Tag Archives: security

Phone phishing / fraud still going strong

Well it seems that phone phishing is sadly alive and rampant in Australia.

Yet another client reported they had been cold called by a company, name given as Global Computer Solutions, claiming their computer had errors.
They mentioned that Microsoft had passed on information to them that this persons computer had errors on it along with their contact details.
Of course anyone with some privacy wits about them would know that Microsoft would probably be breaching numerous privacy laws if this was the case. Come to think of it, when was the last time you bought a computer and registered Microsoft Windows with Microsoft (eg giving them your personal details)?

When challenged as to their identity, the caller gave their name and a number that could be called to verify who they were. Funnily enought they have a Melbourne office.
Well, not really, they just have a Melbourne number: 03 90160451 which I suspect just redirect back to India where the call centre is. (am I suspecting too much?)

Using my trusty friend Google, I see that this phone number is listed on two other computer repair websites.
http://azurepcsolutions.com
http://homepcsolution.com
Funnily enough they have other numbers for other countries and also, gee, the company’s addres is in West Bengal, India.

I’d really like to hope that the ACCC and the phone companys would jump on these companys and disconnect their services promptly. (or at least their local services)

Graham Cluley and his guest Sean Richmond discussed this very issue on a podcast.
Check it out, it’s not very long.

(Sophos 05 November 2010, duration 6:15 minutes, size 4.5MBytes)

In fact I reccomend you use the Sophos Naked Security blog as a trusted source of information about security related issues in the IT world, covering Facebook and Twitter to general security issues and news.
They make it very accessable for all user levels. They’re on Facebook too.

To those in the IT industry or those that have some web sense, these scams are nothing new. To those that are new to this, I hope this helps educate you.
To Google, I hope this helps add to the information that is already out there about these frauds to assist those looking for information.

Hello, this is a phishy call.

And that number again just to make sure Google picks it up: 03 9016 0451 0390160451

The things people leave behind

I’m on the way back to Melbourne now from my trip to Sydney.

Waiting at the Qantas Club waiting for my flight, I’m using a public computer to logon and check my email. (Laptop battery flat because I surrendered my power pack to a staff member who forgot theirs)

it’s interesting (but not surprising) to see the documents people have downloaded onto this public terminal but not deleted.
I did go looking for them but merely stumbled upon them when saving a temp document (nothing sensitive) myself.

Dividend reports, names and addresses, they’re all there.

Would you really want to trust a public terminal with private and confidential information?

This is also possibly a bad reflection on Qantas. They should have a more stringent cleanout policy in place to reset a system after use.

My advise:
-where possible, don’t use a public terminal
-never log into sensitive sites such as financial sites
-if you must, it must be secure, not clear text.
-where possible, use a web based service to access files. Citrix if your company offers it, that way no data leaves the corporate network.
-if you have to download files to the public machine, know where you save them and delete them. Directly opening a file from a browser will open the file from a temporary location you may not be able to find or delete. (Although it should get cleaned out)
-Always restart the computer when you are finished.
Many cleanout routines only take effect on a reboot and not a logoff.