking them out after they have already joined.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : Watch Out For Telegram Phishing Attack!

Leave a reply

Watch out for the phishing attack that will allow scammers to take over your Telegram account!

Scam Alert : Watch Out For Telegram Phishing Attack!

Scammers are now targeting Telegram users with a phishing attack that is designed to trick them into giving up their accounts! The Telegram phishing attack works like this:

Step 1 : The scammer gains control of your friend’s Telegram account, and sends this message to you:

Dear Telegram users. The system detects that this account is abnormal and has potential security risks.

To ensure that you can log in to your account normally, you need to invite friends for auxiliary verification

The risk control account has not been verified. The system will cancel the account after 24 hours!

Personal Information Authentication：[link removed]

Step 2 : The scammer, masquerading as your friend, asks you to help him/her verify his/her Telegram account by clicking on the link.

There are security risks in my account, and I need friends to help me verify it. Please click on the official link to help me verify it and follow the prompts. thank you

Step 3 : If you click on the [removed] link to help your friend, you will be taken to a website that looks like an official Telegram website. DO NOT DO THIS.

Step 4 : You will be asked to log into your Telegram account on the fake website. DO NOT DO THIS.

Step 5 : The fake Telegram website will ask you to key in your Login code, or take and upload a screenshot of your Telegram. DO NOT DO THIS.

Step 6 : If you continue, the scammer will be able to take over your Telegram account, and use it to scam your friends by asking them for money, etc.

The scammer will also have access to your Telegram chats, and all associated media including photos and videos, which could potentially be leaked or used to extort you or other people.

How To Protect Against Telegram Phishing Attack

A phishing (pronounced as fishing) attack is a social engineering attack, that uses your trust for an institution (like a bank), authority (Telegram), or someone you know, to give up your login details.

Here are some ways you can protect yourself against any phishing attack on Telegram, or other platforms.

Verify Identity Before Trusting

Many people fall for phishing attacks because it is human nature to trust your friends and to help them. However, on instant messaging apps, you don’t actually know if it’s really your friend on the other end!

So if a friend messages you on Telegram, WhatsApp, Facebook, Twitter, Instagram, etc to ask for help, ALWAYS verify their identity before proceeding.

If possible, call or message your friend on the phone, or via a different platform (use WhatsApp if the request came on Telegram, for example).

But if you are unable to call your friend, try asking the other person something that only your real friend would know:

Do NOT ask questions like “Are you really Sarah??“
Do NOT ask questions that can be answered by reading previous chat messages.
Ask something that only you and your friend would know, like “Hey Sarah, what was that restaurant we went to last week?“
Ask a fake question that your friend would readily know is not true, like “Hey Sarah, are you coming over tonight?“

If the other person cannot answer or gives you the wrong answer, he/she is not your friend, and that account has likely been taken over by a scammer.

Recommended : How To Block Facebook Ads + Pay Scammers!

Look At The Link

Whenever you see a link being shared, always check if it leads to a legitimate website, or attempts to masquerade as a real website, by substituting characters in the link.

This Telegram phishing attack, for example, uses a link to telegram.0rg.ee. The real Telegram domain name is telegram.org. This is called domain spoofing.

If you see an attempt to impersonate a legitimate website by using a similar-looking domain name, do NOT click on it.

Never Login Via A Link

It is common for people to share links on Telegram, and in Telegram groups. Heck, we share links to our article in the Tech ARP Telegram group!

Clicking on links in Telegram, WhatsApp, emails, etc. is not dangerous, because most lead to legitimate websites that do NOT require you to log in.

What is dangerous is logging into any website through a link. I cannot hammer this enough – NEVER LOG INTO ANY WEBSITE through a link!

Phishing attacks work by tricking you into going into a fake website that looks like the real website. But you still have to log into the fake website to give the scammers your login details.

If you click on a link, and you are asked to login – this is likely a phishing attack. But don’t worry – as long as you refuse to log into any website after clicking on a link, the phishing attack fails.

Turn On Two-Step Verification

All banking platforms, and many mobile apps now offer two-step verification to prevent scammers from taking over user accounts. However, this is often an optional feature that you must manually enable.

Telegram has a two-step verification feature, which prevents scammers and hackers from hijacking your account by requiring a secret password that only you will know.

Please follow our guide on how to turn on Two-Step Verification in Telegram.

Just make sure you do NOT give that password out to anyone, or key it into any website!

Warn Your Family + Friends!

It is important to publicise phishing attacks, whenever they happen. If people are alerted, they are less likely to fall for such attacks.

However, scammers and hackers can quickly change the way their phishing attack works, so it is important that people understand how phishing attacks work in general.

You can help prevent phishing attacks by sharing this articles, and other cybersecurity warnings, with your family and friends.

Please help us FIGHT SCAMMERS by sharing this cybersecurity article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Business | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Pinduoduo App Contains Persistent Spy Malware!

Leave a reply

One of China’s most popular apps – Pinduoduo apparently contains a malware that monitors user activities and is difficult to remove!

Take a look at what CNN and multiple cybersecurity researchers have discovered about Pinduoduo!

Pinduoduo : What Is It?

Pinduoduo is actually a Chinese online retailer. Think of it as China’s Amazon. While Amazon started as an online bookstore, Pinduoduo started as an online agricultural retailer.

Since then, Pinduoduo has become one of China’s most popular online shopping platform, with its app offering its 750 million users access to cheap products in China, by offering steep discounts on group buying orders.

Despite its meteoric rise, Pinduoduo has not been without its controversies. In 2018, the company was criticised for hosting inferior and imitation products, to which it responded by taking down more than 4 million listing and shutting down 1,128 stores.

In 2019, Pinduoduo was hit by hackers who stole discount coupons worth tens of millions of Yuan. And just last month, Google suspended the Pinduoduo app after discovering that versions offered outside its Play Store contained malware.

The Off-Play versions of the e-commerce app that have been found to contain malware have been enforced on via Google Play Protect.

Pinduoduo App Contains Persistent Spy Malware!

Western interest may have been initiated by Google suspending the Pinduoduo app, but cybersecurity experts had already started looking into the app, and what they discovered was very troubling.

Alert First Raised By Chinese Cybersecurity Company

I think we should start by noting that it was a Chinese cybersecurity company called Dark Navy that first raised concerns about malware in the Pinduoduo app in February 2023.

Although Dark Navy did not name Pinduoduo in its report, cybersecurity researchers knew who it was referring to and soon followed up with their own investigations and reports, confirming Dark Navy’s report.

Sophisticated Malware

Half a dozen cybersecurity teams from Asia, Europe and the United States identified sophisticated malware in the Pinduoduo app that were designed to exploit vulnerabilities in the Android operating system used by many smartphones.

The malware allows the Pinduoduo app to bypass Android security features to monitor activities in other apps, check notifications, read private messages, and even change settings. It is also difficult to remove once installed.

Mikko Hyppönen, chief research officer at WithSecure, a Finnish cybersecurity firm, said that:

We haven’t seen a mainstream app like this trying to escalate their privileges to gain access to things that they’re not supposed to gain access to. This is highly unusual, and it is pretty damning for Pinduoduo.

Dedicated Hacking Team To Look For Vulnerabilities

Even more damning, CNN reported that a current employee revealed that Pinduoduo set up a team of about 100 engineers and product managers to look for vulnerabilities in Android smartphones, and find ways to exploit them for profit.

To avoid exposure, the source said that the company targeted users in rural areas and smaller towns, and avoided users in megacities like Beijing and Shanghai.

By collecting expansive data on those users, Pinduoduo was able to create a comprehensive portrait of their habits, interests, and preferences; while improving its machine learning models to personalise push notifications and ads.

Pinduoduo App Gained More Access Than Allowed

Three cybersecurity companies – WithSecure, Check Point Research, and Oversecured conducted independent analysis of version 6.49.0 of the Pinduoduo app that was released in late February 2023, and found code designed to achieve “privilege escalation” – a type of cyberattack that exploits vulnerabilities in the operating system to gain a higher level of access to data that it’s supposed to have.

Our team has reverse engineered that code and we can confirm that it tries to escalate rights, tries to gain access to things normal apps wouldn’t be able to do on Android phones.

The Pinduoduo app was able to continue running in the background, and prevent itself from being uninstalled. This was apparently done to boost the platform’s statistic for monthly active users.

Pinduoduo App Has Access To User Data Without Consent

Delware-based app security start-up, Oversecured, found that the Pinduoduo app had access to user data like locations, contacts, calendars, notifications, and photo albums, without their consent.

The app was also able to change system settings, and access user social media accounts and chats.

Pinduoduo App Also Snooped On Other Apps

The Pinduoduo app also had the ability to snoop on competing shopping apps, by tracking activity on other shopping apps, and gathering information from them.

Pinduoduo App Able To Secretly Receive Updates

Check Point Research found that Pinduoduo was able to push updates to the app, without first going through an app store review process to detect malicious code.

Pinduoduo App Programmers Attempted To Obscure Malicious Code

Check Point Research also found that some plug-ins used by the Pinduoduo app tried to obscure potentially malicious code by hiding them under legitimate file names, such as Google’s.

Such a technique is widely used by malware developers that inject malicious code into applications that have legitimate functionality.

Pinduoduo Targeted Android Devices

According to Sergey Toshin, founder of Oversecured, Pinduoduo’s malware specifically targeted Android operating systems used by Samsung, HUAWEI, Xiaomi and OPPO.

He also described the app as “the most dangerous malware” ever found in mainstream apps, exploiting about 50 Android system vulnerabilities. Most of these exploits targeted customised OEM code used by smartphone brands to customise their smartphone software.

I’ve never seen anything like this before. It’s like, super expansive.

Pinduoduo Removed Exploit + Canned Hacking Team

After cybersecurity researchers started reporting about the app, Pinduoduo released version 6.50.0 on March 5, which removed the exploits they found. Two days later, Pinduoduo disbanded its Android hacking team, according to the same employee.

The hacking team members found themselves locked out of Pinduoduo’s workspace communication app, called Knock, and lost access to files on the company’s internal network, with their privileges revoked.

Most of the team was later transferred to work at Pinduoduo’s sister app, Temu. A core group of about 20 cybersecurity engineers however remain at Pinduoduo.

In addition, Sergey Toshin of Oversecured noted that while the exploits were removed in the new version of Pinduoduo, the underlying code remained and could be reactivated to carry out attacks.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Mobile | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Block Facebook Ads + Pay Scammers!

Leave a reply

Many Facebook users are getting hit by the Facebook Ads and Facebook Pay scams! Here is how you can prevent it from happening to you!

Facebook Ads + Pay Scam Hits Many Bank Customers!

Many bank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved. Some have also stated that their credit or debit cards were used to purchase goods and services using Facebook Pay.

Stephanie Wong : I found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately. They helped me to cancel the card but then the thing happened again this morning.

@ruffleseed : I heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS. @MyMaybank has yet to answer us re: this intrusion.

@ItsNeoah : Banyak kali kena kat credit card ambank. Alhamdulilah call ambank dia mintak isi dispute form then tgok next cycle bil dah takde. Letih ngan scammer ni.

Translation : [My] Ambank credit card got hit many times. Alhamdulillah, after calling Ambank, they asked me to fill out a dispute form, then when I checked the next bill cycle [the charges] was removed. Tired of this scammer.

[/su_note]

How To Block Facebook Ads + Pay Scammers!

Here are some ways to prevent getting hit by the Facebook Ads scam, whether you are a bank customer in Malaysia or other countries.

Do NOT Use Debit Cards

First, you should NEVER use a debit card if you can help it. You should certainly not use a debit card online, or register it on any online or mobile payment platform, whether it’s for Apple Pay, Google Pay, or Facebook Pay.

It doesn’t matter if Bill Gates or Elon Musk or BTS endorses debit cards. DO NOT USE DEBIT CARDS!

You should certainly never use your debit card to fund Facebook advertisements. Always use a credit card, which offers you some protection against such fraudulent transactions.

Disable Your ATM Card’s Debit Card Function

Even if you have never requested for a debit card, you likely already own one – your ATM card likely doubles as a debit card! Banks have been forcing customers to take on debit cards, often by making ATM cards double as debit cards.

If possible, ask your bank to disable debit card function in your ATM card. But it is likely that they will refuse to do so – they make money from debit card transactions after all!

If your bank refuses to disable the debit card function in your ATM card, you can ask them to set the limit to ZERO. That will effectively block scammers from accessing your bank account!

Monitor Your Credit Card Transactions

Using a credit card to purchase products and services on online and mobile payment platforms offers you some protection against fraud, but you must always monitor the transactions and report any fraudulent transactions right away.

Depending on the country and card network, you usually have about 60 days to dispute credit card charges. So don’t wait. Report them as soon as you spot them! This will reduce the loss and reports you make, and speeds up the refund process.

Remove Your Credit Cards ASAP

If you register your credit cards for use with Facebook Ads or Facebook Pay, try to REMOVE them as soon as you are done.

Do NOT leave them registered to your Facebook Ads or Facebook Pay account, as a scammer or hacker who gains access to your Facebook account can make fraudulent purchases or run fraudulent advertisements using those credit cards without additional verification.

That appears to be the modus operandi of the Facebook Ads scam that has affected so many Maybank customers in recent weeks.

But if you have never registered your credit or debit cards with Facebook, or removed them after using, even if scammers hacked into your Facebook account or gained access through phishing attacks, they won’t be able to use your credit or debit cards!

Enable PIN For Facebook Pay

If you are using Facebook Pay, a scammer who gains access to your Facebook account could potentially use the debit or credit cards you registered earlier to make fraudulent transactions.

To prevent that, you should enable PIN confirmation for Facebook Pay:

Go to Settings in the Facebook website (not app).
Go to Account Settings, and select Orders and payments.
In the Orders and payments page, select Settings.
In the Security section, select Require PIN Confirmation.
You will be asked to enter a 4-digit number as your PIN.
Key in the 4-digit number again to confirm your PIN.

After that, you will be required to key in the 4-digit PIN whenever you make a payment, or change your bank account details, or connect your payment info with other Meta apps.

Turn On Two-Factor Authentication

To make it harder for scammers / hackers to gain access to your Facebook account, turn on two-factor authentication:

Go to your Security and Login Settings.
Scroll down to Use two-factor authentication and click Edit.
Choose the security method you want to add and follow the on-screen instructions.

When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:

Tapping your security key on a compatible device.
Login codes from a third party authentication app.
Text message (SMS) codes from your mobile phone.

Once you’ve turned on two-factor authentication, you can get 10 recovery login codes to use when you’re unable to use your phone.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Money | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Maybank FB Ads Scam : How To Recover Your Money?!

Leave a reply

If you are one of the many Maybank (MBB) customers who got hit by the Facebook Ads scam, here is how you can recover your money!

Facebook Ads Scam Hits Many Maybank Customers!

Many Maybank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved.

Stephanie Wong : I think i am a very cautious person as I did not link my card to any platform or make purchase through any unsafe website at ALL, but it still happens to me.

I found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately.

They helped me to cancel the card but then the thing happened again this morning.

@ruffleseed : I heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS.

@MyMaybank has yet to answer us re: this intrusion.

Maybank FB Ads Scam : How To Recover Money?!

Generally, you should NEVER use a debit card because it does not offer the protection a credit card does – money is withdrawn directly from your bank account, and the bank is not legally obliged to refund any money lost through scams.

However, Hafizah Ayko who was once a victim shared her experience on how she managed to recover money, even though the scammers used her debit card to run those fake Facebook advertisements.

To help you recover any money you may have lost to Facebook Ads scammers, I translated and “improved” her instructions for you:

Disable Your Debit / Credit Card

First, you need to quickly disable your debit or credit card. You can call up the bank, or in Maybank’s case:

Step 1 : Log into your Maybank2U account.

Step 2 : Go to Cards, and select Manage My Debit Card.

Step 3 : Select Debit Card – Replace, Renew, Activate & Block.

Step 4 : Select Block Debit Card. You will need to get a replacement card from any Maybank branch later.

If you feel that the above steps are too complicated, an alternative method would be to immediately transfer your money to another bank account, if you have one.

But please DO NOT transfer your money to another person’s account. Only transfer your money to another bank account that you own.

NEVER EVER transfer your money to a third party, especially they claim to be police officers or bank officers trying to help you. That is a scam!

Police departments and banks do NOT have special bank accounts to hold and protect your money during scams. And legitimate police and bank officers are NOT authorised to receive money, and will NEVER ask you to transfer money to their bank accounts.

Disable Facebook Ads

Next, you need to immediately disable all advertisements that the scammer has set up using your Facebook account. The longer they continue to run, the more you are being charged for them!

Step 1 : Go to your Facebook account, and select See all.

Step 2 : Select Ads Manager.

Step 3 : You should see a bunch of fraudulent advertisements running. Turn all of them off.

Ask Facebook For Refund

After turning off the fraudulent advertisements, you need to report them, and ask Facebook for a refund.

Step 1 : Go to Ad account settings, and select Report a problem at the lower right corner.

Step 2 : Select Ad Policy or Fraud. Then select Fraudulent Activity.

Step 3 : Explain your situation the best you can, and upload any screenshots you have, and send the report.

After that, Facebook should respond that they would issue a refund for the fraudulent transactions in 3-5 business days!

Alternatively, you can submit report unauthorised or unknown charges to Facebook using this online form.

Ask Your Bank For A Refund

You should also report the fraudulent transactions to your bank and request for a refund. This works for credit cards, but you should nevertheless give it a try even if the scammers hit your debit card.

Step 1 : Download the Maybank Dispute Form.

Step 2 : Print or directly fill in the information into the PDF form.

Step 3 : Email the form to disputemgmt@maybank.com.my, together with any relevant screenshots, within 20 days from the closing date of the billing period.

Again, banks are not obliged to refund fraudulent charges to debit cards, as the money is withdrawn directly from your bank account. But there is no harm trying.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Money | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Facebook Ads Scam Hits Many Maybank Customers!

Leave a reply

Many Maybank (MBB) customers are getting hit by the Facebook Ads scam!

Find out what’s going on, and what you can do to avoid this Facebook Ads scam!

Facebook Ads Scam Hits Many Maybank Customers!

Many Maybank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved.

Stephanie Wong : I think i am a very cautious person as I did not link my card to any platform or make purchase through any unsafe website at ALL, but it still happens to me.

I found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately.

They helped me to cancel the card but then the thing happened again this morning.

@ruffleseed : I heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS.

@MyMaybank has yet to answer us re: this intrusion.

Fahim Fahmi : Begitu saja duit kena curi 😢

Translation : That’s how [my] money got stolen 😢

Danish Ihsan : Aku dah kena jugak, satu hari 2 transaction.. nasib sedaq awai, habis rm800.. kalau tak lagi banyak.. maybank dah tak selamat, tadi kat bank pun ada akak kena jugak transfer to others acc beribu2 jugak lah,. Solusi, jangan guna maybank buat masa sekarang..

Translation : I got with with 2 transactions in one day.. luckily, I realised early, but lost rm800.. if not it would have been more.. maybank is not safe, just now at the bank a lady transferred thousands [of ringgit] to other people’s account. Solution, don’t use Maybank for now..

Analysis : Facebook Ads Scam May Not Be Related To Maybank

Many of those customers are angry with Maybank over these fraudulent charges to their debit cards, which meant the money was directly withdrawn from their bank accounts.

However, on closer analysis, the scammers may not necessarily be taking advantage of leaked Maybank debit card information, or hacked Maybank itself…

Fact #1 : Other Bank Customers Are Affected Too

While most recent Facebook Ads scam cases appear to be affecting Maybank customers, other bank customers are reporting that they took were charged for those fraudulent advertisements.

@eeshepeeka : nohh laki cek pun kena last week tp kat CIMB. ada few transaction for 2 days nasib dia tolak sikit2. sekali deduct RM12+ sehari 3x ja. deduction description pun sama sebiji cam dlm gambaq tu. haiyaa

Translation : Well, my husband also got [scammed] last week but at CIMB. there were a few transactions for 2 days, but luckily [the scammer] deducted only small amounts. each time deducting RM12+ a day for 3 times. The deduction description is the same as the one in the picture. haiyaa

@ItsNeoah : Banyak kali kena kat credit card ambank. Alhamdulilah call ambank dia mintak isi dispute form then tgok next cycle bil dah takde. Letih ngan scammer ni.

Fact #2 : Most Of Them Ran Facebook Ads In The Past

In addition to analysing their stories, I also spoke to someone who knows several Maybank customers who got hit by the scam. From what I can ascertain, most of them ran Facebook Ads in the past.

Stephanie Wong : 3.) Did not run any ads recently, but few years ago

@wnn_tasha : I last pakai FB ad guna akaun ni tahun 2018. Silap tak remove payment method tu.

Translation : I last used FB ad using this account in 2018. My mistake for not removing the payment method.

They said that they paid for Facebook page a few years ago to boost their audience.

That said, at least two Maybank customers said that they have never registered any debit or credit card with Facebook:

Fahim Fahmi : Tak pernah ada link kad dengan FB atau social media yang lain

Translation : [I] never linked [any] card with FB or other social media

@ruffleseed : I have never set up payment methods on Facebook nor have I ever used Facebook ads.

Fact #3 : Scammer Likely Got Access To Those Facebook Accounts

What is interesting is that most of those who were affected by this Facebook Ads scam reported that their Facebook accounts were used to create and run those ads.

If their debit or credit cards were merely stolen, the scammers could have created a new Facebook account to use those stolen cards to run Facebook ads.

Fortunately, one of the victims “caught” the scammer logging into her account from the United States. This clearly shows that the Facebook Ads scam requires the scammer to gain access to their Facebook accounts.

It is likely that the scammers gained access to their victims’ Facebook accounts using phishing attacks, and simply used the debit or credit cards that those victims earlier registered with Facebook to run advertisements in the past.

Fact #4 : Facebook Auto-Fill Is Not The Problem

After these cases went viral, people blamed the Auto-Fill feature in Facebook, and shared videos and photos on how to disable it.

The truth is – this Facebook Ads scam very likely has nothing to do with Auto-Fill, which is a feature used in many other services and platforms.

Auto-Fill only makes it easier to fill in your debit or credit card details. It does not bypass any verification that is required to make a payment.

Fact #5 : You Can Recover Your Money!

Now, this is important – you need to move fast to cut your losses, and recover the money. You can also improve your Facebook account security to prevent it from happening again.

For more details, please read our guide – Maybank FB Ads Scam : How To Recover Money?!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Money | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Must You Disable Facebook Auto-Fill To Block Scams?!

Leave a reply

Must you immediately disable Auto-Fill in Facebook to block scams?!

Here is what you need to know about Facebook Auto-Fill, and getting scammed on Facebook!

Claim : Facebook Auto-Fill Opens You To Scams!

People are sharing warnings about Facebook Auto-Fill, together with instructions on how to disable it to block Facebook Ads scams.

Guys check ur Facebook
And make sure these are OFF
this week a lot of MBB customers kena scam

1. Please check your bank account.
2. Please disable ‘auto-fill’ option in Facebook…

Truth : Facebook Auto-Fill Does Not Open You To Scams

There appears to be a spate of scams involving Facebook Ads and Maybank users, but it does not appear to be related to the Facebook Auto-Fill feature, and here are the reasons why…

Fact #1 : Facebook Introduced Auto-Fill In 2013

Facebook started introducing Auto-Fill sometime in September 2013, and gradually rolled it out globally over the years, so this is not a new feature.

Fact #2 : Many App Use Auto-Fill

Facebook isn’t the only app or platform to use Auto-Fill. Many services and platforms use Auto-Fill to make it easier to fill up forms and make payments.

The Auto-Fill feature is used in most, if not all, e-commerce / online shopping / online payment platforms, to expedite payments. The idea is that if they make it easier it is for you to pay, you will tend to buy more!

Many apps and services also use Auto-Fill to help you fill onerous forms with common details like your full name, email address, address and telephone number.

Fact #3 : Facebook Does Not Automatically Have Your Details

Facebook enables Auto-Fill by default for forms and payment, but that does not mean it has access to your debit or credit cards, or even your personal details. You need to manually key in your Contact Info and/or Payment Info for Facebook Auto-Fill to work.

If you have never given Facebook your credit card details, there is no way for its Auto-Fill to automatically fill in the credit card details for any transaction. Even if a scammer gains access to your Facebook account, he/she cannot use Auto-Fill because you never keyed in your debit or credit card details in the first place!

I did a quick check on two cases involving Maybank that came up recently (first example) (second example), and noticed that both parties who reported that they got fraudulently charged for Facebook Ads never registered their credit card with Facebook at all!

So whatever may be going on, it does not appear to be a Facebook Auto-Fill issue. But just in case you are worried, here are the latest steps on how to disable Auto-Fill on the Facebook mobile app.

Tap on your icon at the upper right corner of the Facebook app to access the Menu.
Scroll down the Menu until you see the Settings & privacy group.
Tap on Settings.
Scroll down the Settings & privacy page, and tap on Browser.
Scroll down the Browser settings page to the Auto-fill section.
You can tap on the Contact info and Payment info to check what information you shared with Facebook.
To disable Auto-fill for contact information, unselect Auto-fill contact forms.
To disable Auto-fill for payment, unselect Auto-fill payment forms.

Fact #4 : Auto-Fill Cannot Bypass TAC Verification

Even if you registered your credit card details with Facebook, and then use Auto-Fill to make a purchase, you will still need to authenticate that purchase.

Of course, it is possible to conduct a SIM swap attack, but that’s a different story altogether…

Fact #5 : Existing Facebook Ads Account Is A Risk

Those who have earlier registered a Facebook Ads account and ran advertisements may be at risk, because their credit cards would already be linked to their Facebook Ads account.

A scammer who gains access to their account (usually through phishing attacks) can easily create and run advertisements using their existing Facebook Ads account using the credit cards that have already been registered and approved earlier.

To minimise your risk, never ever use a debit card! Always use a CREDIT CARD, and always keep an eye on the transactions. Report to the bank once you see a fraudulent transaction.

But this has nothing to do with the Facebook Auto-Fill feature, and is not a concern if you never pre-approved your debit or credit cards with a Facebook Ads account.

Fact #5 : Existing Facebook Pay Account Is A Risk

Similarly, if you are using Facebook Pay, a scammer who gains access to your Facebook account could potentially use the debit or credit cards you registered earlier to make fraudulent transactions.

Again, you should NEVER use a debit card with Facebook Pay. Use a credit card, and always keep an eye on the transactions, and report to the bank once you see something fishy.

On top of that, you should enable PIN confirmation for Facebook Pay:

Go to Settings in the Facebook website (not app).
Go to Account Settings, and select Orders and payments.
In the Orders and payments page, select Settings.
In the Security section, select Require PIN Confirmation.
You will be asked to enter a 4-digit number as your PIN.
Key in the 4-digit number again to confirm your PIN.

After that, you will be required to key in the 4-digit PIN whenever you make a payment, or change your bank account details, or connect your payment info with other Meta apps.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Money | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

BitiCodes Scam Alert : Fake Celebrity Endorsements!

Leave a reply

You may have seen celebrities endorsements of BitiCodes or Biti Codes circulating on Facebook and Instagram, but they are all FAKE.

Find out why there are so many fake celebrity endorsements of Biticodes / Biti Codes, and how they are doing it!

BitiCodes / Biti Codes : Fake Celebrity Endorsements

BitiCodes or Biti Codes claims to be “the crypto industry’s most accurate AI auto-trading app“, which “works by automatically placing trades… using trading bots to strengthen your chances of making a profitable trade.”

If you never heard of it, you won’t be alone, because it’s mainly promoted via advertisements on Facebook, Instagram, etc. They are also promoting it through Google Ads like these examples, which will often appear in completely legitimate websites.

Clicking on those advertisements will lead to legitimate-looking articles from local or crypto publications, often with a celebrity endorsing Biticodes / Biti Codes.

Here in Malaysia, people will see Biticodes being endorsed by the likes of local politicians like Lim Guan Eng or Dr. Mahathir. But those in the cybersecurity industry will quickly realise that these articles are familiar because they are almost exact copies of scam articles used in the previous Bitcoin Revolution scam.

Looking for reviews of Biticodes or Biti Codes is pointless, because they appeared to have paid for advertorials in legitimate media outlets, which are (intentionally?) wrongly listed as “reviews”. Only at the very bottom do they include a disclaimer that it was a sponsored post.

Outlook India

Biticodes Reviews : Today we’ll be talking about one platform called Biticodes that you can use to make an extra source of income. It’s safe, and you do not need to worry about anything. It may help you earn good money in very less time.

Disclaimer : This is sponsored review content posted by us. All the information about the product is taken from the official website (and not fact-checked by us). Contact customer care phone number given on product’s official website for order cancellation, return, refund, payment, delivery etc. related issues. Must consult any financial specialist before investing in BitiCodes Auto-Trading Software.

Tribune India

Biticodes is real or scam review 2022 : With an astonishing success rate of 90%, BitiCodes has what it takes to be your go-to platform for cryptocurrency trading. It can execute multiple deals per second – a rate that even the most experienced cryptocurrency traders would be hard-pressed to match.

Disclaimer : The views and opinions expressed in the above article are independent professional judgment of the experts and The Tribune does not take any responsibility, in any manner whatsoever, for the accuracy of their views. Biticodes are solely liable for the correctness, reliability of the content and/or compliance of applicable laws. The above is non-editorial content and The Tribune does not vouch, endorse or guarantee any of the above content, nor is it responsible for them in any manner whatsoever. Please take all steps necessary to ascertain that any information and content provided is correct, updated, and verified.

In other words, those are NOT legitimate reviews, and the media outlets did not even test Biticodes / Biti Codes. Their disclaimers show that their “reviews” were paid content, written by Biticodes / Biticodes.

Avast Explains How BitiCodes Scam Works

In an August 2022 article, the cybersecurity company explained how the BitiCodes (also known as TeslaCoin) scam works:

The scam encourages people to pay to create an account and invest into a fraudulent crypto investment platform. There are two ways the campaign reaches potential victims: Through Facebook ads and email. Ultimately, victims can end up losing at least $250.

At the bottom of the page is a webform requesting site visitors to enter their name, email address, and phone number in order to register for the platform. The victim receives an email from a bot sparking a conversation in the victim’s language.

After a brief example exchange, the bot sends a link to a payment gateway, and asks the victim to transfer $250 in order to activate their trading account. Another scenario involves the bot emailing potential victims with steps to login to a cryptocurrency broker page, and after a few more emails, the bot sends a link to a payment gateway, asking the victim for a $250 initial investment.

I also investigated the articles and the BitiCodes website, and noticed that they are all using highly-suspicious domains and links:

celesteal.xyz/biticodes for the BitiCodes website (registered 23 Nov. 2022)
thedailypressbriefing.com/my for the BTC-News website (registered 29 Jan. 2023)
saveontaxesthisyear.tax for the BTC-News website (registered 6 Feb. 2023)

As you can see, the domains are not only completely unrelated to the article / websites, they are almost brand new! And if you go to their domain root, nothing loads. That is not how legitimate websites function. If you do a WHOIS lookup, you will discover that the owners of these domains are hidden.

Regardless of whether BitiCodes / Biti Codes itself is legitimate, you should avoid any article that do not tally with the official website, or with irrelevant domains.

Don’t fall for the scam. Avoid these BitiCodes / Biti Codes advertisements and fake celebrity endorsements.

Please help us fight fake news – SHARE this article, and SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Tenaga Nasional 33rd Anniversary Scam Alert!

Leave a reply

Please watch out for the Tenaga Nasional 33th Anniversary survey contest scam!

Find out why it is just a SCAM, and WARN your family and friends!

Tenaga Nasional 33th Anniversary Survey Scam Alert!

People are now sharing the Tenaga Nasional 33th Anniversary messages on WhatsApp :

Congratulations!

Tenaga Nasional 33rd Anniversary National Government Power Subsidy!

Through the questionnaire, you will have a chance to get 1000 Ringgit

🎉 Tenaga Nasional 33rd Anniversary National Government Power Subsidy 🎊

Electricity subsidy is being issued…

Recommended : Petronas 50th Anniversary Scam Alert!

Tenaga Nasional 33th Anniversary Survey : Why This Is A Scam!

Unfortunately, this is yet another survey scam, like the Petronas 50th Anniversary scam!

Tenaga Nasional confirmed that this survey is a scam in a scam alert on their website on 6 February 2023.

Win Cash Rewards from TNB – 6/2/2023

TNB customers are advised to ignore survey links that claim they can win cash rewards from TNB.

TNB does not organize any kind of cash prize giveaway on social media. Please be careful and avoid spreading this false information.

I know many of us are in dire straits during the COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using the same survey scam they have been using for years :

Now, let me show you how to spot these scams next time!

If you spot any of these warning signs, DO NOT PROCEED and DO NOT SHARE!

Warning Sign #1 : Bad Grammar

Most of these scammers do not have a good command of the English language, so if you spot bad grammar, stay away.

Proper contests or events sponsored by major brands like Tenaga Nasional will have at least one PR or marketing person who will vet the text before allowing it to be posted.

Read more : Petronas 50th Anniversary Scam Alert!

Warning Sign #2 : Offering You Free Money Or Gifts

Please do NOT be naive. No one is going to give you money or free gifts just to participate in a survey!

Tenaga Nasional isn’t going to give you FREE money, just because it’s their anniversary.

They are a corporation whose business is to make money, not a charity to give you free money.

Warning Sign #3 : Not Using The Real Jaya Grocer Domain

A genuine Tenaga Nasional campaign would use their real domain – www.tnb.com.my.

Or they would run it off the official Tenaga Nasional page on Facebook – www.facebook.com/TNBCareline/.

If you see nonsensical domains like merefamily.top, 0yjjg61.cn, 1eaf1rnbeef.top, ldxqw.bar, etc. that’s a sign it’s a SCAM!

Warning Sign #4 : Asking You To Forward The Offer

No brand will insist that you must share the offer with 5 groups or 20 friends on WhatsApp or Facebook Messenger.

Do not click to forward their offer to your family and friends. They will not appreciate being scammed with your help!

Warning Sign #5 : Asking You To Download + Register An App

If you click through and joined the fake survey scam, you will eventually be asked to download and register for an app.

This is VERY DANGEROUS. Never agree to download and register for any unknown app from a website.

Always download your apps from an official App Store like Google Play Store (for Android smartphones) and Apple App Store (for iPhones).

Please help us fight scams like this and SHARE this article out!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Is FIFA Giving Free 50GB Data For World Cup 2022?!

Leave a reply

Is FIFA offering 50 GB of free mobile data to stream World Cup 2022 matches with no interruptions?!

Take a look at the viral offers, and find out why they are just scams!

Claim : FIFA Is Giving Free 50GB Data For World Cup 2022!

People are sharing viral offers for 50 GB of free mobile data to stream World Cup 2022 matches without interruption. Here are some examples :

* FIFA is giving people around the world 50GB of data for free to watch the 2022 Cartel [Qatar] World Cup.*
* I Have Received Mine.*
* OPEN THIS*

* FIFA memberi orang di seluruh dunia 50GB data secara percuma untuk menonton Piala Dunia Kartel [Qatar] 2022.*
* Saya Telah Menerima Milik Saya.*
* BUKA INI*

FREE 50GB DATA PLAN FOR ALL NETWORKS

PERCUMA PELAN DATA 50GB UNTUK SEMUA RANGKAIAN

Truth : FIFA Is Not Giving 50GB Free Data For World Cup 2022!

This is yet another SCAM circulating on WhatsApp and social media, and here are the reasons why you must avoid it!

Fact #1 : FIFA Is Not Offering Free Mobile Data

First, let me just say it out loud and clear – FIFA is not offering free mobile data anywhere in the world, just to watch World Cup 2022 matches.

FIFA makes its money through sale of television, marketing and licensing rights for World Cup 2022, so there is simply no reason for it to provide free mobile data to stream the matches.

Fact #2 : FIFA Would Never Give You Anything Free

Please do NOT be naive. No one is going to give you free data just to participate in a survey!

FIFA is a corporation whose business is to make money, not a charity to give you free data.

Fact #3 : They Do Not Use Official FIFA Domains

Genuine FIFA promotions would be announced on the official website at www.fifa.com, or their official social media accounts:

Facebook : https://www.facebook.com/fifaworldcup/
Twitter : https://twitter.com/fifacom
Instagram : https://www.instagram.com/fifaworldcup/

They would never run contests or promotions via dodgy domains like “subsidy.buzz”, “50g.kxoe1.xyz”, “50gb450.xyz”, or “zlqxt.top”.

Once you see those random domains, click delete. Or just ignore. DO NOT CLICK.

Fact #4 : They Are Advertisement Scams

After you click on the link, you will be redirected through a series of hidden advertisements before you arrive at the “offer page”.

The offer page will ask you a series of simple questions. Regardless of your answers, you will be congratulated and told you won the 50 GB free data plan for three months.

You will be asked to key in your mobile number to receive the free mobile data, but you will never receive anything. In one variant, you are even redirected to more advertisements, including a video advertisement.

Fact #5 : Brands Won’t Ask You To Forward The Contest

To get that free 50 GB data for three months, you are asked to share the “contest” with 12 friends or groups on WhatsApp.

That’s a clear sign of a scam. No brand will insist that you must share their contest or free offer with WhatsApp friends of groups.

Please do not click to forward their offer to your family and friends. They will not appreciate being scammed with your help!

Fact #6 : They Can Potentially Be Dangerous

Similar scams in the past have more dangerous variants, where you are asked to :
a) install an app, which is really a malware to keep sending you advertisements
b) enter your banking or credit card details, ostensibly to prove your identity or some other excuse

Needless to say – proceeding with this step will open you up to great risk of monetary loss. DO NOT PROCEED!

If you install their malware, you will start receiving promotions, some of which will ask you to send an SMS to receive expensive free gifts like laptops and smartphones.

If you proceed to send the confirmation SMS messages, you will be subscribed and billed for international premium SMS services.

This is VERY DANGEROUS. Never agree to download and register for any unknown app from a website.

Always download your apps from an official App Store like Google Play Store (for Android smartphones) and Apple App Store (for iPhones).

Fact #7 : They Are Just Another Example Of Online Scams

These are just more examples of online scams offering freebies.

Now that you know the facts, please WARN your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Mobile | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Travellers To Europe Must Apply + Pay For ETIAS From 2023!

Leave a reply

It’s official – travellers to Europe must start applying and paying for ETIAS from 2023! Here is what you need to know…

Travellers To Europe Must Apply For ETIAS From 2023!

The European Commission has just announced the European Travel Information and Authorisation System (ETIAS) for all travellers to the Schengen States.

Slated to start in May 2023, ETIAS is meant to “identify security, irregular migration or high epidemic risks” amongst visa-exempt travellers.

EU travellers are exempt from ETIAS, and will continue to have freedom of movement throughout the EU, and the freedom to spend as much time as they want in any state in the Schengen zone.

ETIAS will only be obligatory for travellers from countries that currently do not require a visa to travel to the EU – about 60 countries including the US and the UK.

Travellers who currently need a visa to enter the EU will still need to apply for a visa. They will not be allowed to use ETIAS.

How Does ETIAS Work For Travellers To Europe?

Travellers will need to apply for ETIAS through a “largely automated IT system”, with approval granted “within minutes” for about 95% of applicants. But that could drag out to a month for “very exceptional cases”. Those who have their application denied will be allowed to appeal.

While applying for ETIAS will be quicker, done online, and requires no biometric information, there is a cost attached.

Every traveller aged 18 to 70 will need to pay an ETIAS fee of €7 (about US$7.40, £6, A$10.60, S$10.20, RM32.50). It is currently unknown if ETIAS will be free or cheaper for other age groups.

Applicants will be required to submit their data in the online application, which is said to take only “10 minutes” :

Unspecified personal data
Travel document (passport or equivalent document)
Member State of first intended stay
Background questions relating to previous criminal records, presence in conflict zones, orders to leave the territory of a Member State or third countries, return decisions issued.
Identity of the person / company assisting the applicant in the application process (if necessary)

The ETIAS system will automatically check the information provided against several EU databases, and approve or transfer it to ETIAS National Units for manual processing.

Once approved, the ETIAS will be valid for 3 years, or until the expiry date of the passport. So if possible, travellers should definitely renew their passports before applying.

But note that the ETIAS can be revoked at any time, if the conditions for that travel authorisation are no longer met by the applicant.

ETIAS : Selected FAQs

Here are selected FAQs on the European Travel Information and Authorisation System for those who want to learn more.

What is the difference between a Schengen visa and an ETIAS travel authorisation?

The ETIAS authorisation is not a visa. Nationals of visa liberalisation countries will continue to travel the EU without a visa but will simply be required to obtain a travel authorisation via ETIAS prior to their travel. ETIAS will be a simple, fast and visitor-friendly system, which will, in more than 95% of cases, result in a positive answer within a few minutes.

An ETIAS travel authorisation does not reintroduce visa-like obligations. There is no need to go to a consulate to make an application, no biometric data is collected and significantly less information is gathered than during a visa application procedure.

Whereas, as a general rule, a Schengen visa procedure can take up to 15 days, and can in some cases be extended up to 30 or 60 days, the online ETIAS application only takes a few minutes to fill in. Only in very exceptional cases, could the ETIAS procedure take up to 30 days. The validity will be for a period of three years, significantly longer than the validity of a Schengen visa. An ETIAS authorisation will be valid for an unlimited number of entries.

The ETIAS travel authorisation will be a necessary and small procedural step for all visa-exempt travellers which will allow them to avoid bureaucracy and delays when presenting themselves at the borders. ETIAS will fully respect this visa-free status; facilitate the crossing of the Schengen external border; and allow visa free visitors to fully enjoy their status.

What will visa-exempt travellers have to do before their travel?

Travellers will have to complete an online application via a dedicated website or an application for mobile devices. Filling in the application should not take more than 10 minutes and should not require any documentation beyond a travel document (a passport or other equivalent document). In case of an inability to apply (due to age, literacy level, access to and competence on information technology etc.) applications may be submitted by a third person.

An electronic payment of a €7 fee for each application will be required for all applicants between the ages of 18 and 70. The electronic payment methods will take into account technological advancements in the visa-free countries in order to avoid hindering visa-free third country nationals who may not have access to certain payment means.

The automated assessment process will start after the fee collection is confirmed. The vast majority of applicants (expected to be more than 95% of all cases) will be given automated approval which will be communicated to them within minutes of payment. If there is a hit against any of the searched databases or an undecided outcome of the automated process, manual handling of the application will take place by a Central Unit in the European Border and Coast Guard Agency or by a Member State team. This can prolong the response time to the visa-exempt third country national by up to 96 hours. In very exceptional circumstances further information may be asked of applicants and further procedural steps may be necessary, but in all cases a final decision shall be taken within four weeks of their application.

Of the roughly 5% of applications which produce a hit, it is expected that 3-4% will receive a positive decision after ETIAS Central Unit verifies the data, with the remaining 1-2% being transferred to ETIAS National Units for manual processing. After the decision applicants will be given a response by email with a valid travel authorisation, or a justification for the refusal.

What happens if a person has been refused travel authorisation from ETIAS?

If the travel authorisation is refused, the applicant retains the right to appeal. Appeals can be launched in the Member State that has taken the decision on the application and in accordance with the national law of that Member State. The applicant will be informed which national authority is responsible for the processing and decision on his or her travel authorisation, as well as information regarding the procedure to be followed in the event of an appeal. If the traveller considers their treatment to have been unfair, he/she is also given the right to seek redress or request access to the information through the national authority.

What is the validity of an ETIAS travel authorisation?

The validity of the travel authorisation will be three years (or until the expiry date of the travel document).

What are the obligations for the carriers?

Prior to boarding, air and sea carriers, as well as carriers transporting groups overland by coach will have to verify the status of the travel document required for entering the Schengen Area, including the requirement to hold a valid ETIAS travel authorisation. A transitional period is foreseen for carriers transporting groups overland by coach during which it will not be obligatory for them to check the presence of a valid travel authorisation.

What will happen at the border crossing point?

Upon arrival at a Schengen area border crossing point, the border guard will electronically read the travel document data, thereby triggering a query to different databases, including a query to ETIAS in the case of visa-exempt travellers. If there is no valid ETIAS travel authorisation, the border guards will refuse entry and record the traveller and the refusal of entry in the Entry Exit System.

If there is a valid travel authorisation, the border control process will be conducted and the traveller may be authorised to enter the Schengen area if all entry conditions are fulfilled or refused access as provided by the Schengen Border Code.

What databases will be checked by ETIAS?

When verifying and assessing the information submitted by visa-exempt travellers, the system will automatically cross-check each application against:

A. the existing EU information systems:

the Schengen Information System (SIS),
the Visa Information System (VIS),
Europol data,
the Eurodac database (once the Eurodac recast is in place),

B. future EU information systems:

the Entry/Exit System (EES),

C. Interpol databases:

the Interpol Stolen and Lost Travel Document database (SLTD),
the Interpol Travel Documents Associated with Notices database (TDAWN),

D. a dedicated ETIAS watch list and specific risk indicators.

How will ETIAS ensure and guarantee the respect for fundamental rights and data protection?

Personal data recorded in ETIAS will not be kept for longer than is necessary for its purpose. Data shall be stored for:

the period of validity of the travel authorisation or,
five years from the last decision to refuse, revoke or annul the travel authorisation.

The data could be stored for an additional period of no more than three years after the end of the period of validity of the travel authorisation if the applicant freely and explicitly consents to keep his or her data longer. After the expiry of the data retention period, the application file and personal data will be automatically deleted from the ETIAS Central System.

Member States’ law enforcement authorities and Europol will have access to ETIAS, under strictly-defined conditions, for the prevention, detection or investigation of terrorist offences or other serious criminal offences. The designated authorities and Europol should only request access to ETIAS when they have reasonable grounds to believe that such access will substantially help them in carrying out their duties.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Travel | Business | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

US Mil Contractor Admits Selling Aviation Secrets To China!

Leave a reply

A US military contractor just pleaded guilty to selling classified aviation secrets to China!

US Mil Contractor Admits Selling Aviation Secrets To China!

On 23 June 2022, Shapour Moinian, 67, of San Diego, pleaded guilty to selling classified aviation secrets to “representatives of the Chinese government”.

Moinan admitted that he knew that those individuals were employed by, or directed by, t he government of the People’s Republic of China.

He also admitted making false statements to cover that up, by lying on his government background questionnaires in July 2017 and March 2020 that he did not have any close or continuing contacts with foreign nations, and that no foreign national had offered him a job.

He now faces a maximum penalty of 10 years in prison, and a fine of up to $250,000 for action as an agent of a foreign government, and up to 5 years in prison and a $250,000 fine for making false statements.

His sentencing is scheduled for August 29, where federal prosecutors have agreed to recommend a sentence of no more than 20 months, as part of his plea agreement.

As Special Agent in Charge Stacey Moy of the FBI’s San Diego Field Office explains :

The defendant admitted to being an unregistered agent of a foreign power, lying on his background check paperwork to obtain his security clearance, knowingly providing proprietary information to people controlled by the Chinese government, and willingly receiving payments from them. This is another example of how the Chinese government enhances its defense capabilities through the illicit exploitation of U.S. technology.

When someone holds a security clearance, they know what information should be reported to security officials. In this case, the defendant betrayed his sacred oath, knew his actions were wrong, and subsequently lied about it. The FBI and our partners on the Counterintelligence Task Force will pursue anyone who abuses their placement and access to obtain proprietary information on behalf of a foreign government. I specifically want to thank the Naval Criminal Investigative Service (NCIS) for their continued partnership on this case.

How This Military Contractor Sold Aviation Secrets To China!

Moinan was a former US Army helicopter pilot who served in the United States, Germany and South Korea from 1977 to 2000. After leaving the US Army, he worked for various “cleared” defence contractors in the United States.

The term “cleared” indicates that the contractor has been vetted and cleared to work on projects involving classified information.

While working for a cleared defence contractor on various aviation projects involving the US military and intelligence agencies, Moinan was contacted by an individual in China, who claimed to be working for a technical recruiting company.

This Chinese individual offered Moinan the opportunity to consult for the aviation industry in China. In March 2017, Moinan travelled to Hong Kong to meet with this recruiter.

At that meeting, he agreed to provide information and materials related to multiple types of aircraft designed and/or manufactured in the United States, in exchange for money. Moinan accepted between $7,000 to $10,000 during that meeting.

On returning to the United States, Shapour Moinan began gathering aviation-related materials for the Chinese government.

In one instance, he copied classified materials obtained from a cleared defence contractor into a thumb drive, which he handed over to Chinese government officials during a stopover in the Shanghai airport in September 2017.

Moinan arranged for payment for this transfer to be paid through his stepdaughter’s South Korean bank account. He told her that these funds were payments for his overseas consulting work, and instructed her to transfer the funds to him in multiple transactions – to avoid scrutiny.

Moinan also accepted a mobile phone, and other equipment from these Chinese government officials to securely communicate with them, and to aid in the electronic transfer of classified materials and information.

At the end of March 2018, Moinan travelled to Bali to meet with the same individuals again. After that meeting, his step daughter received thousands of dollars in her South Korean bank account, which she wired to him in multiple transactions.

Later in 2018, Moinan went to work for another cleared defence contractor, and in August 2019, he travelled with his wife to Hong Kong to meet with the same Chinese government officials.

This time, he received $22,000 in cash for his services, which Moinan and his wife smuggled into the United States that trip.

It is currently unknown how the US government discovered Moines’s activities, but he was investigated by the FBI’s Counterintelligence Division and the Naval Criminal Investigation Service (NCIS).

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Military | Business | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Are MySejahtera 68808 SMS Messages A Scam?!

Leave a reply

Are MySejahtera messages sent through the 68808 SMS service really a scam?!

Take a look at the viral claim, and find out what the facts really are!

Claim : MySejahtera 68808 SMS Messages Are A Scam!

People are sharing this warning on social media – Facebook, Instagram, Twitter, as well as in WhatsApp and Telegram groups :

MySejahtera 通过 68808 发送短信要求用户重置资料，请不要点击链接，这是钓鱼陷阱骗局。
请转发广传出去给大家警惕，谢谢。

MySejahtera sending sms through 68808 to ask users to reset, pls do not click link. It’s a scam.

MySejahtera 68808 SMS Messages Not Necessarily A Scam!

Many Malaysians are rightfully wary about clicking on links sent by SMS or WhatsApp.

There have been many scams involving fake SMS or WhatsApp messages, which we covered here in Tech ARP :

However, Malaysians are also too gullible, accepting all warnings on WhatsApp as genuine, without first verifying if they are even true.

Here are the reasons why the MySejahtera reset messages delivered by the 68808 SMS service are not necessarily a scam!

Fact #1 : 68808 Is Used By MySejahtera

Despite what people may tell you – 68808 is an official SMS service number used by MySejahtera.

In fact, MySejahtera uses three SMS service numbers to send you notifications (like your vaccination appointments), as well as your password renewal link :

68808
68088
63001

Fact #2 : 68808 Messages Are Generally Legitimate

Despite what is shared on social media, messages sent through 68808 are genuine. What you need to be wary of are SMS messages sent via other numbers.

Take a look at this example of fake news shared on social media, and some websites. It was touted as an example of fake MySejahtera messages sent by 68808.

The truth is “original” message was sent through 63839, which is not a legitimate MySejahtera SMS service. The “fake” message was sent through 68808, which is a legitimate MySejahtera SMS service.

In this misleading example, you can also see a prior SMS message on vehicle servicing in the 63839 channel. Official MySejahtera SMS channels (68808, 68088 and 63001) will only show messages from MySejahtera, not other services.

Note : The links in both messages appear to be genuine, linking to https://mysejahtera.malaysia.gov.my/.

Fact #3 : MySejahtera Sends Reset Links Via SMS

Despite what social media “experts” may tell you – MySejahtera will send password reset links through SMS, as a verification method.

If you are trying to reset your MySejahtera password (because you forgot it), you will be sent an SMS message with a link to https://mysejahtera.malaysia.gov.my/, as the example above shows.

Fact #4 : SMS Messages Can Be Spoofed

That said, SMS messages can be spoofed to appear to come from the three legitimate MySejahtera channels – 68808, 68088 and 63001.

So you should avoid clicking on MySejahtera password reset links, even from legitimate channels, unless you have specifically asked to reset the MySejahtera password.

Fact #5 : MySejahtera Team Clarified This In April

The MySejahtera team actually refuted these false claims in April 2022. Unfortunately, people still continue to share this fake news.

So please help us fight fake news – share this fact check with your family and friends!

How To Avoid MySejahtera (Or Other) SMS Scam!

So here is what I recommend when it comes to SMS messages, whether they were sent by MySejahtera, banks, etc. :

Always check to make sure they come from legitimate SMS channels. For MySejahtera, that’s 68808, 68088 and 63001.
If you are not sure about an SMS message from the authorities / banks / telcos, please do not hesitate to call them to verify the authenticity of that message.
Never click on a link to log into a website (like your bank). Always use your banking app, or log in manually using a Internet browser on your computer or phone.
Only click on a link in specific circumstances that do not require a login – for example : to verify your request to reset your MySejahtera password.
Do NOT click on any link to confirm that you are resetting a password, or confirm your new SIM card, unless you just requested to performed those actions.
Before you click on a link, always check the link goes to the official website (like https://mysejahtera.malaysia.gov.my/). Never click on a link that goes to suspicious websites.

I hope this article helps you differentiate between fake claims circulating on social media and WhatsApp groups, and proper cybersecurity measures we should take to prevent being scammed of our hard-earned money!

Please help to SHARE this fact check article out, and please SUPPORT our work! Thank you!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Mobile | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

CODEX Cracking Group Officially Shuts Down!

Leave a reply

The games cracking group – CODEX – has called it quits, officially shutting down for good. This is truly the end of an era.

CODEX Cracking Group Officially Shuts Down!

The CODEX cracking group announced their retirement in the release notes of “The Sims 4 My Wedding Stories”.

It was not due to legal troubles (arrests) or internal conflict, but the team felt they had already achieved their goal.

A CODEX short story

CODEX was founded with one and only one goal in mind: “to give the dominating PC games group at the time, RELOADED, some serious competition.”

A highly motivated and hard-working group of veterans and rookies alike banded together and created a new name to achieve that goal. It was a fun and sometimes dirty ride with lots of give and take on both sides. Bud sadly, it did not last very long and RLD started to crumble and slowly fell apart, making the scene less interesting.

What was left when they finally surrendered and the dust settled?

The blade has been dull for a long time. Quality, tradition and pride was slowly fading to darkness.

Of course, there is a particular group that uses an old name without permission. From the first day they started releasing in the PC section, they have worked hard to shamelessly destroy the reputation of a once iconic group tag when they really should have closed down years ago after all the spectacular fuckups they are responsible for.

Since then there have only been people resurrecting and adopting old names from previously busted groups instead of creating something new and unique on their own. Starting from nothing to slowly build up a reputation for themselves through hard work was obvious too much of a hassle and recycling old identities to get a head start was their way to go.

Still, even with that, this did not lead to any serious competition with two traits we pride ourselves on– a strong continued effort and a good amount of quality output on more than just DRM-free games or simple Steam protections.

CODEX cracked a large variety of protections like Steam (Stub+API+CEG), Arxan, XboxLive, UWP, Denuvo, Origin, Play, Bethesda.net, Battle.net and custom protections on games like Grim Dawn, Street Fighter V, WWE2k20, Croteam games, BigAnt games, Minecraft Dungeons, and many more.

So now, years after reaching our initial goal, we feel that it is time to move on. We thank everyone who accompanied and supported us on our journey.

Have a good time… Bye from CODEX!

CODEX Ends 8-Year Run At The Top

Since they burst into the scene in 2014, CODEX has been at the forefront of cracking and removing game copy protections.

They were able to consistently crack even the strongest copy protections like Denuvo, and release major game titles soon after their launch.

That made them the bane of game developers and publishers, potentially costing them millions of dollars in revenue.

On the other hand, CODEX gave less fortunate people access to games they perhaps would not be able to afford, and a DRM-free copy to gamers who already paid for a particular game.

More than a few hardware reviewers also relied on the latest CODEX-cracked games to run benchmarks.

Perhaps their greatest effect was to convince at least some game developers to eschew paying for “strong” copy protections, and offer DRM-free games through platforms like GOG.

Warhorse Studios, for example, released Kingdom Come: Deliverance on Steam, only to have CODEX release a cracked copy within hours. But Warhorse quickly offered a DRM-free version on GOG.

In the end, Warhorse sold half a million copies of Kingdom Come: Deliverance within two days, and a million copies by the end of the week. By its first anniversary, two million copies were sold, even though a CODEX cracked copy existed on launch day.

Warhorse Studios director and co-founder, Daniel Vávra, even printed and put up a poster of the CODEX NFO of their cracked game.

Among posters with some classic old school games, we put this poster on a very special spot 😂 #KingdomCome #release #nfo #warez #codex pic.twitter.com/7HEUtq6RYQ

— Daniel Vávra ⚔ (@DanielVavra) January 8, 2020

Now that the CODEX crew has officially retired, new PC games cracking groups will inevitably come to the fore, possibly “taking over” their famous name.

But they will likely not be able to come close to their quality or prolificacy – CODEX released some 7,000 game titles in the past 8 years.

This is truly the end of an era in the scene.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Gaming | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Watch Out For Nestle 2022 Anniversary Phishing Scam!

Leave a reply

Please watch out for the Nestle 2022 Anniversary phishing scam!

Find out why it is just a SCAM, and WARN your family and friends!

Nestle 2022 Anniversary Phishing Scam Alert!

People are now sharing the Nestle 2022 Anniversary message on WhatsApp (translated into English) :

CONGRATULATIONS!

Your family has been chosen to receive a lucky drag for the Nestle 2022 Anniversary at the Nestle office.

This contest has been approved by the Malaysian court / police, with the cooperation of Bank Negera Malaysia (BNM).

The link attached to the a website with the following instructions :

Winners must keep the PIN-CEK number as evidence for winner verification and prize collection
There are two ways to submit the contest form – through WhatsApp or this website.
The contest form must be completed with your details. Incomplete forms will be rejected by the sponsor without notice.
Every valid application will be shortlisted. There is no limit to the number of applications.
First Prize Winner : RM10,500
Second Prize Winner : RM9,300
Third Prize Winner : RM8,500
To redeem your prize, just use your WhatsApp to :
a) Fill in the Nestle winner application number
b) Fill in your full name and identity card number
c) Attach a clear picture of your BANK ATM CARD – front and back
d) Go to the nearest ATM machine, and WhatsApp the details above to +60124181128

Nestle 2022 Anniversary Phishing Scam : How Does It Work?

The Nestle 2022 Anniversary phishing scam is DANGEROUS. Please warn your family and friends to AVOID it.

Fact #1 : There Is No Such Nestle Giveaway!

There is no such anniversary giveaway by Nestle Malaysia. There is no reason for Nestle Malaysia to give out so much money.

They are a business, not a charity. They are in the business of selling you products, not giving you money.

Businesses do sponsor giveaway contests, but they are generally low value. Nestle Malaysia, for example, is currently giving away RM30 Shopee vouchers.

Fact #2 : Nestle Would Not Use Free Websites

Nestle is a large multinational company. It would not be using free website services like Wix.

Nestle Malaysia has its own website (https://www.nestle.com.my/) and Facebook page (https://www.facebook.com/Nestle.Malaysia) where they post official contests and promotions.

Always verify if a contest is genuine by visiting the official website / social media page.

Fact #3 : Nestle Would Never Ask For Pictures Of Your ATM Card!

Nestle, and any legitimate brand, would NEVER ask you to send them pictures of your bank ATM card!

Sending the pictures of your ATM card will allow them to clone the card, or trick bank staff into giving the scammers access to your bank account.

NEVER EVER SEND ANYONE PICTURES OF YOUR BANK ATM CARD!

Fact #4 : Nestle Would Never Ask You To Go To An ATM

No legitimate contest would require you to go to an ATM machine to receive money.

NEVER TRUST ANYONE WHO ASKS YOU TO GO TO AN ATM MACHINE.

Fact #5 : Nestle Would Never Ask For Your PIN / TAC

Nestle would never ask you for your ATM card’s PIN or any TAC number you may receive.

Giving out those details is how scammers get access to your bank account.

NEVER GIVE OUT YOUR PIN OR TAC NUMBER!

Fact #6 : This Lets Scammers Withdraw Money From Your Bank Account

I know many of us are in dire straits during this COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using such anniversary scams.

This particular Nestle 2022 Anniversary Scam is a real danger, because it will allow scammers to gain access to your bank account and withdraw money.

Also watch out for the other anniversary scams that I have covered over the years :

Please WARN your family and friends about these scams!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Cybersecurity | Business | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

MySJ Trace : Frequently Asked Questions + Answers!

Leave a reply

The new MySJ Trace feature has raised many questions, and here are the answers to your frequently asked questions!

MySJ Trace : Frequently Asked Questions + Answers!

Ever since the MySejahtera team launched the MySJ Trace feature, many questions were raised by people over its security, privacy, and usability.

So with help from Dr. Mahesh Appannan, the Head of Data at the Crisis Preparedness and Response Centre (CPRC) of the Malaysia Ministry of Health (KKM), here are the answers to some of your frequently asked questions about MySJ Trace!

These answers supplement the original frequently asked questions (FAQ) about the MySJ Trace feature, which you can read in the next section.

Question #1 : Why Does MySJ Lists Interactions Even At Home?

The interactions refers to Bluetooth devices (with MySJ Trace enabled) that your MySejahtera app detected.

MySJ Trace can detect Bluetooth signals from as far as 10 metres away, but can be reduced by barriers (walls, your body, other electronics, etc.)

It will not only detect the smartphones of your family members (with MySJ Trace enabled), but also your neighbours, who can be in the floor above, below, or next to your home.

There is nothing to worry about these “interactions”. It just means you came within 10 metres of people who have MySJ Trace enabled.

Question #2 : Does Interactions Mean Casual / Close Contacts?

No, not all interactions are flagged as casual / close contacts, if you become COVID-19 positive.

The algorithm takes into account the signal strength (RSSI – Received Signal Strength Indicator) that your phone detects, and your exposure time.

The parameters used to classify casual or close contacts are refined over time for maximum accuracy. For example, if the Omicron variant becomes widespread, the exposure time will be shortened, and the distance extended, for someone to be considered a casual / close contact.

Question #3 : Why Do People In The Same Family Have Different Number Of Interactions?

Even if your family goes out together, you may all have different number of interactions, because it depends on a variety of facts :

your individual proximity to other people,
anything that blocks Bluetooth signals – their bodies, other electronics, electronic keys, etc.
whether you are holding the phone, or it is in your pocket, etc.

Question #4 : Does MySJ Trace Transmit My Data With Each Interaction?

No. There is no handshake or exchange of information with each interaction.

MySJ Trace detects the Bluetooth signal of other phones, and logs when that “interaction” occurred, and the signal strength.

It’s like listening to the radio – the broadcaster does not receive anything in return.

Question #5 : Does MySJ Trace Transmit My Data?

No. MySJ Trace stores all of the recorded data in your phone, and does not automatically upload it.

Only if you are COVID-19 positive, are you asked to upload your contact history for the last 14 days, so that people who were your close contact can be notified.

MySJ Trace requires your explicit consent to transmit your data to the Malaysia Ministry of Health (KKM).

Question #6 : How Long Does MySJ Trace Store Data?

MySJ Trace only stores data for the last 14 days, on a First-In, First-Out basis.

All data older than the most recent 14 days are automatically purged.

Question #7 : Why Do You Still Need To Check In Using QR Code?

First – not everyone is using MySJ Trace, so there still needs to be an alternative contact tracing method.

The QR code check-in function also gives KKM data to undertake faster contact tracing, especially involving a major cluster.

Question #8 : What’s The Difference Between MySJ Trace And QR Code Check-In?

MySJ Trace allows for automatic contact tracing, while QR code check-in gives KKM critical data. In addition :

MySJ Trace algorithm is based on time and distance (Bluetooth signal strength), while
Check-In algorithm is based only on time

Question #9 : Does MySJ Trace Use A Lot Of Battery Power?

MySJ Trace uses Bluetooth Low Energy (BLE), which consumes significantly lower power than standard Bluetooth wireless communications. The impact on battery life is minimal.

Question #10 : Why Does MySJ Trace Not Use Exposure Notification By Google / Apple?

By Google and Apple standards, an Exposure Notification (EN) app must maintain user anonymity, and record proximity data anonymously. It cannot contain Personally Identifiable Information (PII).

The MySejahtera app necessarily contains your identity, vaccination status and certificates, and so on. Therefore, it cannot comply with Google and Apple’s requirements for an Exposure Notification app.

MySJ Trace : Official Answers To Frequently Asked Questions

Here are the official answers to the MySJ Trace frequently-asked questions (FAQ):

1. What is MySJ Trace?

MySJ Trace is a contact tracing application developed by the Government of Malaysia.

It adopts a community-driven approach where participating devices exchange proximity information whenever an app detects another device with MySJ Trace app installed.

This application allows the identification of people who were in close proximity to COVID-19 infected individual

2. What is the difference between MySJ Trace and MySejahtera?

MySejahtera & MySJ Trace are used by the Ministry of Health (MOH) to help manage the COVID-19 pandemic in Malaysia.

MySejahtera allows users to perform quick health-self assessment and for the Ministry of Health (MOH) to monitor users’ health condition and take immediate actions in providing treatments.

Meanwhile, MySJ Trace further complements MySejahtera by detecting and tracing the individuals who are in close contact with the COVID-19 positive patients.

3. Who developed MySJ Trace?

MySJ Trace was developed through a strategic cooperation between government agencies of Malaysia :

Ministry of Science, Technology and Innovation (MOSTI)
Ministry of Health (KKM)
Administrative Modernisation and Management Planning Unit (MAMPU)
Malaysian Institute of Microelectronic Systems (MIMOS)

4. Who are the users of MySJ Trace?

All Malaysian citizens and residents of Malaysia.

5. Where can I download MySJ Trace?

Users only need to update the MySejahtera application to the latest version.

6. How does MySJ Trace function?

MySJ Trace enables participating devices to exchange proximity information whenever the app detects another device with the same app installed. Data collected will be stored and processed only by the MOH officers.

When a user is identified to be COVID-19 positive, the user will initiate a process to upload the data from the user’s smartphone to a secured database managed by the MOH.

7. What is contact tracing?

Contact tracing is an identification process of individuals who may have come into close contact with an infected COVID-19 patient.

It enables the MOH to further trace and contact the individuals and organize a follow-up action.

8. If I have been identified as a close contact, how will I be contacted?

The user will receive an SMS, and a notification in the MySejahtera app.

9. What data are collected by MySJ Trace?

Only these data are collected :

Unique User ID (UUID) that is created by the MySejahtera app.
Operating system version (Android or iOS)
Time of contact
Received Signal Strength Indicator (RSSI)

10. Are my personal information that is stored in the app safe?

MySejahtera and MySJ Trace are owned and operated entirely by the Malaysian government. The government guarantees that all information collected and used in the app comply with the information security standards of the government of Malaysia.

11. Does MySJ Trace require Internet connectivity after activation?

Yes, Internet connectivity is required when you first update the MySejahtera app, and during the data uploading process.

12. What devices support MySJ Trace?

MySJ Trace is supported by smartphones that use the Android or iOS operating systems :

Android : Version 8.0 and above
– Non-sleep mode must be set, so MySJ Trace will remain active in both foreground and background modes.
iOS : Version 10 and above
– The phone must be active at all times while the app needs to be in the foreground mode.

13. Must Bluetooth be activated at all times?

Yes, Bluetooth must be activated at all times for MySJ Trace to work properly.

14. Will Bluetooth usage cause high battery usage?

Unlike using Bluetooth to stream music or to a wireless headphone continuously, MySJ Trace uses Bluetooth to only transmit its presence periodically. As such, it uses significantly less power.

15. Will the app use significant battery power if MySJ Trace is left running all the time?

MySJ Trace uses Bluetooth Low Energy (BLE) to minimise battery usage. Therefore, the app does not use significant amounts of battery power to collect persistent contact tracing information.

16. Will MySJ Trace Bluetooth usage affect my other Bluetooth accessories?

MySJ Trace does not affect the use or performance of other Bluetooth accessories like wireless speakers, wireless earphones or headphones, or smartwatches.

17. Why must I allow location permission for the Android version?

Android requires location permission to be granted for any app to access Bluetooth features. However, geolocation data will not be collected.

For iOS, only the Bluetooth function needs to be enabled.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Mobile | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Why The Government Can’t Use MySJ Trace To Track You!

Leave a reply

People are worried that MySJ Trace lets the government track their location and movements 24/7.

Find out WHY this is simply not possible!

Claim : Government Can Use MySJ Trace To Track You 24/7

MySJ Trace is a new contact tracing feature that was just introduced in the MySejahtera app.

People are claiming that the government can use it to track your movements 24/7. Here is one example :

so the govt can trace our exact location at any given moment. great.

Though I guess there is probably several other apps or with the telcos help that they can already do exactly that.

Although surprisingly the police have been totally unable to locate the ex husband of Indira Gandhi or her children that the ex husband abducted, despite the court ordering the police to do so.

That’s really a typical response to any new MySejahtera feature – the government is introducing it to snoop on us. Our privacy is gone! They will know where we are!

Let’s find out what the facts really are…

Truth : No One Can Use MySJ Trace To Track You 24/7

The truth is – this is yet another example of FAKE NEWS being shared on WhatsApp, and here are the reasons why it’s not possible for anyone to use it to track you 24/7…

Fact #1 : MySJ Trace Only Tracks Your Proximity

MySJ Trace does not actually detect your location, which is why you still need to check into locations manually.

It only detects and logs the Bluetooth signals of nearby smartphones with MySJ Trace enabled, to determine how close they are and how long they remain in proximity.

MySJ Trace also broadcasts itself to nearby devices, so that they can log its presence, distance and length of contact.

Fact #2 : MySJ Trace Does Not Collect Location Data

MySJ Trace does not collect geolocation data, only these data:

Unique User ID (UUID) that is created by the MySejahtera app.
Operating system version (Android or iOS)
Time of contact
Received Signal Strength Indicator (RSSI)

The Malaysia Ministry of Health confirmed this in no. 17 of their FAQ, stating that “geolocation data will not be collected“.

So there’s no way for the government to actually know where you are using only MySJ Trace data.

Fact #3 : MySJ Trace Only Stores 14 Days Of Data

The data that MySJ Trace records is only stored for the last 14 days, on a first-in, first out (FIFO) basis.

All data older than the most recent 14 days are automatically purged.

So even if a hacker gains access to it, he/she will only have access to your proximity contact data for the last 14 days.

Fact #4 : MySJ Trace Does Not Transmit Your Data Automatically

The proximity contact data that MySJ Trace logs is NOT automatically transmitted to the Malaysia Ministry of Health (KKM).

Only when you are identified as COVID-19 positive, will you be asked to submit your proximity contact data for the last 14 days.

Fact #5 : MySJ Trace Data Is Stored + Used Only By KKM

Your proximity data that you upload will be stored in a secured database server managed by the Malaysia Ministry of Health (KKM).

Only KKM has access to your uploaded proximity data, which will be used to determine your close contacts so they can be notified.

Fact #6 : We Are Not That Interesting…

Frankly, most of us are not that interesting to the government. They are not interested in where you live or travel to, what you eat or buy, or even who you are sleeping with.

All that data is interesting and useful to corporations, but not the Malaysian government. Please remember – you are living in Malaysia, not China or North Korea.

Why would the government want to know where you are, or where you have gone, or who you have met?

Fact #7 : There Are Easier Ways To Find You…

Finally, the “fear” of the government using MySJ Trace to track where you are at all times is frankly, ludicrous because there are far easier ways to do it.

The truth is – our geolocation data is readily available to your mobile service provider, as well as cloud and social media service providers (Google, Facebook, Instagram, WhatsApp, etc.)

If the government really wants to know where you are, they can simply get a court order to force your mobile service provider to tell them where you are right now.

They don’t have to rely on an opt-in feature in the MySejahtera app, and wait until you submit your own proximity data…

Now that you know the facts, please TURN ON MySJ Trace, to improve contact tracing!

And please SHARE this fact check with your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Go Back To > Fact Check | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

MCO 3.0 Total Lockdown SOP : 3 June 2021 Update!

Leave a reply

Here is the 3 June 2021 update of the MCO 3.0 total lockdown SOP of Malaysia, which many are calling FMCO (Full MCO)!

We will keep updating this guide, as and when they issue new SOPs!

Updated @ 2021-06-03 : Added the 2 June 2021 MCO 3.0 SOP video and list.
Updated @ 2021-05-31 : Added the full lockdown SOP list of PERMITTED and FORBIDDEN activities.
Originally posted @ 2021-05-30

MCO 3.0 Total Lockdown : Phase 1 SOP Starts 1 June 2021!

On 29 May 2021, the Malaysia Prime Minister’s Department announced that the National Security Council (MKN) decided to order Total Lockdown Phase 1.

From 1 June until 14 June 2021, there will be a complete lockdown of the social and economic sectors across the country.

This new lockdown SOP will apply ACROSS Malaysia – no states are exempted.

MCO 3.0 Total Lockdown SOP : 2 June 2021 Edition!

Here is a video showing the 2 June 2021 edition of the total lockdown SOP for MCO 3.0, which people are calling Full MCO or FMCO.

MCO 3.0 Total Lockdown SOP : Essential Services

All social and economic activities are FORBIDDEN, except for these 17 essential services :

Food and beverages, including for animals
Healthcare and medical services, including dietary supplements, veterinarian services, etc.
Water supply
Energy supply
Security and safety, defence, emergency, social and humanitarian services
Waste disposal and public sanitisation and sewerage
Land, water and air transportation
Port, shipyard, airport services and operations, including loading, unloading, cargo handling and piloting, storage or transportation of commodities
Communications including media, telecommunications and Internet, post and courier, as well as broadcasting (for the purpose of conveying information, news and the like.
Banking, insurance, takaful and capital markets
Community credit services (mortgage and Ar-rahnu)
E-commerce and information technology
Production, distillation, storage, supply and distribution of fuels and lubricants
Hotels and accommodation (only for quarantine purposes, segregation, employment for essential services and not for tourism).
Critical construction, maintenance and repair
Forestry services (limited to enforcement) and wildlife
Logistics limited to delivery of essential services

MCO 3.0 Total Lockdown SOP : Essential Industries

All industries are FORBIDDEN, except for the following sectors :

Manufacturing (60% employee capacity)

Aerospace (components and maintenance, repair and overhaul – MRO)
Food and beverage
Packaging and printing materials, only related to food and health
Personal care and cleaning products
Healthcare and medical products, including dietary supplements
Personal care items, personal protective equipment (PPE), including rubber gloves and fire safety equipment
Components for medical devices.
Electrical and electronics of global economic chain importance
Oil and gas, including petrochemicals and petrochemical products
Chemical products
Machinery and equipment for health and food products
Textiles for PPE production only
Production, distillation, storage, supply and distribution of fuels and lubricants

Agriculture, Fisheries, Livestock, Plantation and Commodities (“optimal” employee capacity)

Agriculture, fisheries and livestock and their supply chains – for example, shops selling fertilisers and pesticides, or oil palm fruit processing factories are allowed to operate
Oil palm, rubber, pepper and cocoa plantation and commodities including their supply chains

Construction (“optimal” employee capacity)

Critical maintenance and repair works
Major public infrastructure and construction works
Building construction works that provide complete employee accommodation at construction sites, or workers that are housed in Centralised Workers Quarters (CLQ).

Trade + Distribution (8 AM until 8 PM daily)

Shopping malls must be CLOSED, except for supermarkets, hypermarkets, departmental stores and premises selling food and beverages, essential items, pharmacy, personal care, convenience store, mini mart, and restaurants for takeaway and home delivery.
Supermarkets, hypermarkets, pharmacies, personal care stores, convenience stores, mini marts and grocery stores, as well as departmental stores are allowed to open, but RESTRICTED to their food, beverage and essential item sections only.
Restaurants, stalls and food outlets – only for takeaways, drive-through or food delivery
Laundry services, including self-service laundromats
Pet care and pet food stores
Eyewear and optical goods stores
Hardware stores
Vehicle workshops, maintenance and spare parts
E-commerce – all product categories
Wholesale and distribution – for all essential products only

MCO 3.0 Total Lockdown SOP : The Full List

Note : Any activity NOT mentioned in this SOP is FORBIDDEN.

Travel Restrictions

Interstate or inter-district travel is FORBIDDEN.
Up to two (2) people from each household are allowed to go out to purchase food, medicine, dietary supplements and other daily essentials.
Up to three (3) people, including the patient, are allowed to go out from each household to seek medical treatment, healthcare, screening test, security assistance or other emergencies within a radius of no more than 10 kilometres from their home, or the nearest available service (if there are none within 10 km).
Up to two (2) people are allowed in each taxi or e-hailing ride, including the driver. The passenger must be seated in the rear compartment.
Commercial vehicles carrying essential goods are allowed to carry people up to the licensed limit.
Official government vehicles are allowed to carry up to their maximum capacity.
All airports and ports are allowed to operate as usual.
Sea and land public transportation services, like employee transportation, public buses, express buses, LRT, MRT, ERL, monorail and ferry are allowed to operate at 50% of vehicle capacity.
Travel for funerals and natural disasters are allowed with police permission.
NGOs travelling to assist with natural or humanitarian disasters must obtain permission from the State / District Disaster Management Committee, and the aid must be funnelled through the Disaster Operations Control Centre (PKOB).
Interstate / inter-district travel for the purpose of COVID-19 vaccination is ALLOWED with the display of vaccine appointment on MySejahtera, website or SMS.
Members of Parliament or State Assembly are ALLOWED to cross state or district lines.
Interstate travel is FORBIDDEN for couples in long-distance relationships.
Short-term business visitors are ALLOWED for official or business purposes under the One Stop Centre (OSC) Initiative, with police permission

General Health Protocols

Premise owners and business licence holders must ensure that customers enter and leave the premises with a minimum physical distance of 1 metre.
Premise owners and business licence holders are OBLIGATED to provide the MySejahtera QR Code and a logbook to register visits by their customers.
Hand sanitisers must be provided at entry points, and customers must use them before entering the premise.
The use of MySejahtera is MANDATORY in areas with good Internet connectivity. The use of a logbook is only allowed in areas with no Internet connectivity or reasonable excuses (senior citizens, no smartphone, etc.)
Premise owners and business licence holders must ensure that customers check in using MySejahtera, or writing their name and telephone number manually if there is no Internet connectivity.
In shopping malls, customers only need to scan their body temperatures ONCE at the mall entry point. It is not necessary to scan their body temperature at every premise in the mall.
Those with body temperatures exceeding 37.5 degrees Celsius are NOT ALLOWED to enter.
Malls and premise owners must ensure that only customers with Low Risk or Casual Contact Low Risk in MySejahtera are allowed to enter.
Children 12 years or younger are NOT allowed in public places and facilities, EXCEPT in emergencies, treatment, education or exercise.
Premise owners and business licence holders must restrict the number of customers within their premises to ensure at least 1 metre physical distancing.
Every premise must publicly display the limit of customers allowed inside at any one time. The use of a numbered queue system is encouraged to control the number of customers.
All building owners must provide QR Codes for each floor / level.
It is MANDATORY for employees, suppliers and customers to properly wear face masks while within the premise.
There must be good ventilation and aeration at the premise.
It is MANDATORY to wear a face mask, especially in crowded public areas, EXCEPT in these places or situations :
a) hotel room or paid accommodation, alone or with your own family
b) Personal working space
c) Sporting activities and outdoor recreation
d) Personal vehicle, alone or with your own family
e) Indoor or outdoor public areas, when there are no other individuals
f) While eating or drinking in public areas, when there are no other individuals (except in restaurants or other food & beverage premises)

Civil + Private Employees

Civil servants must work from home (WFH) completely, except for frontliners, security, defence and enforcement.
Office attendance for essential services in the civil service must not exceed 20% at any one time, and must emphasise work that cannot be performed at home, like payment, maintenance, security, technical management, online meetings and ministerial documentation.
Civil servants going to office must receive official attendance order and worker’s pass.
Employee capacity for the private sector (essential services only) is limited to 60%, including both operations and management.
Approved essential services must have official approval from 1 June 2021 onwards. Employee travel is limited to approved operations letter or worker’s pass or employer’s letter of authority.
Meetings must be conducted via video conferencing.
Seminars, workshops, courses, training and talks are FORBIDDEN, except through online methods or in-service training through Camp-Based Training.

Allowed Business + Services

Restaurants, food shops, food stalls, food trucks, hawkers, food courts, hawker centres. food kiosks are ALLOWED to operate from 8 AM until 8 PM for takeaway, drive-through or delivery.
Dine-in and park & dine services, and picnics are FORBIDDEN.
Grocers and convenience stores are ALLOWED to operate from 8 AM until 8 PM.
Hardware stores, vehicle workshops, childcare stores and religious stores are ALLOWED to operate from 8 AM until 8 PM.
Healthcare services like hospitals, clinics and medical laboratories are ALLOWED to operate 24 hours, or up to their licensed operating hours.
Pharmacies can operate from 8 AM until 8 PM.
Petrol stations can operate from 6 AM until 8 PM, except for those on tolled highways which can operate 24 hours.
Supermarkets, shopping malls, pharmacies, personal care stores, convenience stores, mini markets and departmental stores can only open sections limited to food, drinks and essential items, from 8 AM until 8 PM.
Veterinarian clinics and pet food stores are ALLOWED to open from 8 AM until 8 PM.
Laundry services and optical stores are allowed to operate from 8 AM until 8 PM. Self-service laundromats must ensure an employee is present on-premise.
Daily and public markets are ALLOWED to open from 6 AM until 2 PM, subject to the local authorities, proper SOP and under RELA / PBT supervision.
Controlled Fresh Produce Market (PST) are ALLOWED to open from 7 AM until 12 noon.
Permanent Farm Market (PTK), MyFarm Outlet (MFO) and Local Farmer’s Association Complex (PPK) are ALLOWED to open from 6 AM until 4 PM.
Wholesale markets are ALLOWED to open from 12:01 AM until 6 AM, and from 11 AM until 4 PM, subject to the local authorities, proper SOP and under RELA / PBT supervision.
Night markets, farmer’s market, weekly markets and guest markets are FORBIDDEN
Fishing for livelihood is ALLOWED.

Education

All public and private institutes of tertiary education, tahfiz centres and other educational institutes must CLOSE.
Tertiary education will continue ONLINE.
All public and private schools and education institutes, tuition centres, language centres, skill centres, counselling centres, etc. must CLOSE.
Only international exams at international and expatriate schools are allowed.
All face-to-face learning are FORBIDDEN, except for tertiary education students who require them.
International and professional exams, as well as research activities requiring lab access in tertiary education facilities are ALLOWED.
Students in boarding schools or universities are ALLOWED to continue using hybrid studies.
Private and public kindergartens, kindergartens in private, international and expatriate schools and mind development centres for children 4 to 6 years old are NOT ALLOWED to operate, except for parents who are frontliners or both working.
Home care or rehabilitation centres of children, the disabled (OKU), senior citizens, women and other care facilities are allowed to operate, subject to the SOP.

Religion

Prayer activities are limited to a maximum of 12 mosque and surau committee members only. All other activities are FORBIDDEN.
Islamic wedding ceremony (akad nikah) is ALLOWED only in the Islamic Religious Office / Department with the attendance capacity set by the State Religious Authority.
Burial activities are allowed according to limits set by the State Religion Authority (Islam) or the National Unity Ministry (Non-Muslim).
Non-Muslim houses of worship are limited to 12 committee members only, and congregants are NOT ALLOWED.
Non-Muslim marriage registrations are allowed at the National Registration Department (JPN), houses of worship and religious associations, subject to limits set by JPN.

Sports + Recreation

Individual sports and recreational activities without physical contact in open spaces are LIMITED to jogging and exercise with physical distancing of 2-3 metres within the neighbourhood, from 7 AM until 8 PM.
Centralised training programs, including closed quarantined competitions using Camp Based Training are ALLOWED.
Centralised training programs with quarantine by State Sports Councils using Camp Based Training are ALLOWED.
Centralised training programs including quarantined training competitions for teams in the Malaysian Football League (MFL) using Camp Based Training are ALLOWED.

Creative Industry

Development and broadcasting of creative content through recording or live broadcasts include animation, filming, drama, promotions, sitcoms and the like, including dance, art activities theatre, musical arts, cultural and heritage performances as well as the music are FORBIDDEN, except for individual discussions and live-streaming.

MCO 3.0 Total Lockdown SOP : NEGATIVE LIST

These activities are FORBIDDEN.

Spa, reflexology, massage, wellness, beauty, barber and hair saloons, pedicure and manicure
Cybercafes and cybercenters
Driving schools, maritime training centres, flight schools
Photography activities
Gambling, horse racing and casinos
Factory manufacturing alcoholic beverages, and shops selling alcoholic beverages
Night clubs or pubs
Cinemas
Official and unofficial public and private events
Feasts, festivals, weddings, engagements, receptions, aqiqah ceremonies, tahlil, anniversaries, birthdays, reunions, retreats and other social events.
Receiving guests or visitors at home, except in emergencies or for delivery services.
Seminars, workshops, courses, training, conferences, exhibitions, lectures and all MICE (Meetings, Incentives, Conventions and Exhibitions) events that are face-to-face.
Tourist attractions like zoos, farms, aquariums, edutainment centres, extreme parks, adventure parks, nature parks, etc.
Souvenir and craft shops, culture and historical premises like museums, libraries, art galleries, native art and culture, stage performance, etc.
Theme parks, family entertainment centres, indoor playgrounds, karaoke, etc.
Interdistrict and interstate tourism – Overseas travel by citizens, and local travel involving foreigners.
All sports and recreation activities EXCEPT those listed in this SOP.
All sports and recreation premises and facilities, except public pars which are subject to the local authorities. – Sports and recreation that involve groups or physical contact.
International or local championships, competitions, and matches, EXCEPT those organised by the National Sports Council and training matches for teams under the Malaysian Football League (MFL).
Sports or recreational activities that cross district and state lines, EXCEPT with police permission.
Hotel lounge performances
Indoor or outdoor busking
Any activity that involves many people gathering in one place until it is hard to maintain physical distancing, and compliance with the Director General of Health’s orders.
Any other matter that may be decided by the Government from time to time.

Help Support My Work!

If you would like to support my work, you can do so via bank transfer / PayPal / credit card.

Name : Adrian Wong

Credit Card / Paypal : https://paypal.me/techarp
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)

Thank you in advanced! ❤️

Go Back To > Business | Travel | Health | Tech ARP

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Scam Warning : Public Bank Customers Hit By Fake SMS!

Leave a reply

Scammers continue to target Public Bank customers, using many different kinds of fake SMS messages.

Do NOT click or call if you receive any of these fake SMS messages!

Public Bank : Fake SMS Scam Warning! Do NOT Click / Call!

Whether you are a Public Bank customer or not, you may receive one of these alarming SMS messages.

Please DO NOT click on the link, or call the number. JUST IGNORE THEM, or delete them.

The safest thing to do is NEVER CLICK ON A LINK in any SMS. If you need to log into your bank account, key in the website address manually.

RM0 PBB/PIBB: Your PBB account will TERMINATED on 02Dec20 01:30:00 AM. Please make verification via http://www.mypbebank.cc to avoid service interruption. Verify now keep on using PBB services.

RM0 Credit Cash out RM3,000 form card ending no 7102 successful on 01 DEC. Information system sending. Call PBB 1800-81-9566 for any query

Warning: Your account is marked as insecure, please click Return PAC immediately to confirm that it is safe to use. (https://pbevip.vip/)

PBe Your account is in a high-risk state PLS log in immediately and return the PAC to protect your account security https://www.pbebanks.top

PBe Warning: Phishing URLs are frequent recently, PLS log in immediately to strengthen account security. 2Mar21 13:14 https://se1.pbevip.top/

PB e Your account is in a high-risk by the system, PLS re-verify your account https://pbbanks.red/ <security reminder is normal>

RM0 PIBB: Thank you for using your card ending 1098@senQ MYR 2899, Pls call 03-56260232 now, if you didn’t use it

RM0 PBB/PIBB: Trx amt MYR2699.00 @LAZADA for card ending 5738. Call PB 1-800-81-2337 now if didn t perform.

PBB: Your account is judged as high risk by the system. PLS re-verify your account https://www.pbebanks.asia/ <security reminder is normal>

PB e Alarm Your banking Suit now is marked as insecure, PLS re-verify your account https://online-pbebank.com <security reminder is normal>

Public Bank Fake SMS Scam : What Happens If You Click?

Clicking on the links will often lead you to a phishing website, a fake website designed to look like a Public Bank website.

You will be asked to key in your personal information, including your Public Bank user name and password. DO NOT KEY IN YOUR INFORMATION!

But if you are free and want to help screw these scammers, key in fake information as many times as possible.

Note : These scams do not just affect Public Bank. In fact, all banks are affected :

Public Bank : How To Identify Fake SMS Messages

With a little help from Public Bank, let’s show you how to identify fake SMS messages.

If you spot any of these warning signs, BACK OFF and DO NOT PROCEED!

Warning Sign #1 : Grammatical Mistakes

Read the two SMS messages above, and you can easily spot numerous grammatical mistakes. A bank will never send such poorly worded messages to their customers.

Warning Sign #2 : Embedded Links

Banks will NEVER embed links (URLs) into the message. If you see embedded links, always think – SCAM SMS!

Warning Sign #3 : Wrong Links

And always check the link – www.mypbebank.cc is not the correct address for the Public Bank website (www.pbebank.com)

When you see any website with .cc links, be wary because the .CC domains are registered in the Cocos Islands – an Australian territory of only 14 km², with only about 600 inhabitants.

The same goes for generic, top level domains like .TOP, .VIP, .TOP, .RED, .ASIA, etc.

Warning Sign #4 : No Personal Login Phrase / Picture

To avoid phishing attacks, banks now give you a secret response (like a picture or a phrase) to confirm that you are visiting their legitimate website.

If the website you are visiting gives you the wrong picture or secret phrase, you have been tricked into visiting a fake website designed to mimic the real bank website.

You should also remember that the bank website must show you secret picture or phrase right after you enter your login, but BEFORE you key in your password.

If you are asked to key in your password without the website displaying the secret phrase or picture, you have been tricked into visiting a fake website designed to mimic the real bank website.

Go Back To > Cybersecurity | Business | Home

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

macOS, iOS, iPadOS, Safari CVE-2021-1844 Bug : Fix It Now!

Leave a reply

Apple just rushed out macOS Big Sur 11.2.3, iOS 14.4.1, iPadOS 14.4.1 and Safari 14.0.3 to patch a critical security bug.

Find out what they fix, and why you need to update your MacBook, iPhone and iPad right away!

Apple Rushes Out macOS, iOS, iPadOS, Safari Critical Bug Fixes!

Released on 8 March 2021, macOS Big Sur 11.2.3 patches only one bug, which may mislead users into thinking that it’s not very important.

WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

On the same day, Apple also released iOS 14.4.1 and iPadOS 14.4.1 – both patching the same CVE-2021-1844 vulnerability.

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

Apple also released Safari 14.0.3, which patches the same vulnerability for macOS Catalina and macOS Mojave :

WebKit

Available for: macOS Catalina and macOS Mojave

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

Why Install These macOS, iOS, iPadOS, Safari Bug Fixes ASAP?

While they appear to only patch WebKit in macOS Big Sur, iOS, iPadOS and Safari, they are CRITICAL bug fixes that you need to install right away.

They patch the new CVE-2021-1844 vulnerability, which was discovered by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research.

This vulnerability allows a remote attacker to trigger a buffer overflow when the victim opens a specially-crafted web page, allowing the attacker to execute arbitrary code on the target system.

It is not known if this vulnerability has been exploited yet, but it is critical to install the new updates to prevent that from happening.

Go Back To > Software | Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

CD PROJEKT RED Hack : Source Codes + Docs Stolen!

Leave a reply

CD PROJEKT RED just had their source codes and internal documents stolen in a MAJOR HACK, and they may all end up being leaked!

CD PROJEKT RED Hack : Source Codes Stolen, Servers Encrypted!

On 9 February 2021, CD PROJEKT RED announced that their data – including source codes and internal documents – were stolen in a hack, and could possibly be leaked.

Their servers were also encrypted in a secondary ransomware attack by the same hackers, but they had backups of the encrypted data.

CD PROJEKT RED publicly ruled out negotiating with the hackers, or giving in to their demands.

This would likely mean that their source codes and internal documents will eventually be released publicly by the hackers.

The only silver lining – CD PROJEKT RED noted that they do not have any evidence that the personal data of their employees were accessed or stolen.

CD PROJEKT RED Hack : The Hackers’ Threats

According to the ransom note left on their servers, the hackers stole :

FULL source codes for Cyberpunk 2077, Witcher 3, GWENT and the unreleased version of Witcher 3.
ALL of their internal documents on accounting, administration, legal, HR, investor relations and more

They also encrypted all of their CD PROJEKT RED’s servers, but acknowledged that they would most likely recover the data from their backups.

The hackers are giving the CD PROJEKT RED team 48 hours to contact them to negotiate.

If there is no agreement, they threaten to sell or leak the source codes, and release their internal documents to the media.

They claim that the internal documents will make CD PROJEKT RED look bad, causing their stock prices to fall and their investors will lose trust in them.

CD PROJEKT RED : Official Statement On Hack

This is the official statement by CD PROJEKT RED on the hack :

Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.

An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.

We will not give in to the demands nor negotiate with the factor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.

We are still investigating the incident, however at this t time we can confirm that – to the best of our knowledge – the compromised systems did not contain any personal data of our players or users of our services.

We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate the incident.

Go Back To > Cybersecurity | Games | Software | Home

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Ministry of Education Website Uses Plain Text CAPTCHA!

Leave a reply

It is unbelievable, but the Malaysia Ministry of Education’s website uses plain text CAPTCHA that can be copied and pasted!

Take a look at this incredulous security lapse, and find out why it could put your data at risk!

Ministry of Education Website Uses Plain Text CAPTCHA!

The recent threat by Anonymous Malaysia to attack government websites over their lack of security appears to be well-justified.

Qusyaire Ezwan spotted an incredulous security lapse in the official Malaysia Ministry of Education website – plain text CAPTCHA!

On top of that, the code can actually be copied and pasted!

Ministry of Education Plain Text CAPTCHA : A Serious Cybersecurity Risk!

The CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) test is something most of us are familiar with.

It is a test that helps to identify real humans, and weed out bots, before they are allowed to access a service. This prevents bot fraud and hacking attempts.

In the Ministry of Education website, the plain text CAPTCHA was used to “secure” the retrieval of forgotten passwords for their Student Management Module.

A real CAPTCHA uses distorted images to prevent a bot from “reading” the numbers or letters, thereby ensuring that only a real human being would be able to key in the correct code.

As this screenshot shows, the CAPTCHA used in the Ministry of Education website just uses random sequences of letters and numbers in PLAIN TEXT!

This means a bot can easily copy and paste the plain text code, and bypass the CAPTCHA test.

Frankly, this doesn’t even qualify as a CAPTCHA test, because it cannot differentiate between humans and bots.

Now, the password is still sent to the registered email accounts, not to the hackers or bots. So your data is not in immediate danger.

However, this is still a SERIOUS cybersecurity risk, because a hacker can pair this design flaw with compromised email accounts.

It would allow their bots to easily and quickly make password retrieval requests for compromised email accounts, and then retrieve your Ministry of Education password.

Having access to the Student Management Module would give hackers access to a ton of information on children and their parents :

child : name, date of birth, telephone number, home address
school : location, class name, teacher’s name,
parent : name, occupation, workplace address, contact number, declared salary

On top of that, many people reuse their passwords, so hackers will use the password retrieved from the Ministry of Education website on other websites and online services you may use.

If you use the same password for your banking account, for example, that would expose your banking account to the hacker.

That is why CAPTCHA is important. It doesn’t prevent hacking attempts, but it greatly slows it down by blocking bots from making mass requests.

The use of plain text CAPTCHA in an official government website is a fiasco. A basic cybersecurity checklist would have prevented software vendors from using plain text CAPTCHA in government websites.

The Malaysian government needs to take the security of official websites seriously. This is a disgrace.

Go Back To > Cybersecurity | Software | Home

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!