It’s not the scammers in the news this time.

It’s highly likely you’d have seen the media talking about Action Fraud recently. If you haven’t, then now would be a perfect time to read it, before coming back here. We’ll wait.

Up to date now? OK, so let’s continue. This has painted Action Fraud in an incredibly bad light. I’m not going to defend them. Frankly, I wasn’t at all surprised about it. Both my personal interactions with them, and comments by some some of the people who have come to us after going there first lead me to fully believe what’s being said. Again, I’m not going to defend Action Fraud. We’re already getting the standard “lessons to be learned” and “well below the standards we expect” press releases. Will it make a difference, or will they simply try to paint over the cracks and hope everyone thinks things are good there now? I have no idea. What I want to say is that I hope people won’t judge every antiscam site based on what’s been revealed to be happening in the Action Fraud call centre. There are people out there who genuinely do care, who go above and beyond to make sure they do all they can to help those people who have been scammed, and some do this completely free and give up their own time to do so. It’s going to take time for Action Fraud to regain trust. In many cases it’ll never happen. Don’t let that put you off from reporting your scammers though. If not to Action Fraud, then to sites like ours where you’ll be treated with respect and not lied to.

Three random words.

A lot has been said about secure passwords and ways to create them. Some people recommend three random words, some password managers and others a random mixture of letters, numbers and “special characters”. I deal with all kinds of people on a daily basis, some who are computer literate and some who only just know how to turn a PC on and who definitely wouldn’t want to use a password manager. I know of one person who insists on writing all his passwords in a book he keeps on a shelf by his PC. That’s the real world, not an idealized one we’d all love to see. So what can we do for people like him? Let me demonstrate a way to use three random words that takes it a step further to make what appears to be a completely random mix of letters, numbers and special characters. It’s simple enough, yet also allows you to tweak it any way you want. those who insist on writing their passwords down can still use this method too, as the final result looks nothing like the three words written down. Let’s start with three random words. Actually, let’s start with “three random words”. Look at your computer keyboard. Notice how the letters are spaced in such a way that if you go up one line and to the left or the right, there’s a corresponding key. If I wanted to type my password going up and to the left, three would become 5y433, random would become 4qhe9j and words would become 294ew. Put those together and you have 5y4334qhe9j294ew. Let’s switch it up and go to the right this time. Now we get 6u5445wjr0k305re. Some passwords require a capital letter, so let’s change the first letter we see to a capital. 5Y4334qhe9j294ew. How about special characters? There are three words, with two spaces between them that we didn’t use. The first word has five letters, so let’s put a special character in place of where that first space would go and use the special character that corresponds with the number 5. That’s a % for those paying attention. Now our password looks like 5Y433%4qhe9j294ew. Random is next with 6, and that gives us 5Y433%4qhe9j^294ew. Finally, words has 5 letters, so we put a % at the end to give us the final password of 5Y433%4qhe9j^294ew%. And how do we remember it when we need to use it again? “Three random words”. The method can be tweaked if needed, so for example the first and third words are to the left, but the second one is to the right. It’s easy when you know how.

Hacked off.

If you enjoy Youtube, you’ll likely have stumbled upon “Life hack” videos at some point. Most are utterly pointless, dangerous or nothing more than “tips” people have been using for years already. Want to keep stop your cat from bringing in dead animals? Simply hot glue a car horn and battery pack to him. Keep losing your car keys? Leave them in the car door where they’re easy to find. You know the kind of crap I’m talking about, right? https://dictionary.cambridge.org/dictionary/english/hack describes the word hack as “to cut into pieces in a rough and violent way, often without aiming exactly” which is what I’d like to do to some of the people who put out the truly dangerous “life hacks”, but that’s a whole other thread for another day. The other thing you’ll see is people boasting in their video titles about “hacking the scammer’s PC”. How can I describe this practice? How about – and you can quote me on this – “absolutely moronic, dangerous and a complete nightmare for any self respecting anti-scam advocate to have to deal with the consequences of”. Think of how much damage to a criminal investigation some script kiddie can cause by removing vital evidence from a computer because they saw a video and decided they want to do it as well. Consider the damage to the anti-scam community a well intentioned but clueless person can do due to outsiders assuming that’s what we all do. There are times we work with law enforcement on cases, and when we explain to them how we obtained the information we have, it’s essential we can prove to them that it was done using perfectly legal methods (usually a little lateral thinking when doing standard searches is all that’s actually needed). If it’s assumed we hack into computers, then the evidence we share would be compromised and the real bad guys could get away scot free. Think before you ever consider hacking into a scammer’s computer. You could be doing much more harm than good.