Hackers, trolls and other tech nightmares of 2017

Remember last year, when Samsung Galaxy Note 7 devices were blowing up in people’s pockets, on nightstands and even on a commercial airplane?

That seemed like a tech nightmare for the ages. Turns out that was nothing compared to what’s happened in 2017 — so far.

No, the terminators haven’t come for us yet, though Saudi Arabia did just grant citizenship to a robot named Sophia that literally said it would kill human beings. But it still feels like we’re in some weird alternate dimension filled with a steady stream of shocking revelations, from massive government hacking programs to troll armies ruining people’s lives to the Russian government using Facebook and Twitter to interfere in last year’s presidential election.

Don’t bother pinching yourself. It’s all real. Here’s a quick recap of the year’s most gruesome tech tales.

Nonstop hacking
You’d think mega-corporations with everything to lose from a massive hack would do anything they could to prevent attacks. Think again.

Equifax, the data collection company that has your financial information whether you want it to or not, announced in September that more than 140 million people’s information had been compromised. That includes names, addresses, Social Security numbers, bank info and so on.

Worse, it turned out that Equifax knew about the hack for weeks before telling us. And when it did, the company set up a terrible website, filled with security problems like poor passwords. And, ultimately, the site itself was also hacked.

If you think these were well-meaning mistakes and not selfish blundering, keep in mind that two high-level Equifax executives sold stock just before the announcement.

It’s no wonder Equifax CEO Richard Smith suddenly retired. But don’t worry, he made out with a pay package worth as much as $90 million.

Yahoo, already synonymous with embarrassing cybersecurity failures after revelations in 2016 that the accounts of 1 billion users had been compromised, saw Equifax’s screw-up and said: We can top that.

Yahoo’s new owner, Verizon, admitted earlier this month that the attack was even worse than we thought. It turns out every single one of the 3 billion accounts in Yahoo’s system had been compromised. All of them.

That cackling you hear? That’s former CEO Marissa Mayer, who still got her golden parachute worth more than $23 million.

Oh, and if that’s not enough to keep you up at night, we learned from a cache of documents leaked from the Central Intelligence Agency that, among other things, the government could be using our TVs to spy on us. That’s right out of the plot of George Orwell’s dystopian classic, “1984.”

Trolls taking over
Internet trolls have been having one of their best years, and politicians have finally taken notice.

Congress is summoning Google, Twitter and Facebook to Capitol Hill to talk about how their online services were used by the Russian government to interfere in the US presidential election. The meetup is starting on Halloween and continues Wednesday. Do you have your Thriller popcorn yet?

The specter of Russian interference in the 2016 presidential election has forced the once-high flying tech industry back to Earth. Facebook CEO Mark Zuckerberg has faced repeated questions after he initially dismissed concerns about Russian meddling. Twitter, meanwhile, last week began banning ads from Russian-linked sites.

Did we all dance a collective time warp back to the days of the cold war?

Unfortunately, Russia isn’t the tech industry’s only problem.

Nonstop vicious and all-encompassing online harassment was another theme this year, due in some part to the troll armies that supported Donald Trump during his rise to the presidency. Twitter has declined to have its CEO, Jack Dorsey, answer even basic questions to reporters about the service’s handling of harassment among its 330 million tweeters, leading to additional pressure for the company to meaningfully change its policies.

Fake news
What, you thought we were done talking about trolls?

Maybe the most depressing part of 2017 was how much of it we spent debating what facts even are. With some people calling real stories fake and fake conspiracies real, the tech industry has been under increasing pressure to solve the problem.

And right, these companies should. After nearly a year of nonstop drumbeat debate and promises to better weed out hoax stories, the computer programs that highlight “news” on Facebook, Twitter and Google failed during the October shootings in Las Vegas. Trolls published tweets purporting to be the shooter or missing persons even as hoax stories and irresponsibly reported pieces that misidentified the shooter were prominently displayed on Google and Facebook.

So far, Facebook and a few others have promised changes, like beefing up the teams of people who monitor bad behavior on their services. They’ve also vowed to more carefully monitor ads so they don’t give a platform to misleading info.

It’s all enough to keep me quaking in my boots until 2018.

It can’t get any worse. Right?

By Ian Sherr for CNet

In early October, Cape Town GetSmarter concluded a $103-million (R1.4-billion) sale to US-based technology firm, 2U, making it one of the most valuable start-ups in the South Africa’s history.

The deal, which is believed to be the biggest ever for a South African edtech company, was first announced in May, and further bolsters Cape Town’s position as a leading technology hub in the country.

As not all sale prices are reported directly, it is difficult to say exactly how GetSmarter fits in compared to South Africa’s other most valuable start-ups, but it appears that the record still belongs to Mark Shuttleworth’s Thawte which sold for $575 million in 1999.

This is also the closest the country has come to having its own “unicorn” evaluation – a company valued at $1 billion, according to Jason Levin, author of a June report on the state of start-ups in the country.

“The total value of all the tech and innovation startups in Joburg and Cape Town together, is about $1.5 billion: a similar size to Melbourne’s, smaller than Lagos’, and half the size of Sao Paolo’s, said Levin.

He confirmed that Mark Shuttleworth’s Thawte is the start-up that has come the closest (its 1999 price tag of $575 million equates to about $850 million in modern money).

However South Africa has also lost out on start-ups which have chosen to move their business out of the country, said Levin.

“Mimecast, founded by South Africans Peter Bauer and Neil Murray, is a unicorn with a current market cap of $1.2 billion – but was created in 2003, a year after the pair left the country.”

BusinessTech looked at some of the other companies which have come close to this “mythical” evaluation.

Thawte – $575 million (sold in 1999)

While perhaps best known as the first South African in space, Mark Shuttleworth first made headlines for his 1999 sale of online security firm, Thawte, to Verisign for $575 million.

Run from Shuttleworths parent’s garage, Thawte was originally aimed to produce a secure server not fettered by the restrictions on the export of cryptography which had been imposed by the United States.

Using a “web of trust” model, Thawte would issue free email certificates, while the person’s identity was assured by meeting face-to-face with one or more “Thawte Notaries” who needed to see identification and keep a copy of it.

Kapa Biosystems – $445 million (sold in 2015)

Kapa Biosystems, co-founded by Trey Foskett, Paul McEwan, Ron McEwan and Chris McGuinness in 2006, pioneered the use of directed evolution to develop a suite of high-performance reagents for a range of life science applications

Their products are used by thousands of scientists around the world and cited in more than 4,000 peer-reviewed publications.

They are continuing to develop innovative solutions that accelerate genomics research that can impact the future ability to diagnose, monitor and treat cancer and complex inherited and infectious diseases.

Kapa Biosystems was bought by Roche, a Swiss multinational healthcare company, for $445 million in 2015.

GetSmarter – $103 million (sold in 2017)

GetSmarter provides short, competency based online courses to working professionals around the world in collaboration with leading universities.

Founded by brothers Rob and Sam Paddock, 2U entered an agreement to acquire the startup for approximately $103 million, with an earn-out payment of up to $20 million in cash.

It has served more than 50,000 students since inception, with course completion rates averaging 88%.

GetSmarter’s portfolio includes over 70 courses offered with its university partners, and operates under a revenue share model with the universities.

Fundamo – $110 million (sold in 2011)

Fundamo’s platform enables the delivery of mobile financial services to unbanked and under-banked consumers around the world—including person-to-person payment, airtime top-up, bill payment and branchless banking services.

The company’s vision is for a truly connected financial services ecosystem that supports the ubiquity of mobile devices.

Fundamo had some 50 deployments in over 40 countries, including 27 countries in Africa and the Middle East and another 10 globally.

Prior to its sale, Fundamo was privately held by a group of investors in South Africa that included Sanlam, Remgro Limited, and HBD Venture Capital.

Nimbula – $110 million (sold in 2013)

In March 2013, Oracle announced it has agreed to acquire Nimbula, a provider of private cloud infrastructure management software.

Nimbula’s technology helps companies manage infrastructure resources to deliver service, quality and availability, as well as workloads in private and hybrid cloud environments.

It was founded in late 2008 by Chris Pinkham and Willem Van Biljon, who had developed the Amazon Elastic Compute Cloud (EC2).

Source: Business Tech

The largest data leak recorded in South Africa has been traced to a Web server registered to a real estate company based in Pretoria.

Table headings from the data leaked are as follows:

  • NEW_IDN
  • TITLE
  • FIRST_NAME
  • SURNAME
  • DECEASED_STATUS
  • CITIZENSHIP
  • GENDER
  • AGE_GROUP
  • POPULATION_GROUP
  • LOCATION
  • MARITAL_STATUS
  • LSM_GROUP
  • ESTIMATED_INCOME
  • HOMEOWNERSHIP
  • DIRECTORSHIP1
  • CIV_NET
  • MOST_RECENT_PHYSICAL_ADDR_LINE1
    MOST_RECENT_PHYSICAL_ADDR_LINE2
    MOST_RECENT_PHYSICAL_ADDR_LINE3
    MOST_RECENT_PHYSICAL_ADDR_LINE4
  • MOST_MAIL_PHYSICAL_ADDR_LINE1
    MOST_MAIL_PHYSICAL_ADDR_LINE2
    MOST_MAIL_PHYSICAL_ADDR_LINE3
    MOST_MAIL_PHYSICAL_ADDR_LINE4
    MOST_RECENT_POSTAL_ADDR_LINE1
    MOST_RECENT_POSTAL_ADDR_LINE2
    MOST_RECENT_POSTAL_ADDR_LINE3
    MOST_RECENT_POSTAL_ADDR_LINE4
  • CELL_1
    CELL_2
    CELL_3
  • WORK_1
    WORK_2
    WORK_3
  • HOME_1
    HOME_2
    HOME_3
  • EMAIL_1
    EMAIL_2
    EMAIL_3
  • OCCUPATION_1
    OCCUPATION_2
    OCCUPATION_3
  • EMPLOYER_1
    EMPLOYER_2
    EMPLOYER_3
  • PROPERTY_1_TRANSFER_DATE
    PROPERTY_ID10
    PROPERTY_1_PROVINCE
    PROPERTY_1_TOWNSHIP
    PROPERTY_1_ERF_NUMBER
    PROPERTY_1_UNIT_NUMBER
    PROPERTY_1_SALES_PRICE
    PROPERTY_1_BOND_AMOUNT
    PROPERTY_1_BOND_HOLDER
    PROPERTY_1_TITLE_DEED
  • PROPERTY_2_TRANSFER_DATE
    PROPERTY_2_PROVINCE
    PROPERTY_2_TOWNSHIP
    PROPERTY_2_ERF_NUMBER
    PROPERTY_2_UNIT_NUMBER
    PROPERTY_2_SALES_PRICE
    PROPERTY_2_BOND_AMOUNT
    PROPERTY_2_BOND_HOLDER
    PROPERTY_2_TITLE_DEED
  • PROPERTY_3_TRANSFER_DATE
    PROPERTY_3_PROVINCE
    PROPERTY_3_TOWNSHIP
    PROPERTY_3_ERF_NUMBER
    PROPERTY_3_UNIT_NUMBER
    PROPERTY_3_SALES_PRICE
    PROPERTY_3_BOND_AMOUNT
    PROPERTY_3_BOND_HOLDER
    PROPERTY_3_TITLE_DEED
  • PRIMARY KEY (NEW_IDN’)
  • KEY MOST_RECENT_PHYSICAL_ADDR_LINE3’ (MOST_RECENT_PHYSICAL_ADDR_LINE3’)
  • KEY PROPERTY_1_TOWNSHIP’ (PROPERTY_1_TOWNSHIP’)
    KEY PROPERTY_2_TOWNSHIP’ (PROPERTY_2_TOWNSHIP’)
    KEY PROPERTY_3_TOWNSHIP’ (PROPERTY_3_TOWNSHIP’)

“Whois lookup” information points to Jigsaw Holdings, a holding company for several real estate franchises, including Realty1, ERA and Aida. The misconfigured website had exceptionally lax security, and until recently allowed anyone with a small amount of technical knowledge to view or download any of the 75-million database records held there. More than 60-million of those records consisted of the personal data of South African citizens.

Contacted by TechCentral for comment on Wednesday morning, Jigsaw management requested time to investigate the issue, and on Wednesday evening neither the company nor its legal counsel was contactable.

It appears that Jigsaw had been using this data, which was likely sourced from credit bureaus, to provide a service to its estate agentsWhen the news of the huge trove of personal information was shared by information security researcher Troy Hunt on Tuesday, the initial response was that there had been a hack. But it seems that hacking wasn’t required: the information was easily available on an open Web server. Direct access to the server, had at the
time of writing late on Wednesday afternoon, been secured.

It appears that Jigsaw had been using this data, which was likely sourced from credit bureaus, to provide a service to its estate agents. Presumably this was to allow the agents to vet prospects, and get contact information for leads. It is questionable whether a real estate company should be hosting this volume of information and it is unclear what the original source of the data was.

The company initially fingered for the breach in some online articles, Dracore Data Sciences, is innocent. Initial circumstantial evidence linking the company based on some common headers on one of their own websites seems to be coincidence. Although Dracore may have been a data “enricher” for the company that leaked the data, it doesn’t seem likely that they had anything to do with the leak, and Dracore is adamant that it’s not involved.

Popi Act
Poor information control, as in this case, is one of the reasons for the introduction of the Protection of Personal Information (Popi) Act. And, had the act been fully implemented, a negligent company could be liable to up to R10-million in fines and negligent company officers jailed for up to 10 years. The ramifications of this breach probably won’t be as dire. Anyone who suffers damages due to the release of the data would have to sue for damages under common law, something that is quite difficult and complex to do.

Chris Basson, from Eighty20 business consultancy, put it like this: “Without making too many assumptions, we can say that the people responsible for building a solution which provides such uncontested access to personal information, had no business having the data in the first place.”

The credentials for these entry points were leaked via error messages from another site, and they appear to be re-using the credentials everywhere.

Basson argued that one should look beyond the ineptitude of the people who made the information so easily available, and rather ask the question: “Who was the idiot that gave them access to the data in the first place?”
The security missteps are egregious and, according to infosec consultancy SensePost’s Willem Mouton, showed an “overall lack of security awareness”.

“From a development perspective, the websites appear to be vulnerable to SQL injection… [and]… in terms of deployment, having database interfaces open to the Internet provide entry points.”

He pointed out that while examining the site, SensePost noticed that “the credentials for these entry points were leaked via error messages from another site, and they appear to be re-using the credentials everywhere”.
These leaked credentials allowed for full administrator privileges in the database, and in fact allowed full administrator access to all the databases on the server. To make matters worse, the personal data was contained in a single database in clear text.

Mouton also noted that it was concerning that nobody noticed the large volume of data leaving the network. “Multiple people pulled a 30GB file, and nobody noticed.”

He said verbose error messages and indexable Web directories were a boon to anyone who wished to hack the server.
Unfortunately, for South Africans whose personal information is now widely available, there isn’t much that they can do other than increase their vigilance for any attempts at identity theft.

By Andrew Fraser for Tech Central; PasteBin

85% of FNB customer interactions are digital

The vast majority of First National Bank’s (FNB’s) customer interactions are via digital platforms, with only 1.2% still happening face-to-face in branches.

This is according to Christoph Nieuwoudt, FNB consumer segment CEO, who says in 2016, FNB customers had over 10 billion interactions with the bank, of which only 120 million were face-to-face.

The bank says roughly 8.5 billion (85%) of interactions were purely through digital channels and the rest via point-of-sale (card swipes or online purchases) and ATM transactions.

“The number of FNB customer interactions has tripled since 2010, growing at more than 20% per annum every year, based on the growth in digital channels. Meanwhile, at branches, customers are making significant use of in-branch digital zones,” adds Nieuwoudt.
“One thing we can all agree on is that digital progress is inevitable.”

He says the implications of the use of technology by society are immensely profound, with terms such as “The Second Machine Age” or the “Fourth Industrial Revolution” being used to give this evolution a name.

“The reasons for the growth and migration of volumes to digital are obvious as almost every customer knows they can do basically any payment transaction, account or card service function and get most products…via the FNB app, online or cellphone banking,” he says.

However, Nieuwoudt says this does not mean branches will go out of business. He notes branches and branch personnel are no less critical than before, but their role has changed from performing transactions to re-focusing on sales and advising customers on how to bank.

“In spite of the powerful digital technology, today the bulk of banking consumers still want to talk to someone when opening a new account and even for most product categories.

“Additionally, consumers often need help with the new technology, even just to get going and start using it.

“In most cases, branches can be much smaller, but with more room for digital zones and self-service devices such as ATMs and ADTs (deposit-taking machines). This journey is not unique to banking – virtually every sales or service business is or will be going through some elements of digital transformation.”

Nieuwoudt also says that today only a very small percentage of credit decisions are made by people – rather statistical models are used to make fully automated decisions instantly at low cost and with accuracy not achievable by a person.

“This means your risk profile and behaviour determines your loan size and pricing. Importantly, technology has helped reduce fraud loss rates for card and digital transactions,” concludes Nieuwoudt.

Source: IT Web

Gmail add-ons launched

Google has launched Gmail add-ons, a new way to work with business apps in Gmail.

Gmail add-ons make it possible to use apps within Gmail, removing the need to toggle between your inbox and other apps.

“With Gmail add-ons, your inbox can contextually surface your go-to app based on messages you receive,” said Google.

Google said that because add-ons work the same across web and Android, you only need to install them once to access them on all devices.

“Click the settings wheel on the top right of your inbox and then Get add-ons to get started.”

Source: MyBroadband

Details of the super-rich exposed by hackers

A leading offshore law firm with clients including the super-rich and international corporations has revealed it suffered a “data security incident” that may result in customers’ private information being leaked.

Bermuda-based Appleby, which has offices in a number of British overseas territories, said some of its data had been “compromised” in the 2016 cyber incident.

The firm issued a statement after it was contacted by a group of investigative journalists probing allegations concerning its “business and the business conducted by some of our clients”.

Without specifying, Appleby said it had taken the allegations “extremely seriously” and after investigating the claims itself concluded “there is no evidence of any wrongdoing, either on the part of ourselves or our clients”.

According to a report by the Daily Telegraph, a number of media organisations are preparing to release details of the leaks over the coming days.

Appleby said: “We are an offshore law firm who advises clients on legitimate and lawful ways to conduct their business.

“We do not tolerate illegal behaviour. It is true that we are not infallible. Where we find that mistakes have happened, we act quickly to put things right and we make the necessary notifications to the relevant authorities.

“We are committed to protecting our clients’ data and we have reviewed our cyber security and data access arrangements following a data security incident last year which involved some of our data being compromised.

“These arrangements were reviewed and tested by a leading IT forensics team and we are confident that our data integrity is secure.”

The firm said it was “disappointed” that the media may choose to publish material “obtained illegally” and warned that it may result in “exposing innocent parties to data protection breaches”.

According to Appleby’s website, its experts advise global public and private companies, financial institutions, and “high net worth” individuals.

A profile on Chambers and Partners says its clients include financial institutions, FTSE 100 and Fortune 500 companies.

Through offices in Bermuda, the British Virgin Islands, the Cayman Islands, Guernsey, the Isle of Man, Jersey, Mauritius and the Seychelles, it helps clients “achieve practical solutions, whether in a single location or across multiple jurisdictions”.

The company, which was named offshore firm of the year by Legal 500 UK in 2015, also has a presence in Hong Kong and Shanghai.

The cyber security incident has emerged around a year after a trove of private financial information relating to hundreds of individuals, including celebrities and high-profile public figures, known as the Panama Papers was stolen from legal firm Mossack Fonseca.

By Ryan Wilkinson for The Independent 

Amazon looks to access consumers’ houses

Amazon has announced Amazon Key, a lock and camera system that users control remotely to let delivery associates slip goods into their houses.

Customers can create temporary passcodes for friends and other services professionals to enter as well.

The move may help Amazon capture sales from shoppers who can’t make it home to receive an order in person, and don’t want the package stolen from their doorstep.

Amazon has announced Amazon Key, a lock and camera system that users control remotely to let delivery associates slip goods into their houses.

Amazon Prime members can pay $249.99 (£190) and up for a cloud-controlled camera and lock that the company offers to install.

Delivery associates are told to ring a doorbell or knock when they arrive at someone’s house.

If no one greets them, they press ‘unlock’ in a mobile app, and Amazon checks its systems in an instant to make sure the right associate and package are present.

The camera then streams video to the customer who remotely can watch the in-home delivery take place.

The associate cannot proceed with other trips until the home is again locked.

It is unclear if such protections will persuade customers that the service is safe to use.

‘This is not an experiment for us,’ said Peter Larsen, Amazon vice president of delivery technology, in an interview.

‘This is a core part of the Amazon shopping experience from this point forward.’

Members of Amazon’s Prime shopping club can pay $249.99 (£190) and up for a cloud-controlled camera and lock that the company offers to install.

Delivery associates are told to ring a doorbell or knock when they arrive at someone’s house.

If no one greets them, they press ‘unlock’ in a mobile app, and Amazon checks its systems in an instant to make sure the right associate and package are present.

The camera then streams video to the customer who remotely can watch the in-home delivery take place.

The associate cannot proceed with other trips until the home is again locked.

It is unclear if such protections will persuade customers that the service is safe to use.

My friend runs a Locksmith North Las Vegas | Top Master Locksmith | 89110 business – and he had skepticism about the idea, being an expert in the field. When I asked him about this, he said he had looked over their troubleshooting procedures and couldn’t see issues from the technical side, only the moral/ethical delivery-guy-not-stealing-anything-inside side. He added that if a problem arises, ‘You can call customer service, file a claim and Amazon will work with you to make sure it’s right,’ reimbursing customers in some cases.

Amazon’s new service goes live on 8 November in 37 US locations, and it is unclear if it will be introduced in other countries in the future. Wal-Mart Stores, Amazon’s biggest retail rival, has similar plans.

It said last month it would test delivering grocery items ‘straight into your fridge’ with August Home, a smart lock business that Assa Abloy AB said it will acquire.

By Shivali Best for Daily Mail 

A huge trove of data, containing the personal information of millions of South Africans, including property ownership, employment history, income and company directorships, has been discovered by information security researcher Troy Hunt.

Hunt, the founder of HaveIbeenPwned.com, said the breach contains data of more than 30-million unique South African ID numbers.

The data trove was discovered among a large dump of other breaches, and Hunt could identify it as South African source by the personal address details contained in it. He said that to date he hasn’t seen it offered for sale, but that “it is definitely floating around between traders”.

The date of the database file indicates that the breach took place in March 2017, or perhaps before. The actual data includes information from at least as far back as the early 1990s.

Hunt is now attempting to identify the source of the database and has shared its headers to help get to the bottom of it. The headers can be viewed here.

Some of the data headers seem to indicate that the source may be government, but this is not definitive. It may be that this information is from a commercial entity such as a bank or credit bureau.

Once the owner of the data is identified and informed, Hunt will upload the info to his HaveIbeenPwned service (although he notes that the data only includes around 2,2-million valid e-mail addresses).

By Andrew Fraser for Tech Central 

Nedbank, Telkom, Discovery and Investec are among top South African listed companies with the most exposure to cybersecurity risks.

This is according to a new research report from the Cyber Intelligence Research Group, the results of which are being released on Monday at CyberCon, a cybersecurity conference in Johannesburg. If you want to protect your applications, use DAST. The Cyber Exposure Index (CEI) was launched in Singapore earlier this month. Over the next few months, indices for eleven major global stock exchanges outside of the US will be released. Following the release of the Singaporean and Finnish indices, the South African index is the third to be published.

In the ICT sector, those scoring a 4 included Telkom, MTN and EOH. Mix Telematics, Vodacom, Huge Group, Mustek, Adapt IT, Blue Label Telecoms and Naspers all scored 3
The CEI scores listed companies on their levels of exposure. South African companies received an average exposure rating of 1.9.

The index aggregates data that is publicly available through the dark and deep Web, or as the result of third-party data breaches. This data is used to identify top listed companies’ vulnerability to hacker group activity, disclosed sensitive information and leaked credentials.

Companies are then scored from 0-5, where 0 indicates no exposure and 5 places a company among the 1% of firms with the most exposure.

While no South African company scored a 5, many household names — from Sasol to Liberty Holdings and from Woolworths to Anglo American — scored a 4.

ICT sector

In the ICT sector, those scoring a 4 included Telkom, MTN and EOH. Mix Telematics, Vodacom, Huge Group, Mustek, Adapt IT, Blue Label Telecoms and Naspers all scored 3. ICT companies scoring at the other end of the scale, with 0, included Alviva Holdings (formerly Pinnacle Holdings) and Labat Africa.

Telecommunications companies have among the highest levels of exposure in South Africa at 13.1%, compared to the global average of 2.4%, according to the researchers.

 

 

South Africa’s global relative cyber exposure by industry, according the Cyber Exposure Index

South African companies have received an average exposure rating of 1.9 in the debut results of the Cyber Exposure Index
The company responsible for the index, Kinkayo, is a Singapore-based cyber intelligence organisation founded by professionals in the cybersecurity field.

The CEI has been developed as a way for companies to gauge their cyber exposure, empower them with the opportunity to identify where their vulnerabilities lie and take decisive action against their risks, it said.

Download the full list here.

Source: Tech Central 

New Gumtree scam uses Uber drivers

A MyBroadband reader recently faced a scam involving Gumtree, Taxify, and his iPhone 7 Plus.

It started when he posted his iPhone 7 Plus 256GB on Gumtree, and received five calls to purchase the device on the first day.

“All of them said they do not use WhatsApp. All said they will send an Uber to collect. All offered to send documents,” he said.

Scammers appear to be trawling Gumtree for high-value items, like an iPhone, then try to steal them by offering to purchase the item, and sending forged documents and notifications.

This is done when potential victims agree to accept an EFT.

The scammer knows which bank the victim uses and sends an SMS stating a deposit has been made into their bank account from a different bank.

This is so they have an excuse for why the money hasn’t cleared if checked. They then send an SMS that looks like a deposit notification from the victim’s bank.

Scam

In the reader’s case, the scammer said he was sending his “friend” to collect the iPhone after he had made the “payment”.

The “friend” turned out to be a Taxify driver, who had little knowledge of the person he was collecting the phone for.

The reader said after handing his device over, he felt something was wrong, and went to the guard house where he stays and got the driver’s number from the sign-in book.

He called the driver, explained he thought the collection was a scam, and the driver returned – cancelling the trip.

The scammer the driver did the pickup for was a cash customer, who then contacted him and offered R1,500, then R3,000, to complete the delivery. The driver declined.

“These criminals are using Uber and Taxify with cash payment options to get the drivers to do the hard work and collect the items from victims,” said the reader.

Fighting cons

Gumtree said fraudulent proof of payment is not new in online marketplaces.

“Although we haven’t seen many cases like this, it seems that Uber or Taxify is another way of making it harder to trace the actual perpetrator,” said Gumtree.

“We urge community members to inform us via our 24/7 contact centre if they encounter a suspicious buyer or seller.”

Gumtree stated that victims or potential victims must also contact the SAPS about any scam incidents.

The company said it will speak to Uber and Taxify to collaborate and combat this activity.

Uber recently introduced new safety features which require cash riders to link a Facebook account to their Uber profile, which it verifies, before using the service.

Called Social Connect, only new sign-ups are currently required to link their Facebook account.

Uber said there is potential for Social Connect to expand to existing users in future.

Taxify did not respond to requests for comment.

Safety features

One way to avoid falling victim to a scam is to use a third-party escrow service, like Shepherd – which is offered by Gumtree in conjunction with Standard Bank.

The service charges 3.95% of the transaction value, with a minimum charge of R30.

Shepherd also charges separately for its shipping service – starting at R100 for items below 2kg, and R169 for items up to 10kg.

“If you opt not to use Shepherd, always check that funds have cleared before handing over goods,” said Gumtree.

By Jan Vermeulen for MyBroadband

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top