Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes Monday through Friday.

HPR3898: The Oh No! News.

Hosted by Some Guy On The Internet on 2023-07-12 00:00:00
Download or Listen

The Oh No! news.

Oh No! News is Good News.

  • TAGS: User space, Cybercrime, fraud, scams

User space.

Cybercrime, also known as scams or fraud, is constantly evolving due to the many data breaches occurring around the world. Attackers gather more of our personal data from these data breaches, then use that data to develop or modify their attacks. Users must remain on guard against social engineered attacks aimed at defrauding users of personal information and/or property (usually money/currency). I’m suggesting users update themselves as they would update their computers. Knowing the types of attacks and how the attack is deployed will benefit you in the fight against Cybercrime.

Reporting Cybercrime is beneficial for all users. When a user reports Cybercrime, that information can help investigators combat this growing threat; and broadcast warnings to the greater population. I’ve provided a few links below to assist you in learning and reporting Cybercrime.

Common delivery methods for social engineered attacks are:

  • Email (attackers imitate legitimate organizations in design only).
  • Mobile (voice, text messages, and app stores).
  • Social Media (direct messages and marketplaces).
  • Websites (including fraudulent ads and popups).

Common data and/or property (e.g. currency) extraction methods are:

  • Peer-to-peer payment service apps (Venmo, Zelle, Cash App...etc). WARNING, your money goes where ever you send it (including scammers).

  • Wire transfers: transfer currency from one entity to another (account-to-account). WARNING, your money goes where ever you send it (including scammers).

  • Cryptocurrency: 100% Scam. Light your money on fire for more value (reversing/recovering payment is virtually impossible).

  • Store gift cards: Unverifiable way to use currency (online or in store). WARNING, scammers prefer gift cards as payment (reversing/recovering payment is virtually impossible).

  • Source: Internet Crime Complaint Center (IC3) The Internet Crime Complaint Center, or IC3, is the Nation’s central hub for reporting cyber crime. It is run by the FBI, the lead federal agency for investigating cyber crime.

  • Source: Action Fraud, the national reporting centre for fraud and cybercrime. Action Fraud is the UK’s national reporting centre for fraud and cybercrime where you should report fraud if you have been scammed, defrauded or experienced cyber crime in England, Wales and Northern Ireland.

  • Source: European Union Agency for Law Enforcement Cooperation If you have fallen victim to cybercrime, click on one of the links below to be redirected to the reporting website of your country. Reporting mechanisms vary from one country to another. In Member States which do not have a dedicated online option in place, you are advised to go to your local police station to lodge a complaint.

  • Source: National Cybercrime and Fraud Reporting System. Reporting a scam or computer crime helps the Royal Canadian Mounted Police (RCMP), the National Cybercrime Coordination Unit (NC3) and the Canadian Anti-Fraud Centre (CAFC)Reporting a scam or computer crime helps the Royal Canadian Mounted Police (RCMP), the National Cybercrime Coordination Unit (NC3) and the Canadian Anti-Fraud Centre (CAFC) learn more about the nature of these incidents. The information you include in your report helps us follow cybercrime and fraud trends. We use this information to help protect more people from harm. It is the role of local police services to investigate.

  • Source: Scams subreddit.

  • Source: Paypal: What's the difference between friends and family or goods and services payments?

  • Additional Information.
    • What is a "Data Breach"? A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so.
    • What is "Malware"? Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy.
    • What is a "Payload"? In the context of a computer virus or worm, the payload is the portion of the malware which performs malicious action; deleting data, sending spam or encrypting data. In addition to the payload, such malware also typically has overhead code aimed at simply spreading itself, or avoiding detection.
    • What is "Phishing"? Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim.
    • Social engineering (security) In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
    • What is "Information Security" (InfoSec)? Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management.
      • Information Security Attributes: Confidentiality, Integrity and Availability (C.I.A.). Information Systems are composed in three main portions, hardware, software and communications with the purpose to help identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers: physical, personal and organizational. Essentially, procedures or policies are implemented to tell administrators, users and operators how to use products to ensure information security within the organizations.
    • What is "Risk management"? Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.
    • What is a "Vulnerability" (computing)? Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware.
    • What is an "Attack Surface"? The attack surface of a software environment is the sum of the different points (for "attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure.
    • What is an "Attack Vector"? In computer security, an attack vector is a specific path, method, or scenario that can be exploited to break into an IT system, thus compromising its security. The term was derived from the corresponding notion of vector in biology. An attack vector may be exploited manually, automatically, or through a combination of manual and automatic activity.
    • What is "Standardization"? Standardization is the process of implementing and developing technical standards based on the consensus of different parties that include firms, users, interest groups, standards organizations and governments. Standardization can help maximize compatibility, interoperability, safety, repeatability, or quality. It can also facilitate a normalization of formerly custom processes.
    • What is a "Replay attack"? A replay attack is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. Another way of describing such an attack is: "an attack on a security protocol using a replay of messages from a different context into the intended (or original and expected) context, thereby fooling the honest participant(s) into thinking they have successfully completed the protocol run."
    • What is a "Man-in-the-middle attack"? In cryptography and computer security, a man-in-the-middle, ..., attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.
    • What is "Transport Layer Security" (TLS)? Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.
    • What is a "Handshake" (computing)?. In computing, a handshake is a signal between two devices or programs, used to, e.g., authenticate, coordinate. An example is the handshaking between a hypervisor and an application in a guest virtual machine.
    • What is Security theater? The practice of taking security measures that are considered to provide the feeling of improved security while doing little or nothing to achieve it.


More Information...

Copyright Information

Unless otherwise stated, our shows are released under a Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license.

The HPR Website Design is released to the Public Domain.