Stay safe.

This week was fun. I had someone call Firefly (our other admin) a “tiresome little bit*h” and then told me to go kill myself when I slapped him for it. Of course it took me all of 10 minutes to get his full name, his phone number, where he works, his DOB, what forums he’s a member of, what operating system he uses on his computer, what computer he uses, exactly where he lives and some other information I won’t mention here. It reminded me of something that happened a while back, where someone was sending abusive text messages to a friend of mine. Being the resident “computer expert”, I was asked to try and help identify where he was. He claimed he was using an “untraceable server” so we’d never find him. What he actually meant of course is that he was using a VPN. That’s all well and good, but what he didn’t know is that we could still see clear as day enough information to identify where he was and what hardware he was using. Some people do the same thing when dealing with scammers. They think they’re well hidden, but in reality the scammer can identify them as simply as if they’d given them their calling card. If you’re going to bait, you ALWAYS have to bait safely. I’ve bent many a rule when it comes to safe baiting, but I always made sure there were safeguards in place. You have to know the rules before knowing how far some can be pushed. Unfortunately not everyone understands that and end up putting themselves in danger. If you want to mess with scammers, always ALWAYS put your own safety above all else.

It’s not the scammers in the news this time.

It’s highly likely you’d have seen the media talking about Action Fraud recently. If you haven’t, then now would be a perfect time to read it, before coming back here. We’ll wait.

Up to date now? OK, so let’s continue. This has painted Action Fraud in an incredibly bad light. I’m not going to defend them. Frankly, I wasn’t at all surprised about it. Both my personal interactions with them, and comments by some some of the people who have come to us after going there first lead me to fully believe what’s being said. Again, I’m not going to defend Action Fraud. We’re already getting the standard “lessons to be learned” and “well below the standards we expect” press releases. Will it make a difference, or will they simply try to paint over the cracks and hope everyone thinks things are good there now? I have no idea. What I want to say is that I hope people won’t judge every antiscam site based on what’s been revealed to be happening in the Action Fraud call centre. There are people out there who genuinely do care, who go above and beyond to make sure they do all they can to help those people who have been scammed, and some do this completely free and give up their own time to do so. It’s going to take time for Action Fraud to regain trust. In many cases it’ll never happen. Don’t let that put you off from reporting your scammers though. If not to Action Fraud, then to sites like ours where you’ll be treated with respect and not lied to.

Three random words.

A lot has been said about secure passwords and ways to create them. Some people recommend three random words, some password managers and others a random mixture of letters, numbers and “special characters”. I deal with all kinds of people on a daily basis, some who are computer literate and some who only just know how to turn a PC on and who definitely wouldn’t want to use a password manager. I know of one person who insists on writing all his passwords in a book he keeps on a shelf by his PC. That’s the real world, not an idealized one we’d all love to see. So what can we do for people like him? Let me demonstrate a way to use three random words that takes it a step further to make what appears to be a completely random mix of letters, numbers and special characters. It’s simple enough, yet also allows you to tweak it any way you want. those who insist on writing their passwords down can still use this method too, as the final result looks nothing like the three words written down. Let’s start with three random words. Actually, let’s start with “three random words”. Look at your computer keyboard. Notice how the letters are spaced in such a way that if you go up one line and to the left or the right, there’s a corresponding key. If I wanted to type my password going up and to the left, three would become 5y433, random would become 4qhe9j and words would become 294ew. Put those together and you have 5y4334qhe9j294ew. Let’s switch it up and go to the right this time. Now we get 6u5445wjr0k305re. Some passwords require a capital letter, so let’s change the first letter we see to a capital. 5Y4334qhe9j294ew. How about special characters? There are three words, with two spaces between them that we didn’t use. The first word has five letters, so let’s put a special character in place of where that first space would go and use the special character that corresponds with the number 5. That’s a % for those paying attention. Now our password looks like 5Y433%4qhe9j294ew. Random is next with 6, and that gives us 5Y433%4qhe9j^294ew. Finally, words has 5 letters, so we put a % at the end to give us the final password of 5Y433%4qhe9j^294ew%. And how do we remember it when we need to use it again? “Three random words”. The method can be tweaked if needed, so for example the first and third words are to the left, but the second one is to the right. It’s easy when you know how.

Hacked off.

If you enjoy Youtube, you’ll likely have stumbled upon “Life hack” videos at some point. Most are utterly pointless, dangerous or nothing more than “tips” people have been using for years already. Want to keep stop your cat from bringing in dead animals? Simply hot glue a car horn and battery pack to him. Keep losing your car keys? Leave them in the car door where they’re easy to find. You know the kind of crap I’m talking about, right? https://dictionary.cambridge.org/dictionary/english/hack describes the word hack as “to cut into pieces in a rough and violent way, often without aiming exactly” which is what I’d like to do to some of the people who put out the truly dangerous “life hacks”, but that’s a whole other thread for another day. The other thing you’ll see is people boasting in their video titles about “hacking the scammer’s PC”. How can I describe this practice? How about – and you can quote me on this – “absolutely moronic, dangerous and a complete nightmare for any self respecting anti-scam advocate to have to deal with the consequences of”. Think of how much damage to a criminal investigation some script kiddie can cause by removing vital evidence from a computer because they saw a video and decided they want to do it as well. Consider the damage to the anti-scam community a well intentioned but clueless person can do due to outsiders assuming that’s what we all do. There are times we work with law enforcement on cases, and when we explain to them how we obtained the information we have, it’s essential we can prove to them that it was done using perfectly legal methods (usually a little lateral thinking when doing standard searches is all that’s actually needed). If it’s assumed we hack into computers, then the evidence we share would be compromised and the real bad guys could get away scot free. Think before you ever consider hacking into a scammer’s computer. You could be doing much more harm than good.