Tag Archives: Security

Is PADU Being Used To Monitor All Your Personal Data?!

Is the government using PADU – the Central Database Hub – to collect and monitor all of your personal data, including your banking information?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : PADU Lets The Government Monitor All Your Data!

People are sharing this message on WhatsApp and social media platforms, which claims or suggests that the new PADU Central Database Hub allows the government to collect and monitor all of your personal data, including your banking information!

Soon for everyone….. Government new method to monitor All Malaysian assets and income.. it’s called PADU.. it links all personal information from your Mycard to your passport to all your officials document’s , including insurance , property & land titles, Electric and water bills to JPJ vechical grant.
All your bank transitions, From PDRM summons including bank loans, credit cards, Business registration and accounts. even your phone SIM card.. In the future a Malaysian can’t even fart, Without the government’s knowledge

Recommended : PADU Central Database Hub : What You Need To Know!

 

Truth : PADU Does Not Let Government Monitor All Your Data

This appears to be yet another example of FAKE NEWS circulating on WhatsApp, and social media platforms, and here are the reasons why…

Fact #1 : PADU Combines Existing Data

Malaysia introduced the PADU Central Database Hub – on Tuesday, 2 January 2024. Developed in just 7 months, PADU is designed to give the government a better way to distribute subsidies, and make other policy decisions going forward.

PADU accomplishes this by combining data from over 400 government agencies, and related organisations, into one central database, hence its name – Pangkalan Data Utama (PADU), or Central Database Hub in English.

The data that PADU stores was always there, just split up into databases owned and managed by different government agencies, and related organisations. All that PADU does is consolidate data from all those different sources into a central database.

Fact #2 : You Are Not Required To Register For PADU

The Malaysian government does not actually require you to register to access PADU. Registering for a PADU account is not mandatory.

In fact, the government has set a deadline limiting public access to PADU. Those who register for a PADU account can check, update, and add information, until 31 March 2024.

Whether you register your account or not, PADU already has your data. The data remains in PADU, even if you refuse to register for an account.

Recommended : How To Appeal Rejected eMADANI Application!

Fact #3 : PADU Has No Access To Banking Data

While PADU is designed to determine whether you qualify for subsidies and other government assistance, there are limits to what the PADU can collect.

Claims that PADU will give the government access to all of your “bank transactions” and data, including “bank loans, credit cards, business registration and accounts”, etc. are false.

That’s because the PADU Central Database Hub is forbidden from collecting banking data by the Banking and Financial Institutions Act 1989 (BAFIA).

Fact #4 : PADU Has No Access To Your SIM Card

Just to be clear – PADU has no access to your SIM card. It only has your mobile phone number.

For more information about the PADU Central Database Hub, please read our FAQ.

Please help us fight fake news – SHARE this article, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

IBM To Fuel AI Digital Transformation In Malaysia!

IBM is offering IT infrastructure with a new level of security and reliability to fuel Malaysia’s AI digital transformation!

 

AI Digital Transformation In Malaysia Needs Better IT Infra!

Malaysia is at a pivotal point in its digital journey, with businesses future-proofing their organisations by leveraging AI and automation.

The digital economy is now a cornerstone of Malaysia’s economy, contributing 23.2% of the nation’s gross domestic product in 2021. The Malaysia Minister of Communications and Digital, Fahmi Fadzil, anticipates that this will increase to 25.5% by 2025, with a value of RM382 billion. The National Tech Association of Malaysia is even more optimistic, and believes that the digital economy will hit that economic contribution much earlier.

The increased urgency in adopting cutting-edge technologies like AI is driving demand for better IT infrastructure. Better not just in terms of performance and availability, but also security and reliability.

An IDC report forecasted that AI spending in the Asia Pacific region alone will skyrocket to US$78 billion by 2027. And these AI investments are predominantly being funnelled into infrastructure provisioning. That’s because ultimately, digital transformation in any nation is reliant on its IT infrastructure.

Recommended : IBM Expands Power10 Server Line With New Models!

 

IBM To Fuel AI Digital Transformation In Malaysia!

There is no one-size-fits-all approach to AI infrastructure. Organisations must provision the right infrastructure for the AI task at hand.

They have to not only look at the size and scale of the AI models and tasks, they also have to consider security and privacy issues, as well as regulatory compliance. A resilient infrastructure by design is also critical, with AI workloads becoming essential backbones to mission critical applications and workloads.

To that end, IBM Power Systems offer a secure and reliable platform for enterprises to perform inference, and run AI algorithms on their most sensitive data and transactions.

IBM Power Systems run on the Power10 core, which is designed for AI acceleration. Each Power10 core on the IBM Power S1022 can process up to 42% more batch queries per second than a comparable x86 server with a peak load of 40 concurrent users, while running large language AI models.

IBM Power10 systems also offers enterprise out-0f-the-box low-latency transactional capabilities and throughput, resiliency, continuous availability (99.999%) and concurrent replace and repair.

The IBM Power10 is also designed for greater efficiency. The Power E1080, for example, offers 3X the capacity with 52% lower power consumption for the same workload, compared to the Power E880C. It also offers 33% lower power consumption than the Power E980 for the same workload.

IBM claims that, in general, Power10 systems offer 6X more throughput per container cluster, and 40% to 50% lower cost than comparable x86 solutions.

On top of that, the IBM Power Systems are built to be secure by design, with a fully-integrated secured stack from processor chip to operating system, offering quantum-safe encryption and fully homomorphic encryption (FHE).

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

[/su_note]

 

Recommended Reading

Go Back To > Business | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Free TNG RFID Bar Code Scam Fact Check!

Will your phone get hacked if you scan the TNG RFID bar code?! Take a look at the viral claim, and find out what the facts really are!

Updated @ 2023-11-17 : Added new version, and more details.
Originally posted @ 2023-05-10

 

Claim : Scanning TNG RFID Bar Code Can Hack Your Phone!

This warning about an RFID bar code scam has gone viral on WhatsApp, and social media, claiming that scammers are sending people free TNG RFID stickers, and asking them to scan the bar code.

Allegedly, scanning the TNG RFID bar code will cause your phone to be hacked by these scammers!

They send the RFID to you. When you scan the bar code they hack your hp
It’s a scam

他们将 RFID 发送给您。 当您扫描条形码时,他们会入侵您
这是一个骗局

Mereka menghantar RFID kepada anda. Apabila anda mengimbas kod bar mereka menggodam anda
Ia satu penipuan ☠️👻💩😱😰

If you get this free RFID card via courier, please throw away. Another scam.

Recommended : Bank Letter QR Code Scam : What You Need To Know!

 

Truth : Scanning TNG RFID Bar Code Will NOT Hack Your Phone!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media, and here are the reasons why…

Fact #1 : TNG RFID Bar Code Cannot Hack Your Phone

First of all – let me just say that the TNG RFID bar code cannot hack your phone. In fact, no one can hack your phone just because you scan an RFID bar code.

The bar code is nothing more than a series of numbers, which you can readily see printed under the bar code. These numbers cannot possibly hack your phone / smartphone.

Fact #2 : TNG Bar Code Is Used To Register RFID Sticker

The bar code visible in the clear window of the TNG RFID self-fitment kit is merely the serial number for the RFID sticker (also known as an RFID tag).

This serial number is used to register the RFID sticker, by scanning scan the bar code using the TNG eWallet mobile app. All it does is link the RFID sticker to your TNG eWallet account, so that all toll charges are automatically deducted from that account.

Fact #3 : TNG RFID Swapping Can Be Easily Detected

One of our readers suggested that the scammer might have swapped out the bar code, to trick you into registering a different TNG RFID sticker owned by the scammer.

This would allow the scammer to use his/her TNG RFID sticker to go through highway tolls for free, while you would be charged for his/her travels.

While that is plausible, it would be quickly detected by the victim who would not be able to use the RFID sticker to get through the toll. The victim would also be able to detect the illegal charges to his/her TNG eWallet account.

Read more : TNG RFID Self-Fitment Guide : How To Do It Yourself

Fact #4 : TNG RFID Is Unique To Each Chip

One of our readers suggested that the scammer may be trying to trick people into scanning the barcode of a duplicated RFID sticker. The scammer can then use the duplicate RFID sticker to go through tolls, which would be charged to the victims’ TNG eWallet accounts.

Now, Touch ‘n Go has not revealed much about how it is protecting its RFID stickers, only saying that each TNG RFID sticker has an embedded radio-frequency chip that makes every sticker “unique to each customer”.

But that suggests that the RFID stickers are not only encrypted, the chip has a private key that prevents duplication, which makes a lot of sense. Without such encryption and private key, anyone can literally just read the number off any RFID sticker in a parking lot, and duplicate it in a programmable RFID sticker.

Unless the scammer has somehow stolen the private keys, and can perfectly duplicate the RFID stickers, this seems like an improbable scam. More so when the scammers would be limited to using the tolls for free. Hardly worth the effort, if you ask me.

Fact #5 : There Are Easier + Cheaper Ways To Hack Your Phone

Truth be told – there are far easier and cheaper ways to hack your phone, than send you a free RFID sticker and ask you to scan the bar code.

These scammers will have to put in considerable expense and technical expertise into hacking the TNG eWallet app, and inserting their malware that the fake RFID number would trigger.

But why bother? If they can hack the TNG eWallet, they don’t even need to send you any fake RFID bar code to scan!

Making fake RFID stickers (tags) that look like genuine TNG RFID self-fitment kits costs money. Sending these fake kits also put them at risk, because deliveries can be traced.

There are many other ways to compromise your smartphone. There is simply no reason why scammers to waste time and money on such a convoluted scheme.

Recommended : WhatsApp Block Button Scam : What You Need To Know!

Fact #6 : Packages Do Get Delivered Wrongly

The most plausible explanation for receiving a free TNG RFID sticker out of the blue is that it was wrongly delivered to you. If you receive one, check the name and address on the package. It may not be meant for you. In that case, contact the delivery company and have them resend it to the right person.

I have also personally experienced receiving packages that I did not order, some of which appear to be sent due to a database error of some sort – my name and phone number are on the package, but the address was wrong or non-existent.

Out of an abundance of caution, just don’t install any RFID sticker that you did not order. Or you can call up TNG to verify that the RFID sticker is legitimate.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

PayNow PDF Malware Scam : What You Need To Know!

Is there a new malware scam involving a PayNow PDF?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : WhatsApp Block Button Is A Scam!

People are sharing this warning about a new malware scam involving a PayNow PDF. Take a look!

I just received below the latest and new scams Modus Operandi from my Uncle. Forward to warn and share.
======================

The scammers have changed their modus operandi. They don’t ask you to download the app.
My neighbour told me yesterday that her sister (a cancer patient) wanted a part-time helper to clean her house. Hence, she went to Facebook. I called the number and made the request. The advertiser asked whether she had a Paynow, and she said that she had. He directed her to make the partial payment, and he will send the invoice to confirm. (Note: He did not ask her to download an app, as people are getting alerts). When she received the invoice in the PDF format, she did not suspect any foul play and clicked it. The invoice showed the amount paid and the balance to be paid. After that, she went to sleep. The next morning, her phone could not be switched on.
She used her laptop to check her DBS bank account. Her $20K was gone, and her two fixed deposits of $25K, which had not reached the maturity date, were also gone—the total loss was $ 70K.
When she went to the bank and asked why her fixed deposit was also gone, the receptionist told her that digital banking allows you to transfer the amount back to your account to facilitate withdrawals without going to the bank.
Police told her the malware was embedded in the PDF document.
So folks, beware that the scammers are always changing their modus operandi to con your money $$$! 😡😡😡

Recommended : WhatsApp Block Button Scam : What You Need To Know!

 

No Evidence There Is Any PayNow PDF Scam!

This is likely another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : No Evidence Of PayNow PDF Scam

First, let me just point out that there is no evidence that anyone was ever scammed by a PayNow PDF invoice.

There has been no actual news report of such a case, never mind multiple cases involving malicious PayNow PDF documents.

Frankly, I don’t know of any PDF malware that can shut down a phone, and transfer money from a bank account, including liquidating fixed deposits!

Fact #2 : PDF Malware Generally Target Computers

PDF documents can contain malware, but malicious PDFs generally target Windows computers. In fact, many aren’t actual PDF documents, but are instead executable files masquerading as PDF files – invoice.pdf.exe, for example.

Malicious PDF documents or executables targeted at Windows computers won’t work on smartphones. The malicious PDF must not only be specifically designed to target smartphones, it must target the right operating system – iOS or Android. A malicious PDF targeting Android won’t work on an Apple iPhone, for instance.

On top of that, many PDF malware actually exploit vulnerabilities in a specific PDF reader – most commonly, the industry-standard Adobe Acrobat Reader. Most smartphones do not have Adobe Acrobat Reader installed, and instead rely on a variety of PDF readers like Samsung Note, OneDrive, Google Drive, Kindle, etc.

Embedded PDF malware that target vulnerabilities in the Adobe Acrobat Reader won’t work with other PDF readers. That’s probably why it’s rare to see PDF malware that target smartphones.

Recommended : Can StopNCII Remove All Nude / Deep Fake Photos?!

Fact #3 : PayNow Scams So Far Involve Phishing

Singapore reported 477 cases of PayNow scams in 2021, with 133 more cases in 2022. However, they were not due to PDF malware. Rather, their victims were deceived into giving scammers their digital banking credentials.

In other words, PayNow scams have so far involved phishing attacks, in which victims are tricked into logging into fake websites, or giving up their Internet banking login details by phone.

In one of these scams, victims received phone calls from people pretending to be bank employees. The callers would ask for the victims’ personal details, such as their Internet banking usernames and passwords, under the pretext that the bank needed them to verify transactions in their accounts.

Fact #4 : Singapore Police Warned About Android Malware

It seems likely that the viral warning is based on a misunderstanding of a Singapore Police Force warning about Android malware withdrawing money through PayNow.

Issued on 17 June 2023, the Singaporean police warned that scammers were tricking victims into installing an Android Package Kit (APK) file through WhatsApp and Facebook Messenger. Once installed, the malware allows the scammers to remotely access the victims’ devices, and steal their passwords.

The victims are then directed to fake websites that mimic banks like DBS to key in their banking credentials. The login information obtained through this phishing attack then allows the scammers to withdraw their victims’ money through PayNow.

To be clear – this PayNow scam does NOT involve any PDF. It requires the victim to install an APK file – to gain access of your 2FA (Two-Factor Authentication) device, and provide bank login information through a fake (phishing) website.

This allows the scammers to log into your bank account using the login info you provided, and authenticate all transfers using your mobile phone.

Recommended : Nurse Lost RM380K After Pressing Instagram ‘Like’ Button?!

Fact #5 : Here Are Some Common Cybersecurity Tips

Here are some simple cybersecurity tips to help you avoid getting scammed online:

  • Never install APK files (for Android) from unknown or untrustworthy sources.
  • Never sideload IPA files (for Apple iOS) from unknown or untrustworthy sources.
  • Always check the entire filename, including its file extension:
    – PDF documents should end with .pdf, and not .pdf.apk or .pdf.ipa or .pdf.exe.
    – Word documents should end with .doc or .docx, and not .doc.apk or .doc.ipa or .doc.exe.
  • Never click on any link to go to any bank website. Always type in the link yourself into a web browser, or better still – use the official app issued by the bank.
  • Never give your bank login details to any person, even if they claim to be a police officer, a bank officer, or even a cybersecurity expert!
  • Never give your 2FA authentication code / TAC or OTP number to any person, even if they claim to be a police officer, a bank officer, or even a cybersecurity expert!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Israel Seismic Wave Card Hack Your Phone?!

Can the Seismic Wave Card containing photos of the recent Hamas attacks on Israel hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Israel Seismic Wave Card Can Hack Your Phone!

This warning about the Seismic Wave Card containing photos of the recent Hamas attacks on Israel has gone viral on WhatsApp:

URGENT

Some people are going to upload pictures of the fighting in Jewish settlements on WhatsApp. The file is called Seismic Waves CARD.

Do not open it, it will hack your phone in 10 seconds and cannot be stopped in any way.

They talked about it on TV. A cyber attack on us from all kinds of directions is also starting.

Pass the information on to family and friends.

Recommended : Did Fukushima Just Release Black Radioactive Water?!

 

Truth : There Is No Israel Earthquake Seismic Wave Card!

This is yet another example of FAKE NEWS circulating on WhatsApp, and here are reasons why…

Fact #1 : There Is No Seismic Wave Card!

First, let me just point out that there is no such thing as a Seismic Wave Card.

The Seismic Wave Card is an Internet hoax that keeps getting recycled for every disaster that comes along, like these examples show:

They are going to upload some photos of the Moroccan earthquake on WhatsApp. The file is called Seismic Waves CARD, don’t open it and see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Share the information with your family and friends.
DO NOT OPEN IT. They also said it on TV

They are going to upload some photos of the Cariaco earthquake on Whatsapp. The file is called Waves Seismic CARD, do not open or see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. DO NOT OPEN IT. They also said it on TV.

Recommended : Can Morocco Earthquake Seismic Wave Card Hack Your Phone?!

Fact #2 : Photos Are Shared Directly On WhatsApp

There is no need to open any file, or install any app, to view photos on WhatsApp. You simply click to view photos shared by other people on WhatsApp.

Of course, people may sometimes share high-resolution photos in ZIP or RAR files, because WhatsApp greatly reduces the resolution of photos shared on its platform.

Those ZIP or RAR files may be opened using apps like WinZip (Android | iOS) or RAR (Android) or Unarchiver (iOS). However, you should be wary if you are asked to download and install any app.

Unless you know what you are doing, it’s best to only view photos and videos directly inside WhatsApp, and not download any compressed files at all.

Fact #3 : Seismic Waves Card Is Not A Browser Hijacker

Seismic Waves Card appears to be falsely labelled as a browser hijacker by at least one “cybersecurity” website:

The scam message known as Seismic Waves Card is notorious for its disruptive behavior while surfing the web. Generally, scams like this, and other like Mintnav and Lookaside fbsbx, are crafted to meddle with your browser’s settings, replacing homepages and default search engines to promote affiliated sites and generate advertising revenue.

There is no evidence that a malware or browser hijacker called Seismic Waves Card exists. The article itself does not offer any evidence to prove its existence. In fact, the article and its guide on how to “remove” the malware appears to be generic, and may possibly be AI-generated.

Recommended : Can Greeting Photos + Videos Hack Your Phone?!

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest… but it cannot hack your smartphone by itself.

Recommended : Can Restaurant Menu QR Code Hack Your Phone?!

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website. Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

This is an incredibly clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 10 seconds, as the hoax message claims.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Fact Check : New WhatsApp Cyber Crime Rules?!

Did WhatsApp just implement new cyber crime rules to help the government monitor and record your calls and messages?! Find out what the facts really are!

Updated @ 2023-10-08 : Updated after message went viral again.
Originally posted @ 2023-07-03

 

Claim : WhatsApp Has New Cyber Crime Rules!

People are sharing this warning about WhatsApp implementing new cyber crime rules, to help the government monitor and record all calls and messages!

Tʜᴇ ɴᴇᴡ ᴄᴏᴍᴍᴜɴɪᴄᴀᴛɪᴏɴ ʀᴜʟᴇs ғᴏʀ WʜᴀᴛsAᴘᴘ ᴀɴᴅ WʜᴀᴛsAᴘᴘ Cᴀʟʟs (Vᴏɪᴄᴇ ᴀɴᴅ Vɪᴅᴇᴏ Cᴀʟʟs) ᴡɪʟʟ ʙᴇ ɪᴍᴘʟᴇᴍᴇɴᴛᴇᴅ ғʀᴏᴍ ᴛᴏᴍᴏʀʀᴏᴡ: –

Recommended : How To Block Facebook Ads + Pay Scammers!

 

Truth : WhatsApp Does Not Have New Cyber Crime Rules!

And here is why this is nothing more than yet another Internet hoax :

Fact #1 : Only China Can Do This

The only country that has accomplished most of what was shared above is China, but it took them decades to erect the Great Firewall of China.

It’s not just the massive infrastructure that needs to be created, it also requires legislation to be enacted, and considerable manpower and resources to maintain such a system.

That’s why China is leaning heavily on AI and cloud computing capabilities to automatically and quickly censor information it deems “sensitive”.

However, no other country has come close to spending the money and resources on a similar scale, although Russia, Cuba, Vietnam, Zimbabwe and Belarus have imported some surveillance technology from China.

Fact #2 : WhatsApp, Instagram + Facebook Messenger Have End-to-End Encryption

All three Facebook-owned apps now run on the same common platform, which provides end-to-end encryption.

End-to-end encryption protects messages as they travel through the Internet, and specifically prevents anyone (bad guys or your friendly government censor) from snooping into your conversations.

That is also why all three apps are banned in China…

Recommended : Can SIM swap attack empty bank account without warning?!

Fact #3 : Governments Generally Have No Control Over Those Apps

Outside of authoritarian countries like China and Russia, governments generally have little to no control over social media and instant messaging apps. Even then, their control is generally limited to banning access if they don’t get their way.

The ability to keep conversations and messages safe and private is key to the success of instant messaging apps, in particular. So WhatsApp, Telegram and Signal would never allow governments access to user messages or voice calls, never mind record and monitor them for governments!

In fact, by implementing end-to-end encryption, these companies themselves do not have access to your messages and calls.

Fact #4 : WhatsApp Does Not Have Three Check Marks!

WhatsApp messages only have two ticks / check marks to notify users about the status of their messages:

: The message was successfully sent.
: The message was successfully delivered to the recipient’s phone or any of their linked devices.
: The recipient has read your message.

There is no third check mark, as claimed by the viral message.

Fact #5 : Governments Won’t Tip You About Investigations

It is illogical for WhatsApp to inform you when the government is checking your information, or when it has started proceedings against you.

In fact, it doesn’t make sense for any government to inform you by instant messaging check marks! If the government is charging you with a crime, it will send police officers, not check marks on WhatsApp!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > InternetFact Check | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

PDRM Warning : Watch Out For MyBayar Scam!

PDRM is warning motorists not to fall for the MyBayar scam! Here is what you need to know about the MyBayar PDRM scam!

 

PDRM Warning : Watch Out For MyBayar Scam

On 7 August 2023, the Cyber Crime division of the Royal Malaysia Police (PDRM) posted an alert warning motorists not to fall for the MyBayar scam.

The MyBayar PDRM scam starts with an official-looking email that warns motorists that they have been caught contravening the law, and offers a cheap RM50 fine if paid within 5 days:

Last notice of contravention before prosecution

Dear recipient,

We are writing to draw your attention to a recent traffic violation in Malaysian jurisdiction.

Our traffic enforcement staff have observed your vehicle parked in a no-parking zone. This contravenes section (no. 2016-691] of the Road Traffic Act.

As a result of this infringement, a fine of MYR 50 has been imposed. This fine must be paid within 5 days of the date of this notification to avoid further legal consequences.

Failure to pay the fine within the allotted time may result in legal proceedings being taken against you, which could lead to increased fines, penalties and the possible suspension of your driving license.

Recommended : Bantuan Tunai Rakyat Malaysia 2023 Scam Alert!

 

MyBayar PDRM Scam : How Does It Work?!

Many people who received the MyBayar PDRM email might be shocked to find out that they were caught committing a traffic violation, and then relieved that it was only RM50 if they paid quickly.

That’s how the scammers trap their victims – by offering a cheap RM50 fine, when we all know that fines for traffic offences are at least RM150, and can go all the way up to RM1,000!

Those who received this fake MyBayar PDRM email would be tempted to quickly pay the cheap RM50 fine, before it becomes a lot more expensive!

But if you take a closer look at the email, you will spot some problems with it:

  • Weird English : The email title of “Last notice of contravention before prosecution” is nonsensical.
  • Typo in the name : The fake email used My Bayar PDRM, instead of MyBayar PDRM.
  • Lack of name and personal details : The fake email refers generically to “Dear recipient“, without listing your full name and MyKad number.
  • Lack of vehicle details : The fake email doesn’t mention the vehicle make and plate number.
  • Lack of location details : The fake email does not mention where the offence occurred, or even when it occurred.
  • Fine is much too low : PDRM traffic fines are never as low as RM50. The cheapest fine is RM150 for Category 4 offences, but you can pay as low as RM70 within 15 days.
  • No such law : The fake email refers to the Road Traffic Act. There is no such act in Malaysia. The proper name is the Road Transport Act 1987 (Act 333).
  • No such section : If you look at the Malaysia Road Transport Act 1987 (PDF download), you will see that there is no such thing as Section 2016-691.

The email appears to be from My Bayar PDRM (typo in the name), but if you inspect the email address, you will see that it was sent by “in-to-no-reply@silverbackgames.xxx” or “hello@sooqr.com” or some other email address.

Obviously, this email did not originate from an official PDRM email address! This should immediately tell you that this is a fake or scam email!

Recommended : How A University Student Lost RM22K In Online Job Scam!

If you click on the Pay My Fine link in the scam email, you will be taken to a fake My Bayar PDRM website (with the same typo in the name).

You may notice that you now have 7 days to pay the RM 50 fine, instead of just 5 days in the email. Odd, isn’t it?

Also odd is the fact that the page does not mention your name, your MyKad number, your vehicle type and model, or even its plate number! The page also doesn’t mention where the offence took place, or the time you were caught committing said offence.

Do NOT proceed after this point… This is a scam website!

But if you have itchy fingers, and click on the Pay The Fine button, you will be asked to pay for the RM50 fine using your debit or credit card.

Needless to say, PLEASE DO NOT SUBMIT YOUR DEBIT / CREDIT CARD DETAILS!!!

If you provide these scammers with your debit / credit card details and TAC / OTP numbers, they will be able to charge ANY AMOUNT they want to your credit card, or withdraw ANY AMOUNT they want from your bank account!

Recommended : Wedding Invitation Scam : Don’t Install APK File!

It’s even worse if you are asked to log into your bank account to pay the fine. DO NOT DO THAT!

If you provide them with your bank login and password, as well as OTP/TAC number, these scammers will be able to transfer money out of your bank account!

Please note – this is a scam! This is a phishing attack to gain access to your credit card and/or bank account.

Regardless of how you get any notification from PDRM about any traffic offence you may have committed, you should always check the status through these official MyBayar PDRM options:

Please SHARE this warning with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Automotive | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How WithSecure Offensive Security Drives Business Resilience!

Find out how WithSecure harnesses the power of offensive security to drive business resilience and enhance protection for its clients!

 

WithSecure Drives Business Resilience Through Offensive Security!

WithSecure (formerly known as ‘F-Secure Business’) is harnessing the power of offensive security in its co-security and co-monitoring products and services. This revolutionary approach is designed to anticipate and mitigate cyber threats by understanding them from an attacker’s perspective.

During the SPHERE security conference 2023, WithSecure’s Chief Product Officer, Antti Koskela, shed light on their game-changing offering called ‘attack surface management.’ This managed service offers a comprehensive view of vulnerabilities in a company’s cloud-based estate.

As a result, WithSecure’s focus on the digital perimeter empowers businesses to reduce their overall attack surface, enhancing their cybersecurity posture in the ever-evolving threat landscape.

Recommended : WithSecure Takes Offensive Security Approach To Cloud Threats!

 

How WithSecure Offensive Security Drives Business Resilience!

WithSecure also introduced three groundbreaking services that amplify their commitment to ‘outcome-based security’ and ‘co-security’. This groundbreaking development was revealed by WithSecure Executive Vice President (Solutions) Scott Reininga, also at the SPHERE security conference 2023.

Reininga underscored WithSecure’s unparalleled expertise in offensive security, revealing that they are the home of one of the world’s most proficient offensive security teams. This team, a fusion of penetration testers (pentesters), red, blue and purple teamers, has profound knowledge of adversary tactics, tradecraft, and techniques.

Penetration testing is a cybersecurity practice that aims to discover vulnerabilities in a system by simulating controlled attacks. Their goal is not to cause damage but to pinpoint weaknesses for rectification. This proactive method, which can involve exploiting software vulnerabilities or simulating social engineering tactics, is key in any comprehensive cybersecurity strategy, offering a practical evaluation of potential risks rather than a theoretical one.

Our relentless pursuit of research and system testing allows us to uncover system vulnerabilities proactively. This crucial data is the building block of our products that are proactive, minimally disruptive, and crafted from the perspective of an attacker.

– Scott Reininga, WithSecure Executive Vice President (Solutions)

These insights were unveiled by Reininga during his recent product launch event titled ‘Co-security and co-managed services for partners’. He was joined on stage by WithSecure Vice President (Offering and Customer Experience) Niko Isotalo.

Expanding on WithSecure’s strategic approach, Isotalo said that the company’s outcome-based security framework model “connects Chief Information Security Officers (CISOs) and board members, offering clarity about the interplay between security outcomes and business objectives.”

This alignment clarifies the indispensable role of security in the core business framework to board members.

– Niko Isotalo, WithSecure Vice President (Offering and Customer Experience)

Recommended : Avanade Launches New Generative AI Services!

Reininga and Isotalo unveiled the three new offerings during their joint session. The first, termed “co-monitoring,” is a partnership model. WithSecure validates the genuineness of security incidents before alerting the duty manager, effectively curbing false alarms.

WithSecure collaborates with clients to supervise their digital ecosystems, particularly during periods when they are stretched thin on resources. This service, providing support beyond standard working hours, can also deliver round-the-clock monitoring if necessary.

Isotalo further introduced the second service, incident readiness software, recognising that many organisations lack comprehensive incident readiness plans.

Our software simplifies the creation, testing, and updating of such plans, which serve as essential shields against cyber threats.

Recommended : 5 Strategies for Negotiating Airfare Discounts with SAP Concur!

Focusing on the urgency of immediate incident response, Reininga introduced the third service, an incident response retainer.

Our incident response retainer provides unlimited incident response within the critical initial 72 hours of an event. We eliminate the need for negotiation about budget and resource allocation.

We engage consultants rapidly, supported by our globally lauded 24/7 incident response team and top-tier threat intelligence unit, guaranteeing our customers industry-leading service level agreements (SLAs).

By integrating offensive security acumen, co-monitoring capabilities, incident readiness software, and swift incident response, WithSecure empowers organisations to effectively safeguard their digital assets and curtail the impact of potential breaches.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

WithSecure Takes Offensive Security Approach To Cloud Threats!

WithSecure is harnessing the power of the offensive security approach in tackling evolving cloud threats!

 

WithSecure Takes Offensive Security Approach For Cloud Threats!

In a shifting cybersecurity landscape, WithSecure (formerly known as ‘F-Secure Business’) is harnessing the power of offensive security in its co-security and co-monitoring products and services. This revolutionary approach is designed to anticipate and mitigate cyber threats by understanding them from an attacker’s perspective.

During the recent SPHERE security conference 2023 in Helsinki, Finland, WithSecure’s Chief Product Officer, Antti Koskela, shed light on this approach.

We’ve done identity assessments for many cloud-based companies, unveiling weaknesses in their cloud platforms.

Our offensive security approach is about understanding the attack surface of a cloud-based estate. We focus on the digital perimeter, which is crucial to reducing the overall attack surface.

Koskela went on to explain that WithSecure has distilled this insight into an innovative managed service offering called ‘attack surface management’. This service provides a comprehensive view of a company’s vulnerabilities, including IP addresses, port vulnerabilities, exposed APIs and web services, identity matters, patching levels and more.

With more open architecture, control over your attack surface becomes paramount. ‘Zero trust’ alone isn’t the answer as human errors happen. Our holistic approach helps mitigate this.

Recommended : Avanade + Accenture: 2023 Microsoft Global SI Partner of the Year!

WithSecure’s product suite integrates various cloud-native solutions to deliver protection based on specific client requirements. This collaborative process, termed ‘co-security’, is driven by the security and business outcomes defined by the clients. Koskela emphasised the tripartite focus of their solution:

It’s about process, people, and technology. We collaborate to secure the outcomes, letting company directors steer the course of business.

Our WithSecure Elements platform is the cornerstone of our technology, built collaboratively with our clients.

Koskela acknowledged the evolution of the IT industry, from client-server in the ‘90s to hosted services in the 2000s, cloud computing in the 2010s and cloud-native in the 2020s. He underscored the need for a new security approach to match the evolving business environments:

The cloud offers agility, speed, cost-efficiency. But with new technologies come new security considerations.

WithSecure has been proactive, creating solutions for every technological shift – be it firewalling and endpoint protection during the hosted services era, or data security and VPNs for the cloud computing era.

And now, with the rise of cloud-native tech, we’re helping clients to understand and secure their digital perimeter through our offensive security approach.

Recommended : 5 Strategies for Negotiating Airfare Discounts with SAP Concur!

WithSecure Chief Product Officer, Antti Koskela (left), and APAC Regional Director Yong Meng Hong (right)

 

WithSecure Elements Picking Up In APAC

Since its mid-2021 debut, WithSecure’s Elements platform has gained considerable momentum here in Malaysia and the broader Asia-Pacific region. This comprehensive cybersecurity platform has made its mark by providing organisations with a unified solution to their security needs.

Elements equips enterprises with the insight, adaptability, and technology to tackle evolving threats and changing business environments.

Offering unified endpoint protection across devices, clouds and servers, Elements consolidates everything from vulnerability management and collaboration protection to detection and response into one easy-to-navigate security console.

– WithSecure Asia-Pacific Regional Director Yong Meng Hong

Yong further emphasised that the cloud-based Elements platform provides real-time visibility across an entire IT infrastructure, simplifying how enterprises manage their cybersecurity.

Flexible licensing options, including fixed-term subscriptions and usage-based billing, ensure that organizations can tailor their cybersecurity services according to their specific needs.

Elements offers centralised management capabilities, giving IT managers a comprehensive overview of their enterprise’s IT infrastructure, enhancing their reassurance and control.

Today, WithSecure is globally recognised, trusted by a myriad of enterprises to safeguard against cyber threats, while also protecting tens of millions of consumers through over two hundred service providers and telecommunications partners.

For organisations looking to navigate the cloud’s security challenges, WithSecure’s offensive security approach could be just the safeguard they need.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How A University Student Lost RM22K In Online Job Scam!

Find out how a university student just lost over RM22,000 in an online job scam!

Please SHARE this article to warn your family and friends to avoid such online job scams!

 

Online Job Scam Are Targeting The Poor + Desperate!

Online job scams have been around for a long, long time. But fake job syndicates have become more active recently, probably because more people are getting laid off, and inflation is eating into our money.

Online job scams come in a variety of ways, but most commonly, you get unsolicited messages through WhatsApp or iMessage, offering you the opportunity to make a lot of money through part-time work, in the comfort of your own home.

This is especially appealing to people who are currently jobless and desperate. Or in this recent case – a university student who is just starting out in life.

I am Shirley , a permanent employee at XXXX Company in the recruitment department. The HR department sent me this number and asked me to contact you to get you to a job opportunity.

Hello! I am Miss Aisyah Binte Ahmed, from The Recruitment Dept. at YYYY Digital, Malaysia. Our company is hiring part-time and full-time online Employees. Can I briefly share the details with you?

Recommended : Scam Alert : How Fake Job Syndicates Operate!

 

How A University Student Lost RM22K In Online Job Scam!

I had earlier written about how fake job syndicates cheat people of their hard-earned money, but I didn’t realise that these scammers are also targeting university students!

A university student recently shared how he quickly lost over RM20,000 to an online job scam, despite being warned that it could be a scam!

How They Reel The Student In…

These online job scams always start by offering their victims an EASY way to make A LOT of money!

It all started two days ago, when an unknown person asked me if I’m interested in a part time job. I usually don’t decline offers like this because I’m also a student looking for internship or job opportunities.

He gave me simple tasks, like subscribing to YouTube channels and get RM10 for each subscription. I was interested as money did really go to my account.

Then, I was added into a group. They would give these free tasks of subscribing to YouTube channels.

These scammers also know that people are now wary of scams, and will always demonstrate their willingness to pay… at least in the beginning.

And occasionally will provide merchant tasks throughout the day, which you bank in a certain amount of money to them, which was said to help improve crypto merchant’s reputation or some sort, then they’ll return you a good amount of earnings after the task is completed. It takes around half an hour to do so. So for these two days I earned around RM500.

This is how the scammers establish trust with their victims, and convince them to “invest” to get even more money!

Recommended : Watch Out For Telegram Phishing Attack!

The Scam Happens Very Quickly

The “merchant tasks” is when they start scamming you, and the scam occurs very quickly. You may think that you’re earning a lot of money, but you will never see a cent of it.

So here’s where the fishing begins. A merchant task has started. A rule was stated that I must complete all the tasks given or I will not get the money that I banked in before.

It doesn’t matter how little you “invest” in this “merchant task” scheme. Once you are in, they will quickly use your “earnings” to force you to keep paying them!

I chose the least risk package, give RM300 to get RM360. Then, I was required to continue the next task. Same, I chose the smallest amount RM2000 to get RM2600. Again, need to continue the next task, I chose the smallest RM5000 to get RM7000. Then, RM15000 to get RM19500.

Then, RM40000 to get RM52000. At this point, I still haven’t realize it’s a scam. All I’m focussed on is I need to take back the money that I banked in, so I’m just thinking about completing the tasks given.

By The Time He Realised… It Was TOO LATE!

Because the university student was so engrossed in getting back the money he “invested” earlier, he didn’t realise that he was giving the scammers more and more money… until it was much too late.

There’s one trick that this scammer is using. He let me start with a small investment, then proceed with stages. They force me to continue because I want to rescue the money that I put in in the previous task. So it keeps getting bigger and bigger.

Unfortunately, by the time the university student realised his mistake, it was much too late… He had already lost over RM22K!

At that time, I have not enough money in my bank to fork out RM40k. So I panic and find my friend to lend me some money.

Luckily my friend as a sideliner noticed that this is a scam and stopped me. I woke up finding that evervthing was too late. Just like that, two days, RM22300, gone.

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Scammers caught on CCTV by hacker

Many People In The Group Are Scammers

As the university student later realised, many of the people in the group are part of the online job scam syndicate. Their job is to give the victims the perception that this is a legitimate job with many people participating.

During merchant tasks, I’m asked to leave the big group and will be joining a small group of 3-4 members. One of the scary parts in this operation after I realize it’s a scam is that, all the group members in the group are actually controlled by the same person.

Out of the 4 members, two might be playing rich vips who will play the highest package, pressuring you to play with more money, the other person looks like a newcomer like me and plays along with me, choosing the lowest package.

Precautions Were Useless

The university student was actually warned by his parents that it could be a scam. He even prepared for the possibility he could be scammed:

Some Precautions | Made While Attempting This:

I was being very careful with this. I shared with my parents on the first night. My parents did warned me about it being a scam, but didn’t stop me from it since I’m earning something. They just ask me to be extra cautious.

I have two bank accounts, so I moved most of my savings such that I have a “small” account and a “big” account, to prevent losses if anything goes wrong.

I also created a new chat account with another phone number solely for this “part time job”. I also made a plan and promise to only invest my earnings, so I cannot touch my savings.

But as German Field Marshal Helmuth von Moltke once said, “No plan survives contact with the enemy“, and the student’s precaution was useless when he got “emotionally invested” in getting his money back, and ended up taking out all of his saving from the “big account”!

I believe we always read about news of scams in Malaysia, asking why are they so dumb, why they fall into these type of scams. Until I’m in their shoes. I was being very cautious taking the above steps and always remind myself to not be greedy, play only the least risk.

The worse part is, when I’m within that situation and cannot think straight. I even use my savings from my “big” account, just because I want to rescue the money I put in.

Recommended : How To Block Facebook Ads + Pay Scammers!

The university student is now “emotionally depressed” and “thinking about suicide” over the loss of so much money. But do the scammers care? No, they couldn’t care less if people commit suicide over the loss of their hard-earned money.

He has also contacted his bank fraud hotline, and lodged a police report. Unfortunately, he is unlikely to ever recover any of the money he lost. But I hope he understands that his life matters more to his family than money, and he can always make back the money as long as he lives.

Please SHARE this article out, and WARN your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Disable Android TV Lock Screen Requirement!

If you own an Android TV, or Android TV box, you might need to disable the Lock Screen requirement. Find out how to do that!

 

Why Do You Need To Disable Android TV Lock Screen?

Android TV, whether it’s already integrated into your television set, or in a separate box, requires a Google account to download and install apps through the Google Play Store.

If you have been using your Google Workspace account, or the Free Legacy G Suite account, you will likely encounter this error message:

To access your work account on this device, you’ll need to set a lock screen. This is your organization’s mobile device policy.

A lock screen? Android TV has a TV lock option, but by default, that’s disabled and rightly so – TVs traditionally do not require a password when you turn them on!

You can ignore it, and continue to use your Android TV or Android TV box, but you cannot log into Google Play Store to download and install any apps.

 

How To Bypass Android TV Lock Screen Requirement!

This Android TV Lock Screen error message appears because Google, by default, sets company accounts to require a Lock Screen on all mobile devices.

The easiest way to bypass this Android TV Lock Screen requirement is to simply use a personal Google Account. Or better still, create a new personal Google Account just for your Android TV.

Once you switch to a personal Google account, you won’t have to face this Lock Screen requirement, and can freely download and install apps from the Google Play Store. However, this method only works for people who only intend to download and use free apps.

If you intend to download and install a paid app, like Minecraft for example, then this method won’t work because that paid app is tied to your Google Workspace / Free Legacy G Suite account.

 

How To Disable Android TV Lock Screen Requirement!

If you need to use your Google Workspace / Free Legacy G Suite account (which is tied to a company) with your Android TV, then you need to disable the Lock Screen policy. In this video tutorial, we will show you just how to do that.

Just in case you prefer a step-by-step guide, here are the steps with screenshots.

Step 1 : Log into Google Admin (https://admin.google.com/) for your Google Account.

Step 2 : Type “Universal Settings” in the search box at the top, and a list of relevant options will appear.

Step 3 : Click on Universal Settings. Alternatively, you can navigate manually using the menu on the left : Devices > Mobile and endpoints > Universal settings

Step 4 : In the Universal Settings page, click on General : Turn on device management and password controls to reveal the available general settings.

Step 5 : In the General section, you will see two options – Mobile management and Password requirements.

Either option will let you disable the Lock Screen requirement in Android devices. So you will need to select one of them.

I will share the two available methods as Option A and Option B below. Choose one.

Option A : Disable Mobile Management

By default, your account is set to Basic (Agentless) mobile management, which applies basic password controls (including requiring the Lock Screen).

Step 6A : Select Turn off mobile management (Unmanaged).

Step 7A : Click on Save to save the changes. The change generally happens instantaneously but can take a few minutes to propagate.

As turning off basic mobile management will deprive you of the ability to wipe work accounts, and remove compromised device protection, I would recommend you try Option B as the first resort, and keep Option A as a back up alternative.

Option B : Disable Password Requirements Recommended!

By default, your account is set to Require users to set a password, which has a basic requirement of “Any screenlock“.

Step 6B : Untick the Require users to set a password checkbox.

Step 7B : Click on Save to save the changes. The change generally happens instantaneously but can take a few minutes to propagate.

I personally recommend using this option, as it would leave you the ability to perform some basic mobile management of your devices.

Step 8 : While the change happens within seconds to minutes, you must remove your Google Account from your Android TV / Android TV box.

Step 9 : Log into Google Play Store using your Google Account again. It should now work properly, without asking you to register a Lock Screen.

I hope you found this guide useful. Please SHARE this guide out, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Home Tech | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Restaurant Menu QR Code Hack Your Phone?!

Did the FBI just warn people to avoid using the restaurant menu QR code, because it can hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : FBI Says Restaurant QR Code Can Hack Your Phone!

People are sharing a Daily Mail article, or screenshots of it, which claims that the FBI just warned people not to use any restaurant menu QR code because it can allow hackers to steal your data!

Here is an excerpt from the Daily Mail article. Feel free to skip to the next section for the facts!

Why you should ALWAYS ask for a physical menu: FBI warns hackers are planting fake QR CODES in restaurants that steal your data when you click the link

  •  Scammers are making fake QR codes to place on top of real ones 
  • This is letting them access smartphones and steal personal data

QR codes have become the new default for accessing restaurant menus across the US post-Covid — but scammers are seizing upon the new practice.

The FBI warns thieves are creating fake QR codes and planting them at eateries, retail shops and even parking meters.

Instead of taking you to an online menu or checkout, the links instantly download malware onto your device, stealing your location and personal information

The FBI has urged consumers to look out for typos or misplaced letters in URLs accessed through QR codes and ask restaurants for a physical menu.

Recommended : MSI Users At Risk Of Rogue BIOS / Firmware Updates!

 

Truth : FBI Did Not Say Restaurant QR Code Can Hack Your Phone!

This appears to be a “misunderstanding” of an actual FBI warning about QR codes. Here is what you need to know about the risks of scanning a QR code for a restaurant menu.

Fact #1 : FBI Issued QR Code Warning In January 2022

I could find no reference to a recent QR code warning by the FBI, and oddly enough, The Daily Mail did not provide a source or link to the FBI warning its article was referring to.

The FBI only released one public service announcement (PSA) about QR codes, and that was Alert Number 1-011822-PSA which was released on January 18, 2022.

If that was the source for the Daily Mail article, then it’s more than a year old, and not recent as the article appears to suggest.

Fact #2 : FBI Warned About General QR Code Risk

The FBI advisory was a general warning about the risks of tampered QR codes. Specifically, it warned about cybercriminals tampering with both digital and physical QR codes.

The FBI is issuing this announcement to raise awareness of malicious Quick Response (QR) codes. Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.

Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site…

Fact #3 : FBI Advisory Did Not Mention Restaurant / Menu

Interestingly, the entire FBI advisory did not once mention restaurants or menus, and that makes a lot of sense.

It is odd to focus on the risk of using QR codes for online menus in restaurants, when they are used in so many other ways today – from making mobile payments, as mobile tickets, login tokens, etc.

Any security risk involving restaurant menu QR codes would also apply to QR codes used for other purposes. So it really doesn’t make sense for the FBI to “pick on” restaurant menu QR codes.

Recommended : Can Approve New Participant block WhatsApp hackers?!

Fact #4 : QR Code Is Not Malicious In Nature

QR code (which is short for Quick Response code) is not nefarious or malicious in nature. The FB advisory specifically pointed that out – “QR codes are not malicious in nature“.

The QR code is merely a type of two dimensional barcode that was invented in 1994 by the Japanese company, Denso Wave, to track automotive parts. It has since been adopted for other purposes because it is more efficient and can support more than just numbers. For example, Version 40 QR code can contain up to 7,089 numbers or 4,296 characters.

Ultimately, a QR code is nothing more than a series of numbers or characters – data which can be used for a variety of purposes, including providing a link to an online restaurant menu.

Fact #5 : QR Code Can Be Tampered With

It is true that QR codes can be tampered with. In fact, the FBI advisory was issued after Texas police departments discovered fraudulent QR code stickers on parking meters in San Antonio and Austin. Drivers who scanned those fake QR codes were taken to a scam website. instead of the real payment website.

Hence, the FBI issued that warning to remind people to check the URL link to make sure that it is the intended website, and not a phishing page with a similar link. For example, the fake website may use www.quikpay.com when the real website is www.quickpay.com.

To completely avoid this risk, avoid using QR code to access a payment website. Always go directly to the payment website on your smartphone’s web browser by keying in the link yourself. Genuine payment labels with a QR code will often include a direct URL link for you to use as a safer alternative.

Recommended : How To Block Facebook Ads + Pay Scammers!

Fact #6 : Restaurant Menu QR Code Is Low Risk

While scammers can place fraudulent QR codes over genuine ones at restaurants, bars, and other eateries, this is a very unlikely attack vector.

That’s because restaurants often use QR codes to redirect you to an online system to order food and drinks for your table. Imagine if you scan a fraudulent QR code and are asked to key in your credit card details. That would be absurd, and you would surely complain to the waiter since you haven’t even ordered your food!

In most cases, you are not expected to pay at the table using QR code. You either pay using cash / credit card / mobile payment using QR code at the payment counter. Even if that QR code is compromised, the cashier would notice it immediately as any payment made using that QR code would not reflect in the restaurant’s point-of-sale (POS) system.

And payment only occurs after dining – a fraudulent QR code that leads you to a fake website won’t allow you to actually order anything, since it’s not connected to the real restaurant and its ordering system. That’s why this attack vector is highly improbable.

In any case, many restaurants now generate temporary QR codes on disposable paper stubs to avoid this risk. The QR code is only valid for your dining session. The next person to dine at the same table will receive a different QR code.

Fact #7 : QR Code Can Potentially Inject Malware

It is possible for QR code to inject malware into the smartphone that you are using to scan. In fact, there are apps like QRGen that allow scammers / hackers to easily generate malicious QR codes. However, it isn’t quite as simple as the article makes it out to be.

For one thing – malware and exploits are limited to specific operating systems or phone models. For example, an Android exploit / malware won’t work on iPhones. Or an exploit / malware that makes use of an Android 11 vulnerability won’t work on newer / updated Android smartphones since they would have patched the exploit.

Second – any malware will require considerable amounts of code to load. The scammer / hacker will have to use an enormous QR code like the version 40 example below, or it will need to convince you to download and install the malware package itself.

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Genuine restaurant menu QR codes are simple – like the version 1 / version 10 examples above, because they only serve a link to their online menu / ordering system. If you see a large and complex QR code like the version 40 example, avoid scanning it, and ask the restaurant staff to verify its authenticity.

Restaurant menu QR codes would also never ask you to download or install anything. They only serve to load a link to an online menu / ordering system, so if you are asked to download or install anything, do NOT proceed, and notify the restaurant.

These tips also apply to other businesses that use QR codes to show you a menu, discounts, offers, information, etc.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Microsoft : No More Windows 10 Updates, EOL In 2025!

Microsoft will no longer issue major Windows 10 updates, and will end support for the operating system in October 2025!

 

Microsoft : No More Windows 10 Updates, EOL In 2025!

On Thursday, 27 April 2023, Microsoft announced that it will no longer issue any further major Windows 10 update. The current 22H2 version that was released in October 2022, and entered broad deployment on November 18, 2022, would be the final version of Windows 10.

In addition, Microsoft announced that all editions of Windows 10 will reach the end of support on October 14, 2025.

  • Windows 10 Home
  • Windows 10 Pro
  • Windows 10 Enterprise
  • Windows 10 Education
  • Windows 10 Pro Education
  • Windows 10 Pro for Workstations
  • Windows 10 IoT Enterprise

However, Microsoft will continue to issue monthly security update releases (including Windows Defender updates) until that EOL date.

Windows 10 will reach end of support on October 14, 2025. The current version, 22H2, will be the final version of Windows 10, and all editions will remain in support with monthly security update releases through that date. Existing LTSC releases will continue to receive updates beyond that date based on their specific lifecycles.

The only exception will be existing LTSC (Long Term Servicing Channel) releases – they will continue to receive updates beyond that EOL date, based on their specific lifecycles.

  • Windows 10 Enterprise LTSC 2019 : Jan. 9, 2029
  • Windows 10 IoT LTSC 2019 Core : Jan. 9, 2029
  • Windows 10 IoT Core LTSC : Jan. 9, 2029
  • Windows 10 Enterprise LTSC 2021 : Jan. 12, 2027
  • Windows 10 IoT Enterprise LTSC 2019 : Jan. 9, 2029
  • Windows 10 IoT Enterprise LTSC 2021 : Jan. 13, 2032

Microsoft also took the opportunity to announce that two Windows 11 LTSC releases will be available in the second half of 2024:

  • Windows 11 Enterprise LTSC
  • Windows 11 IoT Enterprise LTSC

Enterprise users who want to plan and test applications and hardware while waiting for a Windows 11 LTSC release, should start doing so with the current Windows 11 22H2 edition.

 

Microsoft : Please Upgrade Before Windows 10 EOL!

Microsoft is therefore encouraging users to transition to Windows 11, because it will no longer release any feature upgrades.

Despite Windows 11 being introduced over 1.5 years ago, many Windows 10 users still refuse to upgrade / migrate to Windows 11.

According to the both Steam Store’s March 2023 and StatCounter’s survey, more than 73% of Windows-based PCs are still running on Windows 10!

On its part, Microsoft stopped selling Windows 120 downloads in January 2023, but until Microsoft starts cutting off security updates in October 2025, there will be little impetus for Windows 10 users to migrate to Windows 11.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Approve New Participant block WhatsApp hackers?!

Can the new Approve New Participant feature in WhatsApp block hackers?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Turn On WhatsApp Approve New Participant To Block Hackers!

WhatsApp started introducing a new feature called Approve New Participant, on 11 March 2023.

This new feature was only available to WhatsApp Group administrators, and went pretty much unnoticed by most WhatsApp users, until this claim went viral on WhatsApp and social media platforms:

CYBER SECURITY ALERT
Announcement

Let’s look sharp all admins*
WhatsApp has added a new security feature to prevent hackers from joining Groups.
I Hope Admins will take advantage of this feature.

*Admins* should go to group settings and
‘TURN ON’ Approve New Participant.

This will prevent unauthorized access for hackers.

WHATSAPP ADMINS ALERT!!!

That WhatsApp cybersecurity alert was unsigned, so we have no idea who created it. But once it went viral, WhatsApp users started asking their group administrator to turn it on to block hackers.

But does the new Approve New Participant feature really block hackers from attacking WhatsApp groups?

Recommended : Scam Alert : Watch Out For Telegram Phishing Attack!

 

Truth : WhatsApp Approve New Participant Does Not Block Hackers!

This is yet another example of FAKE NEWS circulating on WhatsApp, and social media platforms like Facebook and Twitter, and here are the reasons why…

Fact #1 : Approve New Participant Is Not A Cybersecurity Feature

First, let me just point out that Approve New Participant is not a cybersecurity feature. WhatsApp introduced the this feature to help group administrators “grow, moderate, and protect their groups“.

The Approve New Participants setting empowers admins to help grow, moderate, and protect their groups. Turning on the setting in Group Settings requires the admin to review every request to join the group before a participant is allowed to join. This feature enhances privacy and security for all participants in the group.

This feature is designed to protect private groups by preventing people from simply joining them using an invite link.

This is a major security concern for private groups, as it exposes the group chats to people who may not be authorised to view them. However, this is not a concern for open groups, as they are open to one and all.

Fact #2 : Approve New Participant Cannot Block Hackers

When a group turns on Approve New Participant, admin approval is required to join a group. People who attempt to join the group will see a Request to join button, with the message “An admin must approve your request”.

After clicking on Request to join, those who wish to join the group are allowed to share their Reason for the request, or Cancel Request.

Once the group administrators get the request, they can either approve or reject the request. Group administrators can also start a chat with the person to request more information.

All that is great for vetting people who want to join an exclusive WhatsApp group, but this new feature does not block hackers, as the group administrator will not know who is, or is not a hacker. It’s not like those WhatsApp accounts have a “hacker” or “not a hacker” label!

Hackers can use social engineering techniques to trick the group administrators into approving their requests, or they can simply use phishing attacks to take over the WhatsApp accounts of existing group participants!

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Fact #3 : Approve New Participant Is Disabled By Default

Cybersecurity features that are designed to block hackers will always be enabled by default – why would they be optional?

Yet, the new Approve New Participant feature is OPTIONAL in WhatsApp, and is DISABLED by default. That is because this is not a cybersecurity feature designed to block hackers.

Many WhatsApp groups are open for anyone to join, and turning on Approve New Participant would be pointless as group administrators would not know the identity of the people joining their groups.

This is why it is up to the WhatsApp group administrators to determine if it is suitable for them to use the new Approve New Participant feature, or not.

Private groups will want to turn this on, to vet people who request to join. But open groups will want this feature disabled, or their administrators will be overwhelmed with joining requests.

Fact #4 : Group Participants Can Always Be Removed

Here’s another reason why blocking new participants joining automatically does not block hackers – group participants can always be removed.

Let’s say a hacker, or an unauthorised person, gains access to your WhatsApp group. It doesn’t mean he/she can stay in your group forever. Any group administrator can remove that person.

This new feature only helps group administrators pre-vet people who want to join their group, instead of kicking them out after they have already joined.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : Watch Out For Telegram Phishing Attack!

Watch out for the phishing attack that will allow scammers to take over your Telegram account!

 

Scam Alert : Watch Out For Telegram Phishing Attack!

Scammers are now targeting Telegram users with a phishing attack that is designed to trick them into giving up their accounts! The Telegram phishing attack works like this:

Step 1 : The scammer gains control of your friend’s Telegram account, and sends this message to you:

Dear Telegram users. The system detects that this account is abnormal and has potential security risks.

To ensure that you can log in to your account normally, you need to invite friends for auxiliary verification  

The risk control account has not been verified. The system will cancel the account after 24 hours! 

Personal Information Authentication:[link removed]

Step 2 : The scammer, masquerading as your friend, asks you to help him/her verify his/her Telegram account by clicking on the link.

There are security risks in my account, and I need friends to help me verify it. Please click on the official link to help me verify it and follow the prompts. thank you

Step 3 : If you click on the [removed] link to help your friend, you will be taken to a website that looks like an official Telegram website. DO NOT DO THIS.

Step 4 : You will be asked to log into your Telegram account on the fake website. DO NOT DO THIS.

Step 5 : The fake Telegram website will ask you to key in your Login code, or take and upload a screenshot of your Telegram. DO NOT DO THIS.

Step 6 : If you continue, the scammer will be able to take over your Telegram account, and use it to scam your friends by asking them for money, etc.

The scammer will also have access to your Telegram chats, and all associated media including photos and videos, which could potentially be leaked or used to extort you or other people.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

 

How To Protect Against Telegram Phishing Attack

A phishing (pronounced as fishing) attack is a social engineering attack, that uses your trust for an institution (like a bank), authority (Telegram), or someone you know, to give up your login details.

Here are some ways you can protect yourself against any phishing attack on Telegram, or other platforms.

Verify Identity Before Trusting

Many people fall for phishing attacks because it is human nature to trust your friends and to help them. However, on instant messaging apps, you don’t actually know if it’s really your friend on the other end!

So if a friend messages you on Telegram, WhatsApp, Facebook, Twitter, Instagram, etc to ask for help, ALWAYS verify their identity before proceeding.

If possible, call or message your friend on the phone, or via a different platform (use WhatsApp if the request came on Telegram, for example).

But if you are unable to call your friend, try asking the other person something that only your real friend would know:

  • Do NOT ask questions like “Are you really Sarah??
  • Do NOT ask questions that can be answered by reading previous chat messages.
  • Ask something that only you and your friend would know, like “Hey Sarah, what was that restaurant we went to last week?
  • Ask a fake question that your friend would readily know is not true, like “Hey Sarah, are you coming over tonight?

If the other person cannot answer or gives you the wrong answer, he/she is not your friend, and that account has likely been taken over by a scammer.

Recommended : How To Block Facebook Ads + Pay Scammers!

Look At The Link

Whenever you see a link being shared, always check if it leads to a legitimate website, or attempts to masquerade as a real website, by substituting characters in the link.

This Telegram phishing attack, for example, uses a link to telegram.0rg.ee. The real Telegram domain name is telegram.org. This is called domain spoofing.

If you see an attempt to impersonate a legitimate website by using a similar-looking domain name, do NOT click on it.

Never Login Via A Link

It is common for people to share links on Telegram, and in Telegram groups. Heck, we share links to our article in the Tech ARP Telegram group!

Clicking on links in Telegram, WhatsApp, emails, etc. is not dangerous, because most lead to legitimate websites that do NOT require you to log in.

What is dangerous is logging into any website through a link. I cannot hammer this enough – NEVER LOG INTO ANY WEBSITE through a link!

Phishing attacks work by tricking you into going into a fake website that looks like the real website. But you still have to log into the fake website to give the scammers your login details.

If you click on a link, and you are asked to login – this is likely a phishing attack. But don’t worry – as long as you refuse to log into any website after clicking on a link, the phishing attack fails.

Turn On Two-Step Verification

All banking platforms, and many mobile apps now offer two-step verification to prevent scammers from taking over user accounts. However, this is often an optional feature that you must manually enable.

Telegram has a two-step verification feature, which prevents scammers and hackers from hijacking your account by requiring a secret password that only you will know.

Please follow our guide on how to turn on Two-Step Verification in Telegram.

Just make sure you do NOT give that password out to anyone, or key it into any website!

Read more : How To Turn On Two-Step Verification In Telegram!

Warn Your Family + Friends!

It is important to publicise phishing attacks, whenever they happen. If people are alerted, they are less likely to fall for such attacks.

However, scammers and hackers can quickly change the way their phishing attack works, so it is important that people understand how phishing attacks work in general.

You can help prevent phishing attacks by sharing this articles, and other cybersecurity warnings, with your family and friends.

Please help us FIGHT SCAMMERS by sharing this cybersecurity article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Pinduoduo App Contains Persistent Spy Malware!

One of China’s most popular apps – Pinduoduo apparently contains a malware that monitors user activities and is difficult to remove!

Take a look at what CNN and multiple cybersecurity researchers have discovered about Pinduoduo!

 

Pinduoduo : What Is It?

Pinduoduo is actually a Chinese online retailer. Think of it as China’s Amazon. While Amazon started as an online bookstore, Pinduoduo started as an online agricultural retailer.

Since then, Pinduoduo has become one of China’s most popular online shopping platform, with its app offering its 750 million users access to cheap products in China, by offering steep discounts on group buying orders.

Despite its meteoric rise, Pinduoduo has not been without its controversies. In 2018, the company was criticised for hosting inferior and imitation products, to which it responded by taking down more than 4 million listing and shutting down 1,128 stores.

In 2019, Pinduoduo was hit by hackers who stole discount coupons worth tens of millions of Yuan. And just last month, Google suspended the Pinduoduo app after discovering that versions offered outside its Play Store contained malware.

The Off-Play versions of the e-commerce app that have been found to contain malware have been enforced on via Google Play Protect.

Read more : How To Block Facebook Ads + Pay Scammers!

 

Pinduoduo App Contains Persistent Spy Malware!

Western interest may have been initiated by Google suspending the Pinduoduo app, but cybersecurity experts had already started looking into the app, and what they discovered was very troubling.

Alert First Raised By Chinese Cybersecurity Company

I think we should start by noting that it was a Chinese cybersecurity company called Dark Navy that first raised concerns about malware in the Pinduoduo app in February 2023.

Although Dark Navy did not name Pinduoduo in its report, cybersecurity researchers knew who it was referring to and soon followed up with their own investigations and reports, confirming Dark Navy’s report.

Sophisticated Malware

Half a dozen cybersecurity teams from Asia, Europe and the United States identified sophisticated malware in the Pinduoduo app that were designed to exploit vulnerabilities in the Android operating system used by many smartphones.

The malware allows the Pinduoduo app to bypass Android security features to monitor activities in other apps, check notifications, read private messages, and even change settings. It is also difficult to remove once installed.

Mikko Hyppönen, chief research officer at WithSecure, a Finnish cybersecurity firm, said that:

We haven’t seen a mainstream app like this trying to escalate their privileges to gain access to things that they’re not supposed to gain access to. This is highly unusual, and it is pretty damning for Pinduoduo.

Read more : Can SIM Swap empty bank accounts without warning?!

Dedicated Hacking Team To Look For Vulnerabilities

Even more damning, CNN reported that a current employee revealed that Pinduoduo set up a team of about 100 engineers and product managers to look for vulnerabilities in Android smartphones, and find ways to exploit them for profit.

To avoid exposure, the source said that the company targeted users in rural areas and smaller towns, and avoided users in megacities like Beijing and Shanghai.

By collecting expansive data on those users, Pinduoduo was able to create a comprehensive portrait of their habits, interests, and preferences; while improving its machine learning models to personalise push notifications and ads.

Pinduoduo App Gained More Access Than Allowed

Three cybersecurity companies – WithSecure, Check Point Research, and Oversecured conducted independent analysis of version 6.49.0 of the Pinduoduo app that was released in late February 2023, and found code designed to achieve “privilege escalation” – a type of cyberattack that exploits vulnerabilities in the operating system to gain a higher level of access to data that it’s supposed to have.

Our team has reverse engineered that code and we can confirm that it tries to escalate rights, tries to gain access to things normal apps wouldn’t be able to do on Android phones.

The Pinduoduo app was able to continue running in the background, and prevent itself from being uninstalled. This was apparently done to boost the platform’s statistic for monthly active users.

Pinduoduo App Has Access To User Data Without Consent

Delware-based app security start-up, Oversecured, found that the Pinduoduo app had access to user data like locations, contacts, calendars, notifications, and photo albums, without their consent.

The app was also able to change system settings, and access user social media accounts and chats.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Pinduoduo App Also Snooped On Other Apps

The Pinduoduo app also had the ability to snoop on competing shopping apps, by tracking activity on other shopping apps, and gathering information from them.

Pinduoduo App Able To Secretly Receive Updates

Check Point Research found that Pinduoduo was able to push updates to the app, without first going through an app store review process to detect malicious code.

Pinduoduo App Programmers Attempted To Obscure Malicious Code

Check Point Research also found that some plug-ins used by the Pinduoduo app tried to obscure potentially malicious code by hiding them under legitimate file names, such as Google’s.

Such a technique is widely used by malware developers that inject malicious code into applications that have legitimate functionality.

Pinduoduo Targeted Android Devices

According to Sergey Toshin, founder of Oversecured, Pinduoduo’s malware specifically targeted Android operating systems used by Samsung, HUAWEI, Xiaomi and OPPO.

He also described the app as “the most dangerous malware” ever found in mainstream apps, exploiting about 50 Android system vulnerabilities. Most of these exploits targeted customised OEM code used by smartphone brands to customise their smartphone software.

I’ve never seen anything like this before. It’s like, super expansive.

Recommended : Chinese Netizens Explode Over WPS Office Censorship!

Pinduoduo Removed Exploit + Canned Hacking Team

After cybersecurity researchers started reporting about the app, Pinduoduo released version 6.50.0 on March 5, which removed the exploits they found. Two days later, Pinduoduo disbanded its Android hacking team, according to the same employee.

The hacking team members found themselves locked out of Pinduoduo’s workspace communication app, called Knock, and lost access to files on the company’s internal network, with their privileges revoked.

Most of the team was later transferred to work at Pinduoduo’s sister app, Temu. A core group of about 20 cybersecurity engineers however remain at Pinduoduo.

In addition, Sergey Toshin of Oversecured noted that while the exploits were removed in the new version of Pinduoduo, the underlying code remained and could be reactivated to carry out attacks.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Block Facebook Ads + Pay Scammers!

Many Facebook users are getting hit by the Facebook Ads and Facebook Pay scams! Here is how you can prevent it from happening to you!

 

Facebook Ads + Pay Scam Hits Many Bank Customers!

Many bank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved. Some have also stated that their credit or debit cards were used to purchase goods and services using Facebook Pay.

Stephanie WongI found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately. They helped me to cancel the card but then the thing happened again this morning.

@ruffleseedI heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS. @MyMaybank has yet to answer us re: this intrusion.

@ItsNeoah : Banyak kali kena kat credit card ambank. Alhamdulilah call ambank dia mintak isi dispute form then tgok next cycle bil dah takde. Letih ngan scammer ni.

Translation : [My] Ambank credit card got hit many times. Alhamdulillah, after calling Ambank, they asked me to fill out a dispute form, then when I checked the next bill cycle [the charges] was removed. Tired of this scammer.

[/su_note]

Read more : Facebook Ads Scam Hits Many Maybank Customers!

 

How To Block Facebook Ads + Pay Scammers!

Here are some ways to prevent getting hit by the Facebook Ads scam, whether you are a bank customer in Malaysia or other countries.

Do NOT Use Debit Cards

First, you should NEVER use a debit card if you can help it. You should certainly not use a debit card online, or register it on any online or mobile payment platform, whether it’s for Apple Pay, Google Pay, or Facebook Pay.

It doesn’t matter if Bill Gates or Elon Musk or BTS endorses debit cards. DO NOT USE DEBIT CARDS!

You should certainly never use your debit card to fund Facebook advertisements. Always use a credit card, which offers you some protection against such fraudulent transactions.

Disable Your ATM Card’s Debit Card Function

Even if you have never requested for a debit card, you likely already own one – your ATM card likely doubles as a debit card! Banks have been forcing customers to take on debit cards, often by making ATM cards double as debit cards.

If possible, ask your bank to disable debit card function in your ATM card. But it is likely that they will refuse to do so – they make money from debit card transactions after all!

If your bank refuses to disable the debit card function in your ATM card, you can ask them to set the limit to ZERO. That will effectively block scammers from accessing your bank account!

Monitor Your Credit Card Transactions

Using a credit card to purchase products and services on online and mobile payment platforms offers you some protection against fraud, but you must always monitor the transactions and report any fraudulent transactions right away.

Depending on the country and card network, you usually have about 60 days to dispute credit card charges. So don’t wait. Report them as soon as you spot them! This will reduce the loss and reports you make, and speeds up the refund process.

Recommended : Maybank FB Ads Scam : How To Recover Your Money?!

Remove Your Credit Cards ASAP

If you register your credit cards for use with Facebook Ads or Facebook Pay, try to REMOVE them as soon as you are done.

Do NOT leave them registered to your Facebook Ads or Facebook Pay account, as a scammer or hacker who gains access to your Facebook account can make fraudulent purchases or run fraudulent advertisements using those credit cards without additional verification.

That appears to be the modus operandi of the Facebook Ads scam that has affected so many Maybank customers in recent weeks.

But if you have never registered your credit or debit cards with Facebook, or removed them after using, even if scammers hacked into your Facebook account or gained access through phishing attacks, they won’t be able to use your credit or debit cards!

Enable PIN For Facebook Pay

If you are using Facebook Pay, a scammer who gains access to your Facebook account could potentially use the debit or credit cards you registered earlier to make fraudulent transactions.

To prevent that, you should enable PIN confirmation for Facebook Pay:

  1. Go to Settings in the Facebook website (not app).
  2. Go to Account Settings, and select Orders and payments.
  3. In the Orders and payments page, select Settings.
  4. In the Security section, select Require PIN Confirmation.
  5. You will be asked to enter a 4-digit number as your PIN.
  6. Key in the 4-digit number again to confirm your PIN.

After that, you will be required to key in the 4-digit PIN whenever you make a payment, or change your bank account details, or connect your payment info with other Meta apps.

Recommended : Can Greeting Photos + Videos Hack Your Phone?!

Turn On Two-Factor Authentication

To make it harder for scammers / hackers to gain access to your Facebook account, turn on two-factor authentication:

  1. Go to your Security and Login Settings.
  2. Scroll down to Use two-factor authentication and click Edit.
  3. Choose the security method you want to add and follow the on-screen instructions.
When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:
Once you’ve turned on two-factor authentication, you can get 10 recovery login codes to use when you’re unable to use your phone.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Maybank FB Ads Scam : How To Recover Your Money?!

If you are one of the many Maybank (MBB) customers who got hit by the Facebook Ads scam, here is how you can recover your money!

 

Facebook Ads Scam Hits Many Maybank Customers!

Many Maybank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved.

Stephanie Wong : I think i am a very cautious person as I did not link my card to any platform or make purchase through any unsafe website at ALL, but it still happens to me.

I found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately.

They helped me to cancel the card but then the thing happened again this morning.

@ruffleseedI heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS.

@MyMaybank has yet to answer us re: this intrusion.

Read more : Facebook Ads Scam Hits Many Maybank Customers!

 

Maybank FB Ads Scam : How To Recover Money?!

Generally, you should NEVER use a debit card because it does not offer the protection a credit card does – money is withdrawn directly from your bank account, and the bank is not legally obliged to refund any money lost through scams.

However, Hafizah Ayko who was once a victim shared her experience on how she managed to recover money, even though the scammers used her debit card to run those fake Facebook advertisements.

To help you recover any money you may have lost to Facebook Ads scammers, I translated and “improved” her instructions for you:

Disable Your Debit / Credit Card

First, you need to quickly disable your debit or credit card. You can call up the bank, or in Maybank’s case:

Step 1 : Log into your Maybank2U account.

Step 2 : Go to Cards, and select Manage My Debit Card.

Step 3 : Select Debit Card – Replace, Renew, Activate & Block.

Step 4 : Select Block Debit Card. You will need to get a replacement card from any Maybank branch later.

If you feel that the above steps are too complicated, an alternative method would be to immediately transfer your money to another bank account, if you have one.

But please DO NOT transfer your money to another person’s account. Only transfer your money to another bank account that you own.

NEVER EVER transfer your money to a third party, especially they claim to be police officers or bank officers trying to help you. That is a scam!

Police departments and banks do NOT have special bank accounts to hold and protect your money during scams. And legitimate police and bank officers are NOT authorised to receive money, and will NEVER ask you to transfer money to their bank accounts.

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Disable Facebook Ads

Next, you need to immediately disable all advertisements that the scammer has set up using your Facebook account. The longer they continue to run, the more you are being charged for them!

Step 1 : Go to your Facebook account, and select See all.

Step 2 : Select Ads Manager.

Step 3 : You should see a bunch of fraudulent advertisements running. Turn all of them off.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Ask Facebook For Refund

After turning off the fraudulent advertisements, you need to report them, and ask Facebook for a refund.

Step 1 : Go to Ad account settings, and select Report a problem at the lower right corner.

Step 2 : Select Ad Policy or Fraud. Then select Fraudulent Activity.

Step 3 : Explain your situation the best you can, and upload any screenshots you have, and send the report.

After that, Facebook should respond that they would issue a refund for the fraudulent transactions in 3-5 business days!

Alternatively, you can submit report unauthorised or unknown charges to Facebook using this online form.

Recommended : Can SIM Swap empty bank accounts without warning?!

Ask Your Bank For A Refund

You should also report the fraudulent transactions to your bank and request for a refund. This works for credit cards, but you should nevertheless give it a try even if the scammers hit your debit card.

Step 1 : Download the Maybank Dispute Form.

Step 2 : Print or directly fill in the information into the PDF form.

Step 3 : Email the form to disputemgmt@maybank.com.my, together with any relevant screenshots, within 20 days from the closing date of the billing period.

Again, banks are not obliged to refund fraudulent charges to debit cards, as the money is withdrawn directly from your bank account. But there is no harm trying.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Facebook Ads Scam Hits Many Maybank Customers!

Many Maybank (MBB) customers are getting hit by the Facebook Ads scam!

Find out what’s going on, and what you can do to avoid this Facebook Ads scam!

 

Facebook Ads Scam Hits Many Maybank Customers!

Many Maybank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved.

Stephanie Wong : I think i am a very cautious person as I did not link my card to any platform or make purchase through any unsafe website at ALL, but it still happens to me.

I found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately.

They helped me to cancel the card but then the thing happened again this morning.

@ruffleseedI heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS.

@MyMaybank has yet to answer us re: this intrusion.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Fahim Fahmi : Begitu saja duit kena curi 😢

Translation : That’s how [my] money got stolen 😢

Danish Ihsan : Aku dah kena jugak, satu hari 2 transaction.. nasib sedaq awai, habis rm800.. kalau tak lagi banyak.. maybank dah tak selamat, tadi kat bank pun ada akak kena jugak transfer to others acc beribu2 jugak lah,. Solusi, jangan guna maybank buat masa sekarang..

Translation : I got with with 2 transactions in one day.. luckily, I realised early, but lost rm800.. if not it would have been more.. maybank is not safe, just now at the bank a lady transferred thousands [of ringgit] to other people’s account. Solution, don’t use Maybank for now..

Recommended : Watch Out For TNG eWallet SMS Phishing Scam!

 

Analysis : Facebook Ads Scam May Not Be Related To Maybank

Many of those customers are angry with Maybank over these fraudulent charges to their debit cards, which meant the money was directly withdrawn from their bank accounts.

However, on closer analysis, the scammers may not necessarily be taking advantage of leaked Maybank debit card information, or hacked Maybank itself…

Fact #1 : Other Bank Customers Are Affected Too

While most recent Facebook Ads scam cases appear to be affecting Maybank customers, other bank customers are reporting that they took were charged for those fraudulent advertisements.

@eeshepeeka : nohh laki cek pun kena last week tp kat CIMB. ada few transaction for 2 days nasib dia tolak sikit2. sekali deduct RM12+ sehari 3x ja. deduction description pun sama sebiji cam dlm gambaq tu. haiyaa

Translation : Well, my husband also got [scammed] last week but at CIMB. there were a few transactions for 2 days, but luckily [the scammer] deducted only small amounts. each time deducting RM12+ a day for 3 times. The deduction description is the same as the one in the picture. haiyaa

@ItsNeoah : Banyak kali kena kat credit card ambank. Alhamdulilah call ambank dia mintak isi dispute form then tgok next cycle bil dah takde. Letih ngan scammer ni.

Translation : [My] Ambank credit card got hit many times. Alhamdulillah, after calling Ambank, they asked me to fill out a dispute form, then when I checked the next bill cycle [the charges] was removed. Tired of this scammer.

Recommended : Can SIM Swap empty bank accounts without warning?!

Fact #2 : Most Of Them Ran Facebook Ads In The Past

In addition to analysing their stories, I also spoke to someone who knows several Maybank customers who got hit by the scam. From what I can ascertain, most of them ran Facebook Ads in the past.

Stephanie Wong : 3.) Did not run any ads recently, but few years ago

@wnn_tasha : I last pakai FB ad guna akaun ni tahun 2018. Silap tak remove payment method tu.

Translation : I last used FB ad using this account in 2018. My mistake for not removing the payment method.

They said that they paid for Facebook page a few years ago to boost their audience.

That said, at least two Maybank customers said that they have never registered any debit or credit card with Facebook:

Fahim Fahmi : Tak pernah ada link kad dengan FB atau social media yang lain

Translation : [I] never linked [any] card with FB or other social media

@ruffleseed : I have never set up payment methods on Facebook nor have I ever used Facebook ads.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Fact #3 : Scammer Likely Got Access To Those Facebook Accounts

What is interesting is that most of those who were affected by this Facebook Ads scam reported that their Facebook accounts were used to create and run those ads.

If their debit or credit cards were merely stolen, the scammers could have created a new Facebook account to use those stolen cards to run Facebook ads.

Fortunately, one of the victims “caught” the scammer logging into her account from the United States. This clearly shows that the Facebook Ads scam requires the scammer to gain access to their Facebook accounts.

It is likely that the scammers gained access to their victims’ Facebook accounts using phishing attacks, and simply used the debit or credit cards that those victims earlier registered with Facebook to run advertisements in the past.

Fact #4 : Facebook Auto-Fill Is Not The Problem

After these cases went viral, people blamed the Auto-Fill feature in Facebook, and shared videos and photos on how to disable it.

The truth is – this Facebook Ads scam very likely has nothing to do with Auto-Fill, which is a feature used in many other services and platforms.

Auto-Fill only makes it easier to fill in your debit or credit card details. It does not bypass any verification that is required to make a payment.

Read more : Must You Disable Facebook Auto-Fill To Block Scams?!

Fact #5 : You Can Recover Your Money!

Now, this is important – you need to move fast to cut your losses, and recover the money. You can also improve your Facebook account security to prevent it from happening again.

For more details, please read our guide – Maybank FB Ads Scam : How To Recover Money?!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Must You Disable Facebook Auto-Fill To Block Scams?!

Must you immediately disable Auto-Fill in Facebook to block scams?!

Here is what you need to know about Facebook Auto-Fill, and getting scammed on Facebook!

 

Claim : Facebook Auto-Fill Opens You To Scams!

People are sharing warnings about Facebook Auto-Fill, together with instructions on how to disable it to block Facebook Ads scams.

Guys check ur Facebook
And make sure these are OFF
this week a lot of MBB customers kena scam

1. Please check your bank account.
2. Please disable ‘auto-fill’ option in Facebook…

Recommended : Facebook Ads Scam Hits Many Maybank Customers!

 

Truth : Facebook Auto-Fill Does Not Open You To Scams

There appears to be a spate of scams involving Facebook Ads and Maybank users, but it does not appear to be related to the Facebook Auto-Fill feature, and here are the reasons why…

Fact #1 : Facebook Introduced Auto-Fill In 2013

Facebook started introducing Auto-Fill sometime in September 2013, and gradually rolled it out globally over the years, so this is not a new feature.

Fact #2 : Many App Use Auto-Fill

Facebook isn’t the only app or platform to use Auto-Fill. Many services and platforms use Auto-Fill to make it easier to fill up forms and make payments.

The Auto-Fill feature is used in most, if not all, e-commerce / online shopping / online payment platforms, to expedite payments. The idea is that if they make it easier it is for you to pay, you will tend to buy more!

Many apps and services also use Auto-Fill to help you fill onerous forms with common details like your full name, email address, address and telephone number.

Fact #3 : Facebook Does Not Automatically Have Your Details

Facebook enables Auto-Fill by default for forms and payment, but that does not mean it has access to your debit or credit cards, or even your personal details. You need to manually key in your Contact Info and/or Payment Info for Facebook Auto-Fill to work.

If you have never given Facebook your credit card details, there is no way for its Auto-Fill to automatically fill in the credit card details for any transaction. Even if a scammer gains access to your Facebook account, he/she cannot use Auto-Fill because you never keyed in your debit or credit card details in the first place!

I did a quick check on two cases involving Maybank that came up recently (first example) (second example), and noticed that both parties who reported that they got fraudulently charged for Facebook Ads never registered their credit card with Facebook at all!

So whatever may be going on, it does not appear to be a Facebook Auto-Fill issue. But just in case you are worried, here are the latest steps on how to disable Auto-Fill on the Facebook mobile app.

  1. Tap on your icon at the upper right corner of the Facebook app to access the Menu.
  2. Scroll down the Menu until you see the Settings & privacy group.
  3. Tap on Settings.
  4. Scroll down the Settings & privacy page, and tap on Browser.
  5. Scroll down the Browser settings page to the Auto-fill section.
  6. You can tap on the Contact info and Payment info to check what information you shared with Facebook.
  7. To disable Auto-fill for contact information, unselect Auto-fill contact forms.
  8. To disable Auto-fill for payment, unselect Auto-fill payment forms.

Recommended : Can SIM Swap empty bank accounts without warning?!

Fact #4 : Auto-Fill Cannot Bypass TAC Verification

Even if you registered your credit card details with Facebook, and then use Auto-Fill to make a purchase, you will still need to authenticate that purchase.

Of course, it is possible to conduct a SIM swap attack, but that’s a different story altogether…

Fact #5 : Existing Facebook Ads Account Is A Risk

Those who have earlier registered a Facebook Ads account and ran advertisements may be at risk, because their credit cards would already be linked to their Facebook Ads account.

A scammer who gains access to their account (usually through phishing attacks) can easily create and run advertisements using their existing Facebook Ads account using the credit cards that have already been registered and approved earlier.

To minimise your risk, never ever use a debit card! Always use a CREDIT CARD, and always keep an eye on the transactions. Report to the bank once you see a fraudulent transaction.

But this has nothing to do with the Facebook Auto-Fill feature, and is not a concern if you never pre-approved your debit or credit cards with a Facebook Ads account.

Fact #5 : Existing Facebook Pay Account Is A Risk

Similarly, if you are using Facebook Pay, a scammer who gains access to your Facebook account could potentially use the debit or credit cards you registered earlier to make fraudulent transactions.

Again, you should NEVER use a debit card with Facebook Pay. Use a credit card, and always keep an eye on the transactions, and report to the bank once you see something fishy.

On top of that, you should enable PIN confirmation for Facebook Pay:

  1. Go to Settings in the Facebook website (not app).
  2. Go to Account Settings, and select Orders and payments.
  3. In the Orders and payments page, select Settings.
  4. In the Security section, select Require PIN Confirmation.
  5. You will be asked to enter a 4-digit number as your PIN.
  6. Key in the 4-digit number again to confirm your PIN.

After that, you will be required to key in the 4-digit PIN whenever you make a payment, or change your bank account details, or connect your payment info with other Meta apps.

Recommended : Maybank FB Ads Scam : How To Recover Money?!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

BitiCodes Scam Alert : Fake Celebrity Endorsements!

You may have seen celebrities endorsements of BitiCodes or Biti Codes circulating on Facebook and Instagram, but they are all FAKE.

Find out why there are so many fake celebrity endorsements of Biticodes / Biti Codes, and how they are doing it!

 

BitiCodes / Biti Codes : Fake Celebrity Endorsements

BitiCodes or Biti Codes claims to be “the crypto industry’s most accurate AI auto-trading app“, which “works by automatically placing trades… using trading bots to strengthen your chances of making a profitable trade.”

If you never heard of it, you won’t be alone, because it’s mainly promoted via advertisements on Facebook, Instagram, etc. They are also promoting it through Google Ads like these examples, which will often appear in completely legitimate websites.

Clicking on those advertisements will lead to legitimate-looking articles from local or crypto publications, often with a celebrity endorsing Biticodes / Biti Codes.

Here in Malaysia, people will see Biticodes being endorsed by the likes of local politicians like Lim Guan Eng or Dr. Mahathir. But those in the cybersecurity industry will quickly realise that these articles are familiar because they are almost exact copies of scam articles used in the previous Bitcoin Revolution scam.

Looking for reviews of Biticodes or Biti Codes is pointless, because they appeared to have paid for advertorials in legitimate media outlets, which are (intentionally?) wrongly listed as “reviews”. Only at the very bottom do they include a disclaimer that it was a sponsored post.

Outlook India

Biticodes Reviews : Today we’ll be talking about one platform called Biticodes that you can use to make an extra source of income. It’s safe, and you do not need to worry about anything. It may help you earn good money in very less time.

Disclaimer : This is sponsored review content posted by us. All the information about the product is taken from the official website (and not fact-checked by us). Contact customer care phone number given on product’s official website for order cancellation, return, refund, payment, delivery etc. related issues. Must consult any financial specialist before investing in BitiCodes Auto-Trading Software.

Tribune India

Biticodes is real or scam review 2022 : With an astonishing success rate of 90%, BitiCodes has what it takes to be your go-to platform for cryptocurrency trading. It can execute multiple deals per second – a rate that even the most experienced cryptocurrency traders would be hard-pressed to match.

Disclaimer : The views and opinions expressed in the above article are independent professional judgment of the experts and The Tribune does not take any responsibility, in any manner whatsoever, for the accuracy of their views. Biticodes are solely liable for the correctness, reliability of the content and/or compliance of applicable laws. The above is non-editorial content and The Tribune does not vouch, endorse or guarantee any of the above content, nor is it responsible for them in any manner whatsoever. Please take all steps necessary to ascertain that any information and content provided is correct, updated, and verified.

In other words, those are NOT legitimate reviews, and the media outlets did not even test Biticodes / Biti Codes. Their disclaimers show that their “reviews” were paid content, written by Biticodes / Biticodes.

 

Avast Explains How BitiCodes Scam Works

In an August 2022 article, the cybersecurity company explained how the BitiCodes (also known as TeslaCoin) scam works:

The scam encourages people to pay to create an account and invest into a fraudulent crypto investment platform. There are two ways the campaign reaches potential victims: Through Facebook ads and email. Ultimately, victims can end up losing at least $250.

At the bottom of the page is a webform requesting site visitors to enter their name, email address, and phone number in order to register for the platform. The victim receives an email from a bot sparking a conversation in the victim’s language.

After a brief example exchange, the bot sends a link to a payment gateway, and asks the victim to transfer $250 in order to activate their trading account. Another scenario involves the bot emailing potential victims with steps to login to a cryptocurrency broker page, and after a few more emails, the bot sends a link to a payment gateway, asking the victim for a $250 initial investment.

I also investigated the articles and the BitiCodes website, and noticed that they are all using highly-suspicious domains and links:

  • celesteal.xyz/biticodes for the BitiCodes website (registered 23 Nov. 2022)
  • thedailypressbriefing.com/my for the BTC-News website (registered 29 Jan. 2023)
  • saveontaxesthisyear.tax for the BTC-News website (registered 6 Feb. 2023)

As you can see, the domains are not only completely unrelated to the article / websites, they are almost brand new! And if you go to their domain root, nothing loads. That is not how legitimate websites function. If you do a WHOIS lookup, you will discover that the owners of these domains are hidden.

Regardless of whether BitiCodes / Biti Codes itself is legitimate, you should avoid any article that do not tally with the official website, or with irrelevant domains.

Don’t fall for the scam. Avoid these BitiCodes / Biti Codes advertisements and fake celebrity endorsements.

Please help us fight fake news – SHARE this article, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Money | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Tenaga Nasional 33rd Anniversary Scam Alert!

Please watch out for the Tenaga Nasional 33th Anniversary survey contest scam!

Find out why it is just a SCAM, and WARN your family and friends!

 

Tenaga Nasional 33th Anniversary Survey Scam Alert!

People are now sharing the Tenaga Nasional 33th Anniversary messages on WhatsApp :

Congratulations!

Tenaga Nasional 33rd Anniversary National Government Power Subsidy!

Through the questionnaire, you will have a chance to get 1000 Ringgit

🎉 Tenaga Nasional 33rd Anniversary National Government Power Subsidy 🎊

Electricity subsidy is being issued…

Recommended : Petronas 50th Anniversary Scam Alert!

 

Tenaga Nasional 33th Anniversary Survey : Why This Is A Scam!

Unfortunately, this is yet another survey scam, like the Petronas 50th Anniversary scam!

Tenaga Nasional confirmed that this survey is a scam in a scam alert on their website on 6 February 2023.

Win Cash Rewards from TNB – 6/2/2023

TNB customers are advised to ignore survey links that claim they can win cash rewards from TNB.

TNB does not organize any kind of cash prize giveaway on social media. Please be careful and avoid spreading this false information.

I know many of us are in dire straits during the COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using the same survey scam they have been using for years :

Now, let me show you how to spot these scams next time!

If you spot any of these warning signs, DO NOT PROCEED and DO NOT SHARE!

Warning Sign #1 : Bad Grammar

Most of these scammers do not have a good command of the English language, so if you spot bad grammar, stay away.

Proper contests or events sponsored by major brands like Tenaga Nasional will have at least one PR or marketing person who will vet the text before allowing it to be posted.

Read more : Petronas 50th Anniversary Scam Alert!

Warning Sign #2 : Offering You Free Money Or Gifts

Please do NOT be naive. No one is going to give you money or free gifts just to participate in a survey!

Tenaga Nasional isn’t going to give you FREE money, just because it’s their anniversary.

They are a corporation whose business is to make money, not a charity to give you free money.

Warning Sign #3 : Not Using The Real Jaya Grocer Domain

A genuine Tenaga Nasional campaign would use their real domain – www.tnb.com.my.

Or they would run it off the official Tenaga Nasional page on Facebook – www.facebook.com/TNBCareline/.

If you see nonsensical domains like merefamily.top, 0yjjg61.cn, 1eaf1rnbeef.top, ldxqw.bar, etc. that’s a sign it’s a SCAM!

Warning Sign #4 : Asking You To Forward The Offer

No brand will insist that you must share the offer with 5 groups or 20 friends on WhatsApp or Facebook Messenger.

Do not click to forward their offer to your family and friends. They will not appreciate being scammed with your help!

Warning Sign #5 : Asking You To Download + Register An App

If you click through and joined the fake survey scam, you will eventually be asked to download and register for an app.

This is VERY DANGEROUS. Never agree to download and register for any unknown app from a website.

Always download your apps from an official App Store like Google Play Store (for Android smartphones) and Apple App Store (for iPhones).

Please help us fight scams like this and SHARE this article out!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > CybersecurityFact Check | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Is FIFA Giving Free 50GB Data For World Cup 2022?!

Is FIFA offering 50 GB of free mobile data to stream World Cup 2022 matches with no interruptions?!

Take a look at the viral offers, and find out why they are just scams!

Claim : FIFA Is Giving Free 50GB Data For World Cup 2022!

People are sharing viral offers for 50 GB of free mobile data to stream World Cup 2022 matches without interruption. Here are some examples :

* FIFA is giving people around the world 50GB of data for free to watch the 2022 Cartel [Qatar] World Cup.*
* I Have Received Mine.*
* OPEN THIS*

* FIFA memberi orang di seluruh dunia 50GB data secara percuma untuk menonton Piala Dunia Kartel [Qatar] 2022.*
* Saya Telah Menerima Milik Saya.*
* BUKA INI*

FREE 50GB DATA PLAN FOR ALL NETWORKS

PERCUMA PELAN DATA 50GB UNTUK SEMUA RANGKAIAN

 

Truth : FIFA Is Not Giving 50GB Free Data For World Cup 2022!

This is yet another SCAM circulating on WhatsApp and social media, and here are the reasons why you must avoid it!

Fact #1 : FIFA Is Not Offering Free Mobile Data

First, let me just say it out loud and clear – FIFA is not offering free mobile data anywhere in the world, just to watch World Cup 2022 matches.

FIFA makes its money through sale of television, marketing and licensing rights for World Cup 2022, so there is simply no reason for it to provide free mobile data to stream the matches.

Fact #2 : FIFA Would Never Give You Anything Free

Please do NOT be naive. No one is going to give you free data just to participate in a survey!

FIFA is a corporation whose business is to make money, not a charity to give you free data.

Fact #3 : They Do Not Use Official FIFA Domains

Genuine FIFA promotions would be announced on the official website at www.fifa.com, or their official social media accounts:

  • Facebook : https://www.facebook.com/fifaworldcup/
  • Twitter : https://twitter.com/fifacom
  • Instagram : https://www.instagram.com/fifaworldcup/

They would never run contests or promotions via dodgy domains like “subsidy.buzz”, “50g.kxoe1.xyz”, “50gb450.xyz”, or “zlqxt.top”.

Once you see those random domains, click delete. Or just ignore. DO NOT CLICK.

Fact #4 : They Are Advertisement Scams

After you click on the link, you will be redirected through a series of hidden advertisements before you arrive at the “offer page”.

The offer page will ask you a series of simple questions. Regardless of your answers, you will be congratulated and told you won the 50 GB free data plan for three months.

You will be asked to key in your mobile number to receive the free mobile data, but you will never receive anything. In one variant, you are even redirected to more advertisements, including a video advertisement.

Fact #5 : Brands Won’t Ask You To Forward The Contest

To get that free 50 GB data for three months, you are asked to share the “contest” with 12 friends or groups on WhatsApp.

That’s a clear sign of a scam. No brand will insist that you must share their contest or free offer with WhatsApp friends of groups.

Please do not click to forward their offer to your family and friends. They will not appreciate being scammed with your help!

Fact #6 : They Can Potentially Be Dangerous

Similar scams in the past have more dangerous variants, where you are asked to :
a) install an app, which is really a malware to keep sending you advertisements
b) enter your banking or credit card details, ostensibly to prove your identity or some other excuse

Needless to say – proceeding with this step will open you up to great risk of monetary loss. DO NOT PROCEED!

If you install their malware, you will start receiving promotions, some of which will ask you to send an SMS to receive expensive free gifts like laptops and smartphones.

If you proceed to send the confirmation SMS messages, you will be subscribed and billed for international premium SMS services.

This is VERY DANGEROUS. Never agree to download and register for any unknown app from a website.

Always download your apps from an official App Store like Google Play Store (for Android smartphones) and Apple App Store (for iPhones).

Fact #7 : They Are Just Another Example Of Online Scams

These are just more examples of online scams offering freebies.

Now that you know the facts, please WARN your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Mobile | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Travellers To Europe Must Apply + Pay For ETIAS From 2023!

It’s official – travellers to Europe must start applying and paying for ETIAS from 2023! Here is what you need to know…

 

Travellers To Europe Must Apply For ETIAS From 2023!

The European Commission has just announced the European Travel Information and Authorisation System (ETIAS) for all travellers to the Schengen States.

Slated to start in May 2023, ETIAS is meant to “identify security, irregular migration or high epidemic risks” amongst visa-exempt travellers.

EU travellers are exempt from ETIAS, and will continue to have freedom of movement throughout the EU, and the freedom to spend as much time as they want in any state in the Schengen zone.

ETIAS will only be obligatory for travellers from countries that currently do not require a visa to travel to the EU – about 60 countries including the US and the UK.

Travellers who currently need a visa to enter the EU will still need to apply for a visa. They will not be allowed to use ETIAS.

 

How Does ETIAS Work For Travellers To Europe?

Travellers will need to apply for ETIAS through a “largely automated IT system”, with approval granted “within minutes” for about 95% of applicants. But that could drag out to a month for “very exceptional cases”. Those who have their application denied will be allowed to appeal.

While applying for ETIAS will be quicker, done online, and requires no biometric information, there is a cost attached.

Every traveller aged 18 to 70 will need to pay an ETIAS fee of €7 (about US$7.40, £6, A$10.60, S$10.20, RM32.50). It is currently unknown if ETIAS will be free or cheaper for other age groups.

Applicants will be required to submit their data in the online application, which is said to take only “10 minutes” :

  • Unspecified personal data
  • Travel document (passport or equivalent document)
  • Member State of first intended stay
  • Background questions relating to previous criminal records, presence in conflict zones, orders to leave the territory of a Member State or third countries, return decisions issued.
  • Identity of the person / company assisting the applicant in the application process (if necessary)

The ETIAS system will automatically check the information provided against several EU databases, and approve or transfer it to ETIAS National Units for manual processing.

Once approved, the ETIAS will be valid for 3 years, or until the expiry date of the passport. So if possible, travellers should definitely renew their passports before applying.

But note that the ETIAS can be revoked at any time, if the conditions for that travel authorisation are no longer met by the applicant.

 

ETIAS : Selected FAQs

Here are selected FAQs on the European Travel Information and Authorisation System for those who want to learn more.

What is the difference between a Schengen visa and an ETIAS travel authorisation?

The ETIAS authorisation is not a visa. Nationals of visa liberalisation countries will continue to travel the EU without a visa but will simply be required to obtain a travel authorisation via ETIAS prior to their travel. ETIAS will be a simple, fast and visitor-friendly system, which will, in more than 95% of cases, result in a positive answer within a few minutes.

An ETIAS travel authorisation does not reintroduce visa-like obligations. There is no need to go to a consulate to make an application, no biometric data is collected and significantly less information is gathered than during a visa application procedure.

Whereas, as a general rule, a Schengen visa procedure can take up to 15 days, and can in some cases be extended up to 30 or 60 days, the online ETIAS application only takes a few minutes to fill in. Only in very exceptional cases, could the ETIAS procedure take up to 30 days. The validity will be for a period of three years, significantly longer than the validity of a Schengen visa. An ETIAS authorisation will be valid for an unlimited number of entries.

The ETIAS travel authorisation will be a necessary and small procedural step for all visa-exempt travellers which will allow them to avoid bureaucracy and delays when presenting themselves at the borders. ETIAS will fully respect this visa-free status; facilitate the crossing of the Schengen external border; and allow visa free visitors to fully enjoy their status.

Read more : EU Digital COVID Certificate : A Comedy Of Errors!

What will visa-exempt travellers have to do before their travel?

Travellers will have to complete an online application via a dedicated website or an application for mobile devices. Filling in the application should not take more than 10 minutes and should not require any documentation beyond a travel document (a passport or other equivalent document). In case of an inability to apply (due to age, literacy level, access to and competence on information technology etc.) applications may be submitted by a third person.

An electronic payment of a €7 fee for each application will be required for all applicants between the ages of 18 and 70. The electronic payment methods will take into account technological advancements in the visa-free countries in order to avoid hindering visa-free third country nationals who may not have access to certain payment means.

The automated assessment process will start after the fee collection is confirmed. The vast majority of applicants (expected to be more than 95% of all cases) will be given automated approval which will be communicated to them within minutes of payment. If there is a hit against any of the searched databases or an undecided outcome of the automated process, manual handling of the application will take place by a Central Unit in the European Border and Coast Guard Agency or by a Member State team. This can prolong the response time to the visa-exempt third country national by up to 96 hours. In very exceptional circumstances further information may be asked of applicants and further procedural steps may be necessary, but in all cases a final decision shall be taken within four weeks of their application.

Of the roughly 5% of applications which produce a hit, it is expected that 3-4% will receive a positive decision after ETIAS Central Unit verifies the data, with the remaining 1-2% being transferred to ETIAS National Units for manual processing. After the decision applicants will be given a response by email with a valid travel authorisation, or a justification for the refusal.

Read more : EU Officially Accepts Malaysia’s Digital COVID Certificate!

What happens if a person has been refused travel authorisation from ETIAS?

If the travel authorisation is refused, the applicant retains the right to appeal. Appeals can be launched in the Member State that has taken the decision on the application and in accordance with the national law of that Member State. The applicant will be informed which national authority is responsible for the processing and decision on his or her travel authorisation, as well as information regarding the procedure to be followed in the event of an appeal. If the traveller considers their treatment to have been unfair, he/she is also given the right to seek redress or request access to the information through the national authority.

What is the validity of an ETIAS travel authorisation?

The validity of the travel authorisation will be three years (or until the expiry date of the travel document).

What are the obligations for the carriers?

Prior to boarding, air and sea carriers, as well as carriers transporting groups overland by coach will have to verify the status of the travel document required for entering the Schengen Area, including the requirement to hold a valid ETIAS travel authorisation. A transitional period is foreseen for carriers transporting groups overland by coach during which it will not be obligatory for them to check the presence of a valid travel authorisation.

What will happen at the border crossing point? 

Upon arrival at a Schengen area border crossing point, the border guard will electronically read the travel document data, thereby triggering a query to different databases, including a query to ETIAS in the case of visa-exempt travellers. If there is no valid ETIAS travel authorisation, the border guards will refuse entry and record the traveller and the refusal of entry in the Entry Exit System.

If there is a valid travel authorisation, the border control process will be conducted and the traveller may be authorised to enter the Schengen area if all entry conditions are fulfilled or refused access as provided by the Schengen Border Code.

Read more : EU Air Travel : Face Mask + Physical Distancing Not Required!

What databases will be checked by ETIAS?

When verifying and assessing the information submitted by visa-exempt travellers, the system will automatically cross-check each application against: 

A. the existing EU information systems:

  • the Schengen Information System (SIS),
  • the Visa Information System (VIS),
  • Europol data,
  • the Eurodac database (once the Eurodac recast is in place),

B. future EU information systems:

  • the Entry/Exit System (EES), 

C. Interpol databases:

  • the Interpol Stolen and Lost Travel Document database (SLTD),
  • the Interpol Travel Documents Associated with Notices database (TDAWN),

D. a dedicated ETIAS watch list and specific risk indicators.

Read more : Air Travel To Malaysia : Latest Covid-19 Requirements + SOP!

How will ETIAS ensure and guarantee the respect for fundamental rights and data protection?

Personal data recorded in ETIAS will not be kept for longer than is necessary for its purpose. Data shall be stored for: 

  • the period of validity of the travel authorisation or, 
  • five years from the last decision to refuse, revoke or annul the travel authorisation. 

The data could be stored for an additional period of no more than three years after the end of the period of validity of the travel authorisation if the applicant freely and explicitly consents to keep his or her data longer. After the expiry of the data retention period, the application file and personal data will be automatically deleted from the ETIAS Central System. 

Member States’ law enforcement authorities and Europol will have access to ETIAS, under strictly-defined conditions, for the prevention, detection or investigation of terrorist offences or other serious criminal offences. The designated authorities and Europol should only request access to ETIAS when they have reasonable grounds to believe that such access will substantially help them in carrying out their duties. 

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Travel | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

US Mil Contractor Admits Selling Aviation Secrets To China!

A US military contractor just pleaded guilty to selling classified aviation secrets to China!

 

US Mil Contractor Admits Selling Aviation Secrets To China!

On 23 June 2022, Shapour Moinian, 67, of San Diego, pleaded guilty to selling classified aviation secrets to “representatives of the Chinese government”.

Moinan admitted that he knew that those individuals were employed by, or directed by, t he government of the People’s Republic of China.

He also admitted making false statements to cover that up, by lying on his government background questionnaires in July 2017 and March 2020 that he did not have any close or continuing contacts with foreign nations, and that no foreign national had offered him a job.

He now faces a maximum penalty of 10 years in prison, and a fine of up to $250,000 for action as an agent of a foreign government, and up to 5 years in prison and a $250,000 fine for making false statements.

His sentencing is scheduled for August 29, where federal prosecutors have agreed to recommend a sentence of no more than 20 months, as part of his plea agreement.

As Special Agent in Charge Stacey Moy of the FBI’s San Diego Field Office explains :

The defendant admitted to being an unregistered agent of a foreign power, lying on his background check paperwork to obtain his security clearance, knowingly providing proprietary information to people controlled by the Chinese government, and willingly receiving payments from them. This is another example of how the Chinese government enhances its defense capabilities through the illicit exploitation of U.S. technology.

When someone holds a security clearance, they know what information should be reported to security officials. In this case, the defendant betrayed his sacred oath, knew his actions were wrong, and subsequently lied about it. The FBI and our partners on the Counterintelligence Task Force will pursue anyone who abuses their placement and access to obtain proprietary information on behalf of a foreign government. I specifically want to thank the Naval Criminal Investigative Service (NCIS) for their continued partnership on this case.

 

How This Military Contractor Sold Aviation Secrets To China!

Moinan was a former US Army helicopter pilot who served in the United States, Germany and South Korea from 1977 to 2000. After leaving the US Army, he worked for various “cleared” defence contractors in the United States.

The term “cleared” indicates that the contractor has been vetted and cleared to work on projects involving classified information.

While working for a cleared defence contractor on various aviation projects involving the US military and intelligence agencies, Moinan was contacted by an individual in China, who claimed to be working for a technical recruiting company.

This Chinese individual offered Moinan the opportunity to consult for the aviation industry in China. In March 2017, Moinan travelled to Hong Kong to meet with this recruiter.

At that meeting, he agreed to provide information and materials related to multiple types of aircraft designed and/or manufactured in the United States, in exchange for money. Moinan accepted between $7,000 to $10,000 during that meeting.

On returning to the United States, Shapour Moinan began gathering aviation-related materials for the Chinese government.

In one instance, he copied classified materials obtained from a cleared defence contractor into a thumb drive, which he handed over to Chinese government officials during a stopover in the Shanghai airport in September 2017.

Moinan arranged for payment for this transfer to be paid through his stepdaughter’s South Korean bank account. He told her that these funds were payments for his overseas consulting work, and instructed her to transfer the funds to him in multiple transactions – to avoid scrutiny.

Moinan also accepted a mobile phone, and other equipment from these Chinese government officials to securely communicate with them, and to aid in the electronic transfer of classified materials and information.

At the end of March 2018, Moinan travelled to Bali to meet with the same individuals again. After that meeting, his step daughter received thousands of dollars in her South Korean bank account, which she wired to him in multiple transactions.

Later in 2018, Moinan went to work for another cleared defence contractor, and in August 2019, he travelled with his wife to Hong Kong to meet with the same Chinese government officials.

This time, he received $22,000 in cash for his services, which Moinan and his wife smuggled into the United States that trip.

It is currently unknown how the US government discovered Moines’s activities, but he was investigated by the FBI’s Counterintelligence Division and the Naval Criminal Investigation Service (NCIS).

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Military | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Are MySejahtera 68808 SMS Messages A Scam?!

Are MySejahtera messages sent through the 68808 SMS service really a scam?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : MySejahtera 68808 SMS Messages Are A Scam!

People are sharing this warning on social media – Facebook, Instagram, Twitter, as well as in WhatsApp and Telegram groups :

MySejahtera 通过 68808 发送短信要求用户 重置资料,请不要点击链接,这是钓鱼陷阱 骗局。
请转发广传出去给大家警惕,谢谢。

MySejahtera sending sms through 68808 to ask users to reset, pls do not click link. It’s a scam.

 

MySejahtera 68808 SMS Messages Not Necessarily A Scam!

Many Malaysians are rightfully wary about clicking on links sent by SMS or WhatsApp.

There have been many scams involving fake SMS or WhatsApp messages, which we covered here in Tech ARP :

However, Malaysians are also too gullible, accepting all warnings on WhatsApp as genuine, without first verifying if they are even true.

Here are the reasons why the MySejahtera reset messages delivered by the 68808 SMS service are not necessarily a scam!

Fact #1 : 68808 Is Used By MySejahtera

Despite what people may tell you – 68808 is an official SMS service number used by MySejahtera.

In fact, MySejahtera uses three SMS service numbers to send you notifications (like your vaccination appointments), as well as your password renewal link :

68808
68088
63001

Fact #2 : 68808 Messages Are Generally Legitimate

Despite what is shared on social media, messages sent through 68808 are genuine. What you need to be wary of are SMS messages sent via other numbers.

Take a look at this example of fake news shared on social media, and some websites. It was touted as an example of fake MySejahtera messages sent by 68808.

The truth is “original” message was sent through 63839, which is not a legitimate MySejahtera SMS service. The “fake” message was sent through 68808, which is a legitimate MySejahtera SMS service.

In this misleading example, you can also see a prior SMS message on vehicle servicing in the 63839 channel. Official MySejahtera SMS channels (68808, 68088 and 63001) will only show messages from MySejahtera, not other services.

Note : The links in both messages appear to be genuine, linking to https://mysejahtera.malaysia.gov.my/.

Fact #3 : MySejahtera Sends Reset Links Via SMS

Despite what social media “experts” may tell you – MySejahtera will send password reset links through SMS, as a verification method.

If you are trying to reset your MySejahtera password (because you forgot it), you will be sent an SMS message with a link to https://mysejahtera.malaysia.gov.my/, as the example above shows.

Fact #4 : SMS Messages Can Be Spoofed

That said, SMS messages can be spoofed to appear to come from the three legitimate MySejahtera channels – 68808, 68088 and 63001.

So you should avoid clicking on MySejahtera password reset links, even from legitimate channels, unless you have specifically asked to reset the MySejahtera password.

Fact #5 : MySejahtera Team Clarified This In April

The MySejahtera team actually refuted these false claims in April 2022. Unfortunately, people still continue to share this fake news.

So please help us fight fake news – share this fact check with your family and friends!

 

How To Avoid MySejahtera (Or Other) SMS Scam!

So here is what I recommend when it comes to SMS messages, whether they were sent by MySejahtera, banks, etc. :

  1. Always check to make sure they come from legitimate SMS channels. For MySejahtera, that’s 68808, 68088 and 63001.
  2. If you are not sure about an SMS message from the authorities / banks / telcos, please do not hesitate to call them to verify the authenticity of that message.
  3. Never click on a link to log into a website (like your bank). Always use your banking app, or log in manually using a Internet browser on your computer or phone.
  4. Only click on a link in specific circumstances that do not require a login – for example : to verify your request to reset your MySejahtera password.
  5. Do NOT click on any link to confirm that you are resetting a password, or confirm your new SIM card, unless you just requested to performed those actions.
  6. Before you click on a link, always check the link goes to the official website (like https://mysejahtera.malaysia.gov.my/). Never click on a link that goes to suspicious websites.

I hope this article helps you differentiate between fake claims circulating on social media and WhatsApp groups, and proper cybersecurity measures we should take to prevent being scammed of our hard-earned money!

Please help to SHARE this fact check article out, and please SUPPORT our work! Thank you!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

CODEX Cracking Group Officially Shuts Down!

The games cracking group – CODEX – has called it quits, officially shutting down for good. This is truly the end of an era.

 

CODEX Cracking Group Officially Shuts Down!

The CODEX cracking group announced their retirement in the release notes of “The Sims 4 My Wedding Stories”.

It was not due to legal troubles (arrests) or internal conflict, but the team felt they had already achieved their goal.

A CODEX short story

CODEX was founded with one and only one goal in mind: “to give the dominating PC games group at the time, RELOADED, some serious competition.”

A highly motivated and hard-working group of veterans and rookies alike banded together and created a new name to achieve that goal. It was a fun and sometimes dirty ride with lots of give and take on both sides. Bud sadly, it did not last very long and RLD started to crumble and slowly fell apart, making the scene less interesting.

What was left when they finally surrendered and the dust settled?

The blade has been dull for a long time. Quality, tradition and pride was slowly fading to darkness.

Of course, there is a particular group that uses an old name without permission. From the first day they started releasing in the PC section, they have worked hard to shamelessly destroy the reputation of a once iconic group tag when they really should have closed down years ago after all the spectacular fuckups they are responsible for.

Since then there have only been people resurrecting and adopting old names from previously busted groups instead of creating something new and unique on their own. Starting from nothing to slowly build up a reputation for themselves through hard work was obvious too much of a hassle and recycling old identities to get a head start was their way to go.

Still, even with that, this did not lead to any serious competition with two traits we pride ourselves on– a strong continued effort and a good amount of quality output on more than just DRM-free games or simple Steam protections.

CODEX cracked a large variety of protections like Steam (Stub+API+CEG), Arxan, XboxLive, UWP, Denuvo, Origin, Play, Bethesda.net, Battle.net and custom protections on games like Grim Dawn, Street Fighter V, WWE2k20, Croteam games, BigAnt games, Minecraft Dungeons, and many more.

So now, years after reaching our initial goal, we feel that it is time to move on. We thank everyone who accompanied and supported us on our journey.

Have a good time… Bye from CODEX!

 

CODEX Ends 8-Year Run At The Top

Since they burst into the scene in 2014, CODEX has been at the forefront of cracking and removing game copy protections.

They were able to consistently crack even the strongest copy protections like Denuvo, and release major game titles soon after their launch.

That made them the bane of game developers and publishers, potentially costing them millions of dollars in revenue.

On the other hand, CODEX gave less fortunate people access to games they perhaps would not be able to afford, and a DRM-free copy to gamers who already paid for a particular game.

More than a few hardware reviewers also relied on the latest CODEX-cracked games to run benchmarks.

Perhaps their greatest effect was to convince at least some game developers to eschew paying for “strong” copy protections, and offer DRM-free games through platforms like GOG.

Warhorse Studios, for example, released Kingdom Come: Deliverance on Steam, only to have CODEX release a cracked copy within hours. But Warhorse quickly offered a DRM-free version on GOG.

In the end, Warhorse sold half a million copies of Kingdom Come: Deliverance within two days, and a million copies by the end of the week. By its first anniversary, two million copies were sold, even though a CODEX cracked copy existed on launch day.

Warhorse Studios director and co-founder, Daniel Vávra, even printed and put up a poster of the CODEX NFO of their cracked game.

Now that the CODEX crew has officially retired, new PC games cracking groups will inevitably come to the fore, possibly “taking over” their famous name.

But they will likely not be able to come close to their quality or prolificacy – CODEX released some 7,000 game titles in the past 8 years.

This is truly the end of an era in the scene.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Gaming | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Watch Out For Nestle 2022 Anniversary Phishing Scam!

Please watch out for the Nestle 2022 Anniversary phishing scam!

Find out why it is just a SCAM, and WARN your family and friends!

 

Nestle 2022 Anniversary Phishing Scam Alert!

People are now sharing the Nestle 2022 Anniversary message on WhatsApp (translated into English) :

CONGRATULATIONS!

Your family has been chosen to receive a lucky drag for the Nestle 2022 Anniversary at the Nestle office.

This contest has been approved by the Malaysian court / police, with the cooperation of Bank Negera Malaysia (BNM).

The link attached to the a website with the following instructions :

  1. Winners must keep the PIN-CEK number as evidence for winner verification and prize collection
  2. There are two ways to submit the contest form – through WhatsApp or this website.
  3. The contest form must be completed with your details. Incomplete forms will be rejected by the sponsor without notice.
  4. Every valid application will be shortlisted. There is no limit to the number of applications.
  5. First Prize Winner : RM10,500
    Second Prize Winner : RM9,300
    Third Prize Winner : RM8,500
  6. To redeem your prize, just use your WhatsApp to :
    a) Fill in the Nestle winner application number
    b) Fill in your full name and identity card number
    c) Attach a clear picture of your BANK ATM CARD – front and back
    d) Go to the nearest ATM machine, and WhatsApp the details above to +60124181128

 

Nestle 2022 Anniversary Phishing Scam : How Does It Work?

The Nestle 2022 Anniversary phishing scam is DANGEROUS. Please warn your family and friends to AVOID it.

Fact #1 : There Is No Such Nestle Giveaway!

There is no such anniversary giveaway by Nestle Malaysia. There is no reason for Nestle Malaysia to give out so much money.

They are a business, not a charity. They are in the business of selling you products, not giving you money.

Businesses do sponsor giveaway contests, but they are generally low value. Nestle Malaysia, for example, is currently giving away RM30 Shopee vouchers.

Fact #2 : Nestle Would Not Use Free Websites

Nestle is a large multinational company. It would not be using free website services like Wix.

Nestle Malaysia has its own website (https://www.nestle.com.my/) and Facebook page (https://www.facebook.com/Nestle.Malaysia) where they post official contests and promotions.

Always verify if a contest is genuine by visiting the official website / social media page.

Fact #3 : Nestle Would Never Ask For Pictures Of Your ATM Card!

Nestle, and any legitimate brand, would NEVER ask you to send them pictures of your bank ATM card!

Sending the pictures of your ATM card will allow them to clone the card, or trick bank staff into giving the scammers access to your bank account.

NEVER EVER SEND ANYONE PICTURES OF YOUR BANK ATM CARD!

Fact #4 : Nestle Would Never Ask You To Go To An ATM

No legitimate contest would require you to go to an ATM machine to receive money.

NEVER TRUST ANYONE WHO ASKS YOU TO GO TO AN ATM MACHINE.

Fact #5 : Nestle Would Never Ask For Your PIN / TAC

Nestle would never ask you for your ATM card’s PIN or any TAC number you may receive.

Giving out those details is how scammers get access to your bank account.

NEVER GIVE OUT YOUR PIN OR TAC NUMBER!

Fact #6 : This Lets Scammers Withdraw Money From Your Bank Account

I know many of us are in dire straits during this COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using such anniversary scams.

This particular Nestle 2022 Anniversary Scam is a real danger, because it will allow scammers to gain access to your bank account and withdraw money.

Also watch out for the other anniversary scams that I have covered over the years :

Please WARN your family and friends about these scams!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Business | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

MySJ Trace : Frequently Asked Questions + Answers!

The new MySJ Trace feature has raised many questions, and here are the answers to your frequently asked questions!

 

MySJ Trace : Frequently Asked Questions + Answers!

Ever since the MySejahtera team launched the MySJ Trace feature, many questions were raised by people over its security, privacy, and usability.

So with help from Dr. Mahesh Appannan, the Head of Data at the Crisis Preparedness and Response Centre (CPRC) of the Malaysia Ministry of Health (KKM), here are the answers to some of your frequently asked questions about MySJ Trace!

These answers supplement the original frequently asked questions (FAQ) about the MySJ Trace feature, which you can read in the next section.

Question #1 : Why Does MySJ Lists Interactions Even At Home?

The interactions refers to Bluetooth devices (with MySJ Trace enabled) that your MySejahtera app detected.

MySJ Trace can detect Bluetooth signals from as far as 10 metres away, but can be reduced by barriers (walls, your body, other electronics, etc.)

It will not only detect the smartphones of your family members (with MySJ Trace enabled), but also your neighbours, who can be in the floor above, below, or next to your home.

There is nothing to worry about these “interactions”. It just means you came within 10 metres of people who have MySJ Trace enabled.

Question #2 : Does Interactions Mean Casual / Close Contacts?

No, not all interactions are flagged as casual / close contacts, if you become COVID-19 positive.

The algorithm takes into account the signal strength (RSSI – Received Signal Strength Indicator) that your phone detects, and your exposure time.

The parameters used to classify casual or close contacts are refined over time for maximum accuracy. For example, if the Omicron variant becomes widespread, the exposure time will be shortened, and the distance extended, for someone to be considered a casual / close contact.

Question #3 : Why Do People In The Same Family Have Different Number Of Interactions?

Even if your family goes out together, you may all have different number of interactions, because it depends on a variety of facts :

  • your individual proximity to other people,
  • anything that blocks Bluetooth signals – their bodies, other electronics, electronic keys, etc.
  • whether you are holding the phone, or it is in your pocket, etc.

Question #4 : Does MySJ Trace Transmit My Data With Each Interaction?

No. There is no handshake or exchange of information with each interaction.

MySJ Trace detects the Bluetooth signal of other phones, and logs when that “interaction” occurred, and the signal strength.

It’s like listening to the radio – the broadcaster does not receive anything in return.

Question #5 : Does MySJ Trace Transmit My Data?

No. MySJ Trace stores all of the recorded data in your phone, and does not automatically upload it.

Only if you are COVID-19 positive, are you asked to upload your contact history for the last 14 days, so that people who were your close contact can be notified.

MySJ Trace requires your explicit consent to transmit your data to the Malaysia Ministry of Health (KKM).

Question #6 : How Long Does MySJ Trace Store Data?

MySJ Trace only stores data for the last 14 days, on a First-In, First-Out basis.

All data older than the most recent 14 days are automatically purged.

Question #7 : Why Do You Still Need To Check In Using QR Code?

First – not everyone is using MySJ Trace, so there still needs to be an alternative contact tracing method.

The QR code check-in function also gives KKM data to undertake faster contact tracing, especially involving a major cluster.

Question #8 : What’s The Difference Between MySJ Trace And QR Code Check-In?

MySJ Trace allows for automatic contact tracing, while QR code check-in gives KKM critical data. In addition :

  • MySJ Trace algorithm is based on time and distance (Bluetooth signal strength), while
  • Check-In algorithm is based only on time

Question #9 : Does MySJ Trace Use A Lot Of Battery Power?

MySJ Trace uses Bluetooth Low Energy (BLE), which consumes significantly lower power than standard Bluetooth wireless communications. The impact on battery life is minimal.

Question #10 : Why Does MySJ Trace Not Use Exposure Notification By Google / Apple?

By Google and Apple standards, an Exposure Notification (EN) app must maintain user anonymity, and record proximity data anonymously. It cannot contain Personally Identifiable Information (PII).

The MySejahtera app necessarily contains your identity, vaccination status and certificates, and so on. Therefore, it cannot comply with Google and Apple’s requirements for an Exposure Notification app.

 

MySJ Trace : Official Answers To Frequently Asked Questions

Here are the official answers to the MySJ Trace frequently-asked questions (FAQ):

1. What is MySJ Trace?

MySJ Trace is a contact tracing application developed by the Government of Malaysia.

It adopts a community-driven approach where participating devices exchange proximity information whenever an app detects another device with MySJ Trace app installed.

This application allows the identification of people who were in close proximity to COVID-19 infected individual

2. What is the difference between MySJ Trace and MySejahtera?

MySejahtera & MySJ Trace are used by the Ministry of Health (MOH) to help manage the COVID-19 pandemic in Malaysia.

MySejahtera allows users to perform quick health-self assessment and for the Ministry of Health (MOH) to monitor users’ health condition and take immediate actions in providing treatments.

Meanwhile, MySJ Trace further complements MySejahtera by detecting and tracing the individuals who are in close contact with the COVID-19 positive patients.

Read more : Can The Government Use MySJ Trace To Track You 24/7?

3. Who developed MySJ Trace?

MySJ Trace was developed through a strategic cooperation between government agencies of Malaysia :

  • Ministry of Science, Technology and Innovation (MOSTI)
  • Ministry of Health (KKM)
  • Administrative Modernisation and Management Planning Unit (MAMPU)
  • Malaysian Institute of Microelectronic Systems (MIMOS)

4. Who are the users of MySJ Trace?

All Malaysian citizens and residents of Malaysia.

5. Where can I download MySJ Trace?

Users only need to update the MySejahtera application to the latest version.

6. How does MySJ Trace function?

MySJ Trace enables participating devices to exchange proximity information whenever the app detects another device with the same app installed. Data collected will be stored and processed only by the MOH officers.

When a user is identified to be COVID-19 positive, the user will initiate a process to upload the data from the user’s smartphone to a secured database managed by the MOH.

7. What is contact tracing?

Contact tracing is an identification process of individuals who may have come into close contact with an infected COVID-19 patient.

It enables the MOH to further trace and contact the individuals and organize a follow-up action.

8. If I have been identified as a close contact, how will I be contacted?

The user will receive an SMS, and a notification in the MySejahtera app.

9. What data are collected by MySJ Trace?

Only these data are collected :

  • Unique User ID (UUID) that is created by the MySejahtera app.
  • Operating system version (Android or iOS)
  • Time of contact
  • Received Signal Strength Indicator (RSSI)

10. Are my personal information that is stored in the app safe?

MySejahtera and MySJ Trace are owned and operated entirely by the Malaysian government. The government guarantees that all information collected and used in the app comply with the information security standards of the government of Malaysia.

11. Does MySJ Trace require Internet connectivity after activation?

Yes, Internet connectivity is required when you first update the MySejahtera app, and during the data uploading process.

12. What devices support MySJ Trace?

MySJ Trace is supported by smartphones that use the Android or iOS operating systems :

  • Android : Version 8.0 and above
    – Non-sleep mode must be set, so MySJ Trace will remain active in both foreground and background modes.
  • iOS : Version 10 and above
    – The phone must be active at all times while the app needs to be in the foreground mode.

13. Must Bluetooth be activated at all times?

Yes, Bluetooth must be activated at all times for MySJ Trace to work properly.

14. Will Bluetooth usage cause high battery usage?

Unlike using Bluetooth to stream music or to a wireless headphone continuously, MySJ Trace uses Bluetooth to only transmit its presence periodically. As such, it uses significantly less power.

15. Will the app use significant battery power if MySJ Trace is left running all the time?

MySJ Trace uses Bluetooth Low Energy (BLE) to minimise battery usage. Therefore, the app does not use significant amounts of battery power to collect persistent contact tracing information.

16. Will MySJ Trace Bluetooth usage affect my other Bluetooth accessories?

MySJ Trace does not affect the use or performance of other Bluetooth accessories like wireless speakers, wireless earphones or headphones, or smartwatches.

17. Why must I allow location permission for the Android version?

Android requires location permission to be granted for any app to access Bluetooth features. However, geolocation data will not be collected.

For iOS, only the Bluetooth function needs to be enabled.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Mobile | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Why The Government Can’t Use MySJ Trace To Track You!

People are worried that MySJ Trace lets the government track their location and movements 24/7.

Find out WHY this is simply not possible!

 

Claim : Government Can Use MySJ Trace To Track You 24/7

MySJ Trace is a new contact tracing feature that was just introduced in the MySejahtera app.

People are claiming that the government can use it to track your movements 24/7. Here is one example :

so the govt can trace our exact location at any given moment. great.

Though I guess there is probably several other apps or with the telcos help that they can already do exactly that.

Although surprisingly the police have been totally unable to locate the ex husband of Indira Gandhi or her children that the ex husband abducted, despite the court ordering the police to do so.

That’s really a typical response to any new MySejahtera feature – the government is introducing it to snoop on us. Our privacy is gone! They will know where we are!

Let’s find out what the facts really are…

Read more : Fact Check : Fat Bidin Claims On MySejahtera Snooping!

 

Truth : No One Can Use MySJ Trace To Track You 24/7

The truth is – this is yet another example of FAKE NEWS being shared on WhatsApp, and here are the reasons why it’s not possible for anyone to use it to track you 24/7…

Fact #1 : MySJ Trace Only Tracks Your Proximity

MySJ Trace does not actually detect your location, which is why you still need to check into locations manually.

It only detects and logs the Bluetooth signals of nearby smartphones with MySJ Trace enabled, to determine how close they are and how long they remain in proximity.

MySJ Trace also broadcasts itself to nearby devices, so that they can log its presence, distance and length of contact.

Fact #2 : MySJ Trace Does Not Collect Location Data

MySJ Trace does not collect geolocation data, only these data:

  • Unique User ID (UUID) that is created by the MySejahtera app.
  • Operating system version (Android or iOS)
  • Time of contact
  • Received Signal Strength Indicator (RSSI)

The Malaysia Ministry of Health confirmed this in no. 17 of their FAQ, stating that “geolocation data will not be collected“.

So there’s no way for the government to actually know where you are using only MySJ Trace data.

Read more : New MySJ Trace Feature : What You Need To Know!
Read more : How To Enable + Disable MySJ Trace In MySejahtera!

 

Fact #3 : MySJ Trace Only Stores 14 Days Of Data

The data that MySJ Trace records is only stored for the last 14 days, on a first-in, first out (FIFO) basis.

All data older than the most recent 14 days are automatically purged.

So even if a hacker gains access to it, he/she will only have access to your proximity contact data for the last 14 days.

Fact #4 : MySJ Trace Does Not Transmit Your Data Automatically

The proximity contact data that MySJ Trace logs is NOT automatically transmitted to the Malaysia Ministry of Health (KKM).

Only when you are identified as COVID-19 positive, will you be asked to submit your proximity contact data for the last 14 days.

Fact #5 : MySJ Trace Data Is Stored + Used Only By KKM

Your proximity data that you upload will be stored in a secured database server managed by the Malaysia Ministry of Health (KKM).

Only KKM has access to your uploaded proximity data, which will be used to determine your close contacts so they can be notified.

Read more : MySJ Trace : Answers To Your Frequently Asked Questions!

Fact #6 : We Are Not That Interesting…

Frankly, most of us are not that interesting to the government. They are not interested in where you live or travel to, what you eat or buy, or even who you are sleeping with.

All that data is interesting and useful to corporations, but not the Malaysian government. Please remember – you are living in Malaysia, not China or North Korea.

Why would the government want to know where you are, or where you have gone, or who you have met?

Fact #7 : There Are Easier Ways To Find You…

Finally, the “fear” of the government using MySJ Trace to track where you are at all times is frankly, ludicrous because there are far easier ways to do it.

The truth is – our geolocation data is readily available to your mobile service provider, as well as cloud and social media service providers (Google, Facebook, Instagram, WhatsApp, etc.)

If the government really wants to know where you are, they can simply get a court order to force your mobile service provider to tell them where you are right now.

They don’t have to rely on an opt-in feature in the MySejahtera app, and wait until you submit your own proximity data…

Now that you know the facts, please TURN ON MySJ Trace, to improve contact tracing!

And please SHARE this fact check with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!