Placeholder Content Image

Hilarious reason dad couldn't be fooled by online scam

<p>One savvy dad has outwitted a scammer who posed as his daughter, after the scammer made one hilarious error. </p> <p>Ian Whitworth, a dad from Sydney, took to his LinkedIn page to share the message a scammer texted him in a classic phishing scam that targets parents. </p> <p>He shared the photo of what he thought was the "funniest phishing text any parent has ever received".</p> <p>The text read, "Hey dad, dropped my phone in the sink while doing the dishes. Its unresponsive this is my new number for now just text me here x."</p> <p>Despite the terrible grammar and punctuation that would immediately alert anyone to the possibility of a scam, it was something else that caught the dad's attention. </p> <p>Instead, Whitworth said it was the fact his daughter would never do the chore mentioned by the scammers.</p> <p>Still, he thought it was worth sharing a photo of the text in a bid to warn others, which he uploaded along with the comment, "Cybersecurity update. I just got this."</p> <p>"Perhaps the funniest phishing txt any parent has ever received. 'Doing the dishes', yeah, for sure."</p> <p>In a reply to one of the people who commented on his post, Whitworth joked that his daughter "at age four emerged from my parents' kitchen with a shocked look on her face. 'What's pop doing?'. He was washing up in the sink."</p> <p>Another commenter wrote, "Haha! There is NO WAY this is from my son or daughter, that's for sure."</p> <p>Another commenter said the giveaway that it wasn't from his own child was that they didn't immediately ask for money, to which Whitworth replied, "Ha, yeah, the phishers are like the seven step ladder of confidence before the money issue gets raised. Actual kids: MONEY NOW."</p> <p>According to the federal government's Scamwatch website run by the Australian Competition and Consumer Commission (ACCC), the "Friends/Family Hi Mum" impersonation scam was common.</p> <p>"Scammers send messages pretending to be a family member or a friend desperate for money," it said.</p> <p>"They say they have a new phone and they need you to pay money to help them out of a crisis."</p> <p>Scamwatch warns: "Don't assume a person you are dealing with is who they say they are" and offers the following advice.</p> <p>"If someone you know sends a message to say they have a new phone number, try to call them on the existing number you have for them, or message them on the new number with a question only they would know the answer to," it said.</p> <p>"That way you will know if they are who they say they are."</p> <p><em>Image credits: Getty Images / LinkedIn</em></p>

Legal

Placeholder Content Image

How QR codes work and what makes them dangerous – a computer scientist explains

<p>Among the many changes brought about by the pandemic is the widespread use of QR codes, graphical representations of digital data that can be printed and later scanned by a smartphone or other device.</p> <p>QR codes have a <a href="https://www.forbes.com/sites/forbescommunicationscouncil/2021/03/25/how-the-pandemic-saved-the-qr-code-from-extinction/" target="_blank" rel="noopener">wide range of uses</a> that help people avoid contact with objects and close interactions with other people, including for sharing <a href="https://www.cnbc.com/2021/08/21/qr-codes-have-replaced-restaurant-menus-industry-experts-say-it-isnt-a-fad.html" target="_blank" rel="noopener">restaurant menus</a>, email list sign-ups, car and home sales information, and checking in and out of medical and professional appointments.</p> <p>QR codes are a close cousin of the bar codes on product packaging that cashiers scan with infrared scanners to let the checkout computer know what products are being purchased.</p> <p>Bar codes store information along one axis, horizontally. QR codes store information in both vertical and horizontal axes, which allows them to hold significantly more data. That extra amount of data is what makes QR codes so versatile.</p> <p><strong>Anatomy of a QR code</strong></p> <p>While it is easy for people to read Arabic numerals, it is hard for a computer. Bar codes encode alphanumeric data as a series of black and white lines of various widths. At the store, bar codes record the set of numbers that specify a product’s ID. Critically, data stored in bar codes is redundant. Even if part of the bar code is destroyed or obscured, it is still possible for a device to read the product ID.</p> <p>QR codes are designed to be scanned using a camera, such as those found on your smartphone. QR code scanning is built into many camera apps for Android and iOS. QR codes are most often used to store web links; however, they can store arbitrary data, such as text or images.</p> <p>When you scan a QR code, the QR reader in your phone’s camera deciphers the code, and the resulting information triggers an action on your phone. If the QR code holds a URL, your phone will present you with the URL. Tap it, and your phone’s default browser will open the webpage.</p> <p>QR codes are composed of several parts: data, position markers, quiet zone and optional logos.</p> <figure class="align-center zoomable"><em><a href="https://images.theconversation.com/files/451140/original/file-20220309-17-1jkfl5t.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/451140/original/file-20220309-17-1jkfl5t.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/451140/original/file-20220309-17-1jkfl5t.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=372&amp;fit=crop&amp;dpr=1 600w, https://images.theconversation.com/files/451140/original/file-20220309-17-1jkfl5t.png?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=372&amp;fit=crop&amp;dpr=2 1200w, https://images.theconversation.com/files/451140/original/file-20220309-17-1jkfl5t.png?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=372&amp;fit=crop&amp;dpr=3 1800w, https://images.theconversation.com/files/451140/original/file-20220309-17-1jkfl5t.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=467&amp;fit=crop&amp;dpr=1 754w, https://images.theconversation.com/files/451140/original/file-20220309-17-1jkfl5t.png?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=467&amp;fit=crop&amp;dpr=2 1508w, https://images.theconversation.com/files/451140/original/file-20220309-17-1jkfl5t.png?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=467&amp;fit=crop&amp;dpr=3 2262w" alt="a black-and-white pattern with four numerical markers attached to arrows pointing to portions of the pattern" /></a></em><figcaption><em><span class="caption">The QR code anatomy: data (1), position markers (2), quiet zone (3) and optional logos (4).</span> <span class="attribution"><span class="source">Scott Ruoti</span>, <a class="license" href="http://creativecommons.org/licenses/by-nd/4.0/" target="_blank" rel="noopener">CC BY-ND</a></span></em></figcaption></figure> <p>The data in a QR code is a series of dots in a square grid. Each dot represents a one and each blank a zero in binary code, and the patterns encode sets of numbers, letters or both, including URLs. At its smallest this grid is 21 rows by 21 columns, and at its largest it is 177 rows by 177 columns. In most cases, QR codes use black squares on a white background, making the dots easy to distinguish. However, this is not a strict requirement, and QR codes can use any color or shape for the dots and background.</p> <p>Position markers are squares placed in a QR code’s top-left, top-right, and bottom-left corners. These markers let a smartphone camera or other device orient the QR code when scanning it. QR codes are surrounded by blank space, the quiet zone, to help the computer determine where the QR code begins and ends. QR codes can include an optional logo in the middle.</p> <p>Like barcodes, QR codes are designed with data redundancy. Even if as much as 30% of the QR code is destroyed or difficult to read, <a href="https://www.businessinsider.com/what-is-a-qr-code?op=1" target="_blank" rel="noopener">the data can still be recovered</a>. In fact, logos are not actually part of the QR code; they cover up some of the QR code’s data. However, due to the QR code’s redundancy, the data represented by these missing dots can be recovered by looking at the remaining visible dots.</p> <p><strong>Are QR codes dangerous?</strong></p> <p>QR codes are not inherently dangerous. They are simply a way to store data. However, just as it can be hazardous to click links in emails, visiting URLs stored in QR codes can also be risky in several ways.</p> <p>The QR code’s URL can take you to a phishing website that tries to <a href="https://www.ic3.gov/Media/Y2022/PSA220118" target="_blank" rel="noopener">trick you</a> into entering your username or password for another website. The URL could take you to a legitimate website and trick that website into doing something harmful, such as giving an attacker access to your account. While such an attack requires a flaw in the website you are visiting, such vulnerabilities are <a href="https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting" target="_blank" rel="noopener">common on the internet</a>. The URL can take you to a malicious website that tricks another website you are logged into on the same device to take an unauthorized action.</p> <p>A malicious URL could open an application on your device and cause it to take some action. Maybe you’ve seen this behavior when you clicked a Zoom link, and the Zoom application opened and automatically joined a meeting. While such behavior is ordinarily benign, an attacker could use this to trick some apps into revealing your data.</p> <p>It is critical that when you open a link in a QR code, you ensure that the URL is safe and comes from a trusted source. Just because the QR code has a logo you recognize doesn’t mean you should click on the URL it contains.</p> <p>There is also a slight chance that the app used to scan the QR code could contain a vulnerability that allows <a href="https://www.lifewire.com/how-to-protect-yourself-from-malicious-qr-codes-2487772" target="_blank" rel="noopener">malicious QR codes to take over your device</a>. This attack would succeed by just scanning the QR code, even if you don’t click the link stored in it. To avoid this threat, you should use trusted apps provided by the device manufacturer to scan QR codes and avoid downloading custom QR code apps.<img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/177217/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /></p> <p><em><a href="https://theconversation.com/profiles/scott-ruoti-1318954" target="_blank" rel="noopener">Scott Ruoti</a>, Assistant Professor of Computer Science, <a href="https://theconversation.com/institutions/university-of-tennessee-688" target="_blank" rel="noopener">University of Tennessee</a></em></p> <p><em>This article is republished from <a href="https://theconversation.com" target="_blank" rel="noopener">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/how-qr-codes-work-and-what-makes-them-dangerous-a-computer-scientist-explains-177217" target="_blank" rel="noopener">original article</a>.</em></p> <p><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

Watch out! Scammers are now targeting you using Google Calendar

<p><span style="font-weight: 400;">Experts from international security firm Kaspersky have discovered calendar apps are being targeting in a new type of phishing scam.</span></p> <p><span style="font-weight: 400;">A phishing scam is one that attempts to trick you into giving out your personal information, which includes your bank account numbers, passwords and credit card numbers.</span></p> <p><span style="font-weight: 400;">The new scam exploits a default feature which gives the ability to add invitations and events automatically to calendar apps unless it is turned off manually.</span></p> <p><span style="font-weight: 400;">Kaspersky security researcher Maria Vergelis said scammers hope the “calendar phishing” technique will catch unsuspecting victims off guard, according to </span><a href="https://finance.nine.com.au/personal-finance/google-calendar-scam-google-calendar-scam-kaspersky-discover-new-phishing-attack/0d3e39a1-4132-4dd4-90da-30c4a3b2977d"><span style="font-weight: 400;">Nine Finance</span></a><span style="font-weight: 400;">.</span></p> <p><span style="font-weight: 400;">“The ‘calendar scam’ is a very effective scheme as currently people have more or less gotten used to receiving spam messages from emails or messengers and do not immediately trust them,” she explained.</span></p> <p><span style="font-weight: 400;">“This may not be the case when it comes to the Calendar app, which has a main purpose to organise information rather than transfer it.”</span></p> <p><strong>How the scam works</strong></p> <p><span style="font-weight: 400;">The scam sends a pop-up notification of an invitation to the victim’s smartphone and the recipient is encouraged to click on a link.</span></p> <p><span style="font-weight: 400;">Once the user clicks on the link, it redirects you to a website that features a simple questionnaire with prize money on offer. In order to receive the prize, they are asked to enter personal information, such as credit card number, name, phone number and address.</span></p> <p><span style="font-weight: 400;">This information goes straight to the scammers who exploit this information for money. </span></p> <p>How to disable automatic invites</p> <p><span style="font-weight: 400;">“So far, the sample we’ve seen contains text displaying an obviously weird offer, but as It happens, every simple scheme becomes more elaborate and trickier with time,” Vergelis warned.</span></p> <p><span style="font-weight: 400;">“The good news is one also doesn’t need any sophisticated precautions to avoid such scam - the feature that enables it can be easily turned off in the calendar settings.”</span></p> <p><span style="font-weight: 400;">Disabling the “automatic invites” feature is easy enough.</span></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Open Google Calendar</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Click the settings Gear Icon</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Click “Event Settings”</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Click on the drop-down menu and select: “No, only show invitations to which I've responded”</span></li> </ul> <p><span style="font-weight: 400;">Google are well aware of this scam, but stopping all spam is not an easy task.</span></p> <p><span style="font-weight: 400;">“Combating spam is a never-ending battle, and while we've made great progress, sometimes spam gets through,” Google said in a statement.</span></p> <p><span style="font-weight: 400;">“We remain deeply committed to protecting all of our users from spam: We scan content on Photos for spam and provide users the ability to report spam in Calendar, Forms, Google Drive, and Google Photos, as well as block spammers from contacting them on Hangouts.”</span></p>

Technology

Placeholder Content Image

Are you too smart to fall for an online scam? Take this quiz

<p>Millions of people fall for scam emails every day. To respond to this problem, Google has launched a new quiz to test your ability to identify phishing emails.</p> <p>Phishing – or attempts to steal your sensitive information such as passwords, account numbers and credit cards – is “the most common form of cyberattack”, according to Google’s Jigsaw product manager Justin Henck. “One percent of emails sent today are phishing attempts.”</p> <p>To raise awareness about phishing and cyber security, Google’s technology incubator Jigsaw created the quiz with the help of about 10,000 journalists, activists and political leaders across the world.</p> <p>The questions were designed to teach people to spot the techniques that hackers use to trick them as well as the telltale signs of phishing emails.</p> <p><img style="width: 500px; height: 210.9375px;" src="https://oversixtydev.blob.core.windows.net/media/7822956/jigsawgoogle.png" alt="" data-udi="umb://media/a8fc76888e0c46a2b25768e69c87b13a" /></p> <p>Below are the tips that the quiz shares:</p> <ul> <li>Be cautious about attachments and hyperlinks, including URLs designed to look like popular websites, which may send you to fraudulent login pages.</li> <li>Read the sender’s email domain carefully to make sure the email comes from a legitimate/official source.</li> <li>When opening PDF attachments, make sure you trust the sender and use a browser or an online service to open them safely.</li> <li>Approve account access requests only if you trust the developer. You can check this by evaluating the domain that is displayed and clicking on it for more details.</li> </ul> <p>Apart from knowing the signs, Henck also recommended enabling two-step verification on your account. </p> <p>“When you have two-factor authentication enabled, even if an attacker successfully steals your password, they won’t be able to access your account,” said Henck.</p> <p>Take the quiz <a rel="noopener" href="https://phishingquiz.withgoogle.com/" target="_blank">here</a>.</p> <p>Have you been the victim of any email scams? Share your story in the comments.</p>

Technology