Mar 24, 19 09:50 AM
Accidents on an industial scale with bad results
Mar 24, 19 09:31 AM
product-recall Everything from baby food to cars
Mar 24, 19 09:25 AM
Drugs prescriptions that you can no longer get
Equifax has launched a WordPress-powered website to connect with consumers affected by its recent security breach, which compromised 143 million customers’ personal data. The exposed data includes names, birth dates, social security numbers, addresses, credit card numbers, driver’s license numbers, and other sensitive financial information.
The equifaxsecurity2017.com site was launched shortly after disclosure to give consumers information about the security incident. Equifax reports that the company has found no evidence of unauthorized activity on its core consumer or commercial credit reporting databases but is offering free identity theft protection and credit file monitoring services to U.S. consumers who enter their last names and last six digits of their social security number into its form.
Consumers are rightfully wary of the website, as the company is asking for more personal information in order to sign people up for another one of its products. Various news outlets are decrying the fact that the site is built on WordPress.
“What’s more, the website which Equifax created to notify people of the breach, is highly problematic for a variety of reasons,” Ars Technica Security Editor Dan Goodin said. “It runs on a stock installation WordPress, a content management system that doesn’t provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number.”
Goodin also referenced the output of https://www.equifaxsecurity2017.com/wp-json/wp/v2/users/ which earlier in the day exposed the username for the site’s administrator before the page was protected.
WordPress’ handbook has a section on reporting security vulnerabilities that explains why disclosures of usernames or user IDs is not a security issue:
The WordPress project doesn’t consider usernames or user ids to be private or secure information. A username is part of your online identity. It is meant to identify, not verify, who you are saying you are. Verification is the job of the password.
Generally speaking, people do not consider usernames to be secret, often sharing them openly. Additionally, many major online establishments — such as Google and Facebook — have done away with usernames in favor of email addresses, which are shared around constantly and freely. WordPress has also moved this way, allowing users to log in with an email address or username since version 4.5.
WordPress Core Security Team Lead Aaron Campbell clarified this section of the handbook to confirm that the users endpoint is intended to be an open API endpoint that serves public data.
“It does in fact include usernames and user IDs (among other things) for users that have published posts in a post type that is set up to use the API, but all the data is considered public,” Campbell said.
Campbell also said he is wary of entering personal data into the equifaxsecurity2017.com website, but not because it is using WordPress.
“I don’t think the fact that it runs on WordPress is a concern from a security standpoint, with the caveat that I don’t know what ELSE it’s using,” Campbell said. “‘Equifax’ is a trusted brand, but it’s not the official Equifax domain and the SSL certificate doesn’t verify ownership. So you know your data is encrypted, but not necessarily who it’s being sent to since you don’t know who owns the site.”
It’s not clear why Equifax simply didn’t build out the information site on its own domain. According to security investigator Brian Krebs, the company appears to have hired Edelman PR, a global PR firm, to handle its public response to the data breach, citing the username publicly displayed by WordPress’ API. Edelman PR opted to use a free Cloudflare certificate to secure the site.
Consumers were also off put by the verbiage of the arbitration clause included in the terms and services of the free credit monitoring, which appears to force those who sign up to waive their rights to participate in class action lawsuits against the company.
“I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived,” Krebs said.
Kenneth White, a security researcher and director of the Open Crypto Audit Project, said on Twitter that he was amazed the site was running stock WordPress but that his comments specifically referenced the sloppy implementation of the site.
Due to how the site was set up, it appeared to many consumers and researchers as Equifax’s way of stalling or perhaps even scamming those who may have been affected by the breach. Various browsers flagged it as a phishing threat, and some consumers found they were given different answers from the form based on whether they checked with desktop or mobile devices. In responding to the incident with a website that appears to have been hastily implemented for its own convenience and corporate interests, Equifax has missed an opportunity to reclaim any remaining consumer confidence from the public.
Sept 9th 2017
According to reports by Equifax itself, the credit-reporting firm’s secure customer information has been breached.
Equifax reported that over 143 million of its U.S. customers may have been affected by the breach, wherein unauthorized users had access to the company’s data from mid-May through July of this year.
Private identifying information such as birth dates, addresses, names, driver’s-license numbers, and Social Security numbers were obtained by the unauthorized users. Equifax also reported that “credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.”
Equifax has set up a website to help consumers determine if the security of their personal information was compromised by the breach.
The breach was apparently discovered on July 29, and if the estimates currently being made about the scope of the unauthorized access are true, this would be the largest credit-card-data hack in the history of America.
May 1st 2017 Cold Calling
A few weeks ago, I did a story on how to stop annoying, endless robocalls to your smartphone. Boy, did it strike a nerve. Hundreds of people emailed with complaints, comments, and the same question asked over and over: How can I end those infuriating calls on my home phone, too?
I interviewed a half dozen of the nation’s top experts, getting advice from everyone from the Federal Trade Commission and Better Business Bureau — to a former robo-caller himself. As rudimentary as it seems, one the most effective deterrents is to screen your calls.
“If no one ever picked up the phone when it rang, robocalls would stop,” says Alex Quilici, CEO of YouMail, a visual voicemail and robocall blocking service. “If I’m going to scam you to buy a fake cruise or install fake virus software, I need you to answer the phone so that I can pitch you.”
Quilici said he turned his landline ringer off altogether, and all calls go through an answering machine with caller ID. If the caller doesn’t leave a message, he doesn’t worry about it. If they do, he can still grab the phone while the caller is talking, or call him or her back. “These aren’t perfect solutions, it’s like bringing back the 80’s and 90’s, but it goes a long way to solve the problem.” He also told me that he convinced his mom to do this, too (and it’s working).
Call blocking boxes
Then there are "robocall blocker" boxes. I have a friend who swears by the $100 CPR V5000 Call Blocker he picked up for his aging father, who suffers from dementia. He said his parent's phone went from ringing more than 10 times a day with political polls, solar panel and security system sales, to remaining blissfully quiet unless a “whitelisted” number comes through.
One concern: One of the biggest reasons people keep landlines is for emergencies. The boxes “could present problems in emergency situations or when it comes to "legitimate" robocalls (school snow days, product recalls, etc.),” says Tim Prugar, who sits on the Communication Fraud Control Association’s consumer education committee and is an executive at Next Caller, which provides caller ID services to businesses.
The boxes range anywhere from $30-$150 dollars. Other concerns: they can be difficult to set up and yet still easy for savvy scammers to workaround.
An app called Nomorobo was one of my top recommendations for stopping robocalls on your smartphone and it's just as great for blocking bad callers on your home phone. On mobile it’s a paid subscription, but it's free for landlines. It automatically blocks nearly 500,000 confirmed robocallers and doesn't use annoying ads or any other goofy tricks to get money out of you — it's just plain free.
The catch is that it only works with VoIP phone service, so if you get your phone through an internet or cable provider like Charter, AT&T U-Verse, Verizon Fios, Comcast Xfinity, Vonage, or several others, you're good to go. It does not work however, on traditional "analog copper" phone lines. If you’re not sure what you have, call your phone company.
Another freebie helper for ridding robocalls is anonymous call rejection. To enable it, just pick up your phone and press "*77.” You should hear three short beeps to let you know it's activated, and then you can hang up. After that, all calls that come in as Anonymous, Private (a favorite of robocallers), or Blocked won’t get through. You can turn the feature off whenever you want by pressing "*87.” Virtually every phone company has this feature built right into your service, and it’s just sitting there waiting for you.
These aren't perfect, but..
“Blocking robocalls on a home landline is like trying to stop a star athlete,” says Bob Bentz, president of Advanced Telecom Services and adjunct of communication at the University of Denver. “Most coaches will say they are just trying to control the superstar, because they know they can't truly stop him or her completely. There is no sure-fire way to completely stop unwanted calls, so the best thing to do is simply try to limit them.”
The best way to limit all these unwanted calls is to follow a few simple guidelines:
When I spoke with the Better Business Bureau and the FTC, both had the same message: The scammers will only keep using scummy tactics as long as people keep falling for them. Because robocalling is now so incredibly cheap and easy to do, every time someone willing hands over their credit card number for a sketchy time-share or signs up for a potentially fraudulent “low interest rate” program, they’re funding hundreds of thousands of more robocalls. All it takes is one out of every 100,000 robocalls “to work” to remain profitable.
Is there really no justice in the world? Well, there is, but it’s pretty slow-moving. Remember the Do Not Call list? It’s still there, and if you haven’t already, you should definitely put your number down and report calls that violate the rules. “Legitimate telemarketers will respect your request,” says Katherine Hutt with the Better Business Bureau.
How did they get my number?
Auto-dialers blow through millions of numbers until they land on one that gets a human on the other end. But the bigger problem is that most of us are giving up our phone numbers and not even realizing it.
“We are living in the day of big data,” telecom guru Bob Bentz told me. “Your phone number is available so many places. Ever buy anything online? You probably gave your phone number. Loyalty card at the grocery store? It's likely tied to your phone number.” And don’t forget what I pointed out in the last story. It’s also available via public records online too.
Robocalls won’t be around forever, and if there’s one thing that’s great about the boom in spam marketing, it’s the fact that it’s gotten so bad that telephone carriers are partnering with private tech companies to solve the problem faster than ever before.
“Carriers across North America are actively working together to stop this problem,” Next Caller's Prugar said. “Carriers are just as serious about eliminating robocalls as consumers are, and have been attacking the problem through inter-carrier partnerships, internal and third-party R&D, consumer education, and government partnerships.”
It’s a super complicated problem, and right now there’s just no one solution. But with the right tools and a bit of common sense, you can avoid scams and hurt the annoying callers right where it hurts the most: Their ability to rob us blind.
Jennifer Jolly is an Emmy Award-winning consumer tech contributor and host of USA TODAY's digital video show TECH NOW. E-mail her at firstname.lastname@example.org. Follow her on Twitter @JenniferJolly.
You can lock your doors against burglars, but making sure you don't fall victim to scams – even in the safety of your own home – is much less straightforward.
Dec 12th 2016
A regulator has ordered two pharmaceutical firms to pay a record penalty, accusing them of overcharging the NHS through a 2,600% overnight drug price hike.
The Competition and Markets Authority (CMA) said it had imposed a £84.2m fine on the manufacturer Pfizer and a £5.2m fine on distributor Flynn Pharma.
It declared each "broke competition law by charging excessive and unfair prices" in the UK for phenytoin sodium capsules, an anti-epilepsy drug, used by 48,000 patients who could not switch to alternative medication for fear it would trigger seizures.
US firm Pfizer, best-known as the maker of Viagra, told Sky News it disputed the findings.
The regulator's investigation found prices were raised by up to 2,600% after the drug, once known as Epanitin, was "deliberately" de-branded in September 2012 when Stevenage-based Flynn bought the UK distribution rights from Pfizer.
It meant that because the drug was now generic, it was no longer the subject of price regulation.
The CMA said the amount the NHS was charged for 100mg packs of the drug rocketed from £2.83 to £67.50, before coming down to £54 from May 2014.
It meant, the watchdog said, that NHS expenditure on phenytoin sodium capsules rose from about £2m a year in 2012 to about £50m in 2013.
"The prices of the drug in the UK have also been many times higher than Pfizer's prices for the same drug in any other European country," the statement said.
Philip Marsden, chairman of the case decision group for the CMA's investigation, said: "This is the highest fine the CMA has imposed and it sends out a clear message to the sector that we are determined to crack down on such behaviour and to protect customers, including the NHS, and taxpayers from being exploited."
Pfizer said it would appeal "all aspects" of the ruling. Its statement said: "In this transaction, and in all of our business operations, we approached this divestment with integrity, and believe it fully complies with established competition law.
"Phenytoin capsules were a loss making product for Pfizer and the Flynn transaction represented an opportunity to secure ongoing supply of an important medicine for patients with epilepsy, while maintaining continuity of manufacture.
"When Flynn launched its product, the company set a price that was between 25 and 40% less than the price of the equivalent medicine from another supplier to the NHS which had long been regulated, and appeared to be acceptable to, the Department of Health."
Both firms have been given up to four months by the CMA to reduce their prices, to ensure there is no risk to the supply of the drug to patients who rely on it.
They are not the first to face similar action.
GlaxoSmithKline was among firms hit with a £45m penalty in February after a "pay-to-delay" scandal surrounding blockbuster anti-depressant drug Seroxat.
Online scams have rocketed 53% in the last three years, a study has revealed.
And in the last year alone internet fraud has soared by 18% as cyber crooks have ripped off 6.6 million Brits.
According to research, one in three fall victim to rogue “pop ups” which appear on screens and can activate a virus when users innocently click on a button to cancel or close.
One in five adults have unwittingly downloaded a dodgy document by opening an important sounding attachment on an email and one in ten have had their email account hacked.
More than 22,000 people were scammed in one year, according to Citizens Advice, and fraudsters are constantly inventing ways to swindle you out of your cash. and forewarned is forearmed so here are 27 to look out for.
Human Door-to-door attempts to trick you
1. Fake Green Deal sales You answer your door to be told you are entitled to £10,000 of funding for Green Deal home improvements, such as insulation or a new boiler. You are then asked to pay an administration fee.
2. Unnecessary damp proofing You are offered a free damp proofing survey. The surveyor always finds damp which needs urgent attention, quotes a high price and requests an immediate deposit.
3. Home maintenance services A trader offers you a cheap quote to pave your patio or driveway, carry out home maintenance or gardening services, or repair "unsafe" roof tiles. They demand an upfront cash payment to start or finish the job – then scarper with the money or make unreasonable charges for botched work.
4. Food sales Someone offers to sell you (inedible) fresh or frozen fish very cheaply, but only if you are prepared to pay £100s for several boxes, sight unseen.
5. Fake energy-saving gadgets You are offered a plug-in gadget at a "sale price" of £99, which the seller claims will cut your electricity use by 40%.
'Too good to be true'
6. Fake dates You join a dating website and are contacted by an extremely good looking potential date who lives abroad. After starting an online romance the scammer asks for money for emergency bills.
7. Council tax refunds You are told by a cold-caller that you are owed a rebate on your council tax bill or are overpaying because your property is in the wrong tax band. You are then asked to hand over your bank or credit card details so your money can be refunded.
8. Council tax discount You are told that if you start paying by direct debit you will get a discount – but first you need to pay an administration fee.
9. Dodgy job website You register your CV at a job site and quickly get a call or email from an employment agency guaranteeing you a job, but only if you first pay a fee.
10. Bogus pay cheque You are called or sent an email from someone who wants to give you a job, and offered a cheque in advance of your first payday. Cash the cheque and you'll be told you've been overpaid and must return the money via an online transfer – before the cheque bounces.
11. Training course claim You see an advert online for a high salaried job, but are asked to pay for a training course first.
12. Prize scam You are called, texted or emailed and congratulated for winning a prize or even a huge lottery pot (although you can't remember buying a ticket). In order to collect your winnings you are asked to pay a processing fee or to call a premium rate phone line.
13. Bad investments You are cold-called and offered a once-in-a-lifetime opportunity to invest your life savings, for example in carbon credits, plots of land, fine wine or exclusive stocks and shares, which are certain to make you rich. Needless to say they are not.
14. Loan arrangers You are called or texted by a fraudster and invited to apply for a "guaranteed loan". After you've given your personal information, including your bank details, you are told to pay an application fee.
15. Pension problems You receive an "urgent" phone call from "The Pensions Helpline" or your pension provider stating that you are entitled to a £1,000 pension bonus from the government, or that your pension has been underpaid. In order to receive your money you must pay a fee or give out your personal details on a premium rate line.
16. PPI refunds You are texted or called by someone claiming to be your bank, the Ministry of Justice, or a PPI company and told you are owed money in the form of mis-sold PPI payments – but you must pay an administration fee before the refund can be processed.
17. Tax back You receive an email from HMRC offering you a huge tax refund if you give your personal details online or by email.
18. Unhealthy sales You see an online advert for a free trial of slimming tablets or skin products. However, you unwittingly sign up for regular monthly payments which cannot be cancelled.
19. Noise rebatement You are called by someone claiming to be from the government and told you may be entitled to compensation because a place where you once worked has been condemned as too noisy on health grounds. You are asked to pay a fee to find out more.
Tricks which prey on your fears
20. Missed payments You are sent a fake council tax bill or told you are in arrears, and asked to pay immediately over the phone.
21. Telephone debt You are called by "Her Majesty's Court" and told you have defaulted on a debt for an expensive telephone preference service. You are asked for immediate payment over the phone and warned you will be disconnected and face arrest or a court summons if you refuse to pay. If you hang up, the fraudster will stay on the line so you'll think your line has been disconnected.
22. Truant's fee The "Education Welfare Service" calls to tell you that your child failed to attend school that day and asks you for a £340 penalty over the phone.
23. Courier scams You are called on your landline by your bank and told that fraudsters have used your debit or credit card and it needs to be replaced. You call your bank, which confirms this. You are told to key in your pin number and hand over your card to a courier who will arrive soon. However, between receiving the call and dialling your bank you didn't hear a dial tone and are actually still speaking to the scammers, who never disconnected the line.
24. Holiday help You are sent an email from a friend or relative whose account has been hacked. You are told they are stranded abroad and need you to send them money urgently. They are not, and do not require any money.
25. Virus hoax You are called by "Microsoft Windows Support" and told your PC has a virus or is running slowly. The problem can be solved remotely if you give them your credit card details and/or remote access to your PC.
26. Medical emergency You are called and told your grandchild has been in a road accident abroad. Cries for help are screamed down the phone while the caller says you need to send money immediately to cover medical costs.
27. Rogue traders A police officer calls claiming criminals are trying to steal money from your bank account, and that a special "safe account" has been set up for you to transfer your savings into. You are told that clerks at your bank are under surveillance and that revealing why you are transferring the money will jeopardise covert police work
DON'T EVER DIAL AREA CODE 809 or 242, 246, 264, 268, 284, 345, 441, 473, 664,758, 767, 784, 787, 868, 869, 876 as well as 809.
This scam is being distributed all over the U.S. It is pretty scary
especially given the way they try to get you to call.
Don't respond to Emails, phone calls, or web pages which tell you to call an
"809" Phone Number.
This is a very important issue of Scam Busters because it alerts you to a
scam that is spreading extremely quickly - can easily cost you $24,000 or
more, and is difficult to avoid unless you are aware of it.
We'd like to thank Verizon for bringing this scam to our attention.
This scam has also been identified by the National Fraud Information Center
and is costing human victims a lot of money.
There are lots of different permutations of this scam.
HERE'S HOW IT WORKS:
You will receive a message on your answering machine or your pager, which
asks you to call a number beginning with area code 809.
The reason you're asked to call varies. It can be to receive information
about a family member who has been ill, to tell you someone has been
arrested, died, to let you know you have won a wonderful prize, etc.
Your human greed or curiosity is aroused
In each case, you are told to call the 809 number right away.
Since there are so many new area codes these days, people unknowingly return
these calls. It is difficult for a human being to keep up
If you call from the U.S., you will apparently be charged $2,425 per minute.
Or, you'll get a long recorded message.
The point is, they will try to keep you on the phone as long as possible to
increase the charges. Unfortunately, when you get your phone bill, you'll
often be charged more than $24,100.00.
WHY IT WORKS:
The 809 area code is located in the British Virgin Islands (The Bahamas).
The 809 area code can be used as a "pay-per-call" number, similar to 900
numbers in the U.S.
Since 809 is not in the U.S., it is not covered by U.S. regulations of 900
numbers, which require that you be notified and warned of charges and rates
involved when you call a "pay-per-call" number.
There is also no requirement that the company provide a time period during
which you may terminate the call without being charged.
Further, whereas many U.S. phones have 900 number blocking to avoid these
kinds of charges, 900 number blocking will not prevent calls to the 809 area
We recommend that no matter how you get the message, if you are asked to call
a number with an 809 area code that you don't recognize and/or investigate
further and just disregard the message.
It's important to prevent becoming a victim of this scam, since trying to
fight the charges afterwards can become a real nightmare. That's because you
did actually make the call.
If you complain, both your local phone company and your long distance carrier
will not want to get involved and will most likely tell you that they are
simply providing the billing for the foreign company. You'll end up dealing
with a foreign company that argues they have done nothing wrong.
Things are about to get worse, because that infamous off-shore area code
(809) is in the process of breaking up into smaller chunks, and you'll soon
have to think twice about calling any of the following area codes:
242, 246, 264, 268, 284, 345, 441, 473, 664, 758, 767, 784, 787, 868, 869,
876 as well as 809.
Please forward this entire message to your friends, family and colleagues to
help all human beings become aware of this scam.
Fortunately with modern communication systems these dangerous situations can be monitored easily and warnings issued by local government, civil defense, police, local radio and television.Identity Theft Home Page - human - Scams