The other day, a company sent me a 2FA code which was only four digits long. I'll admit, this weirded me out. Surely 4 is just far too short. Right? I think almost every 2FA code I've seen has been 6 digits long. Even back in the days of carrying one of those physical RSA fobs, 6 has been the magic number. But why? A 2FA code is meant to prevent a specific class of problem. If an attacker…
Continue reading →
Earlier this week, my holiday was interrupted by a sophisticated SMS scam. Rude! Let's take a look at it. Let's take a look at all the ways we can tell it is a scam. Firstly, and most obviously, I am not a customer of Lloyds Bank! But these scammers send out to multiple people hoping to catch victims. Secondly, I've not made a complaint to Lloyds! But, again, scammers know that plenty of…
Continue reading →
The UK is facing an epidemic of SMS fraud. Scammers know that we're all at home eagerly waiting for deliveries. So they send out phishing messages saying "Sorry we missed you" or "You need to pay a delivery fee". If you click on the link they send, you'll go to a very convincing website which looks identical to the courier's page. Whereupon the fraudsters will ask for your bank details, credit…
Continue reading →
A curio from the archives. Waaaaaay back in 2003, I was working at Vodafone on their graduate training scheme. One of their fancy new ideas was a crowd-sourced employee suggestion box for new business proposals. As an eager young grad I submitted dozens of ideas. Most of them were crap. But, as I looked back over them, this one struck me as being a lot less crap than others. Terence Eden is on…
Continue reading →
Earlier this year, I received SMS Spam from Paddy Power. I went into full-on Taken mode! I have a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for spammers like them ☺ It culminated with barrage of complaints and an interview on BBC Radio 4. A few months on, it's time to see what my complaining has achieved. First up, a p…
Continue reading →
Earlier this week I appeared on BBC Radio 4's "You And Yours" to talk about the scourge of SMS Spam. You can listen to it on their website - or, if it has expired, I've grabbed an audio clip for your listening pleasure. 🔊 💾 Download this audio file. I've asked the Direct Marketing Associate to create a "Do Not Text" list - so that people can opt-out of spam SMS. They already opera…
Continue reading →
This is a cautionary tale of how my personal details have been repeatedly sold and resold by a British network of spammers - each of them turning a blind eye to the provenance of their data. I'm calling on the Direct Marketing Association to create a universal opt-out file - just like they do with junk mail and nuisance calls - to prevent people receiving spam via SMS. Like lots of people, I…
Continue reading →
One of the greatest cultural achievements of the last Labour Government was making museum entry free for everyone. Whether you're rich, poor, British, foreign, young, old - you can enjoy the treasures of our museums and galleries. Of course, while museums are funded by the state, they still rely on generating some external revenue - hence the ubiquitous gift shop and major corporate donations. …
Continue reading →
I don't like spam. I'm very careful always to tick the "do not pass my details on to 3rd parties" box on forms. So, when I do get SMS spam, I like to know who has been flouting the rules. See my previous investigation. A few weeks ago, I received this rather annoying message: I'm not a gambler - and I've never had a business relationship with Coral. So why are they sending me this tripe? …
Continue reading →
Remember text adventures, eh? They were pretty nifty! "You are in a maze of twisty little passages, all alike" >Go East "You have been eaten by a Grue. A dwarf starts singing about gold" Smashing! Just like the pictures are better on the radio, so the graphics are immeasurably superior when they're in your head. Don't get me wrong, I love the 5.1 surround sound snarl of a rabid beast rendered…
Continue reading →
I recently read about an innovative telephone call scam. A scammer rings the mark and asks for her credit card details. If the mark refuses, the scammer tells her to hang up the phone, then dial 999 and ask for "Sergeant Scammer of the Fraud Squad". The mark does so, and is connected to what they assume is the emergency services. However, because the scammer hasn't hung up at their end, the…
Continue reading →
Cracking on with my Raspberry Pi, I've written my first program in Python. The aim - to be able to send an SMS via a 3G USB dongle. The problem - the way SMS needs to be encoded is hideously complicated. For example, suppose you want to send "This is a very simple message :-)" to the phone number +447700900123. This is the command that you need to send to your dongle: AT+CMGS=42…
Continue reading →