HED Project

Life/Tech/Ideas

Tag: security

  • You have been scammed

    You have been scammed

    You receive an email. It is from someone that you have exchanged some emails with, someone you know or someone that someone you know knows. It is an offer for a new project to check and price. You think “nice”! You press on the link, you go to a page that says “Microsoft OneDrive” or “Office 365”. It says, “to download the files please sign in”. You put your Office 365/Outlook password and you press download. You download something but you get a message, “Password Incorrect”. You try 2-3 times and then you give up. Or something is downloaded, you try to open it, and it says: “corrupted file”.

    You contact the sender (if it happens to know them) and ask what file they have sent. They reply: “I haven’t sent any file. What email are you talking about?”. You explain but then you start realising…

    You have been scammed

    Every month I might receive 5-6 emails like the one in the picture below (blurred the sender as it was a real person that had their email compromised). At first glance, it seems a legit email. It’s coming from a legit account after all. But if you have received lots of them then you know the sender’s account has been compromised and the email is not coming from the sender.

    If you open the link, you will be redirected to a new page. You might be tricked that this is a legit OneDrive or SharePoint (occasionally) web page. It prompts you to put you’re your Office/Outlook account credentials to download the file.

    But take a closer look. The URL is not pointing to any OneDrive, SharePoint address (or any other known file sharing provider). What it is, is a copy of those pages and what it does is that: It collects your credentials.

    Why it is very risky? Because the scammer has access to your email account. Your email account might have stored information that you don’t want to share, like personal emails, bank account access info, passwords, phone numbers etc.

    What to do when you realise that you have been scammed? Change your password immediately and activate the two-factor authentication. Also, it would be nice if you could let the sender know that they sent a phishing email and that their account has been compromised.

    How you can be protected from those phishing emails and how to recognise them?

    First of all, the email looks a bit off. The text format is not constant, the fonts might be smaller of different between parts of the email.

    It might be completely ok though. So secondly, you might press the link. This will lead you to a page that looks like the official Outlook, OneDrive, Dropbox etc pages. But the URL does not match. If you check the URL it will be something that you won’t understand or a page that is NOT the official page but probably will include the official name somewhere. Like: onedrivedownload.awebsite.com or anotherwsbsite.com/AJ34YPW09/dropbox. Those kinds of URLs are not official.

    The official URLs would be something like outlook.com/whatever or dropbox.com/whatever. Thirdly, whoever wants to share files with you will use some services like WeTransfer, or the ones mentioned that WILL NEVER ASK ANY CREDENTIALS to download files. You will just receive a link, you will press it and the files will start downloading. Finally, to protect yourself from a phishing attack of this kind, it is better to use two-factor authentication. With this, even if you get scammed, the scammer cannot use your credentials to access your accounts because you will also have to put a code that you will receive with an SMS (the majority of the times) in a 2step process, besides your credentials.

    Companies can also train their staff on cyber security. There are numerous courses out there that can be found if you google the term: “cyber security awareness training for companies”. It is interesting though that the UK Government has a training course portal as well, although it is not updated since 2019. You can find the page here.

    One Extra Step – Making fun of the scammers

    There are some more things you can do from here. One of those is to destroy the scammer’s database.

    The concept is simple. The scammer’s page doesn’t have any security to check if you send too many requests to their endpoints. It is just a form to collect credentials that you put. So, one way to destroy their database is to inject 1000s of fake emails and passwords that look like real ones. This way, even if you have inserted real credentials it will be very difficult for them to recognise and check which ones are fake and which real. Of course, it is difficult and takes time to do it manually one by one.

    For this reason, I created a script in Python (with the help of ChatGPT) that will do this job for me. If you are interested in this project take a look here!

  • The eternal battle: iPhone vs Android

    The eternal battle: iPhone vs Android

    Over the last 4-5 years, I switched from Android to iOS. In the beginning, I had mixed feelings and, to be honest, I used to like Android so much that the iPhone didn’t feel that good. However, as I got used to it over the months and years, I recently got my second iPhone device and my feelings have reversed.

    That’s right, I got a second device in a span of almost 5 years. Would you do this with an Android phone? Probably not. You see, the problems with Android cannot be seen at first glance.

    The Android “ecosystem” has hundreds of devices to choose from, catering to all kinds of budgets and offering a feature variety that you won’t find anywhere else in tech. But there’s a big “but.” There are several reasons not to choose an Android phone if you’re concerned about quality and security.

    iPhones offer a consistent user experience as Apple designs both the hardware and software, which leads to a seamless and consistent interface across different models. iPhones receive regular software updates, including the latest features, performance improvements, and security patches. Apple supports its devices for several years, ensuring that even older models can benefit from new updates.

    With Android phones, you’ll be lucky if you get 2 years of security updates. The App Store also has a rigorous review process, which often results in a higher standard of quality for apps compared to the more open Google Play Store.

    In terms of connectivity and ecosystem, iPhones work well with other Apple devices, such as Macs, iPads, and Apple Watches, making for a more seamless ecosystem if you own multiple Apple products. On the other hand, despite some progress made by Android devices with Windows PCs and laptops, they still lag behind in making users’ lives easier.

    Consider how easy it is to change an iPhone device and move to a different one. You simply follow some steps on your phone’s screen, and within 20-30 minutes, all your data and apps are migrated to the new device. This will not happen with an Android phone unless it’s a Xiaomi and you’re migrating to a new Xiaomi or a Samsung, but I’m not sure this process is as smooth as iOS, and I’m pretty sure you cannot do this between different branded phones.

    Considering selling your iPhone? iPhones typically maintain a higher resale value compared to Android devices, which can be an advantage if you plan to upgrade your phone in the future. Apple is known for its focus on user privacy and security, implementing measures to protect user data, including encryption and strict app permissions.

    When it comes to personal data security, iPhones tend to offer better overall security for personal data, mainly due to Apple’s closed ecosystem and tight control over hardware and software. This makes it more challenging for hackers to find and exploit vulnerabilities. Apple provides timely software updates, including security patches, and the App Store has a more stringent app review process than the Google Play Store. Apple uses encryption to protect user data both at rest and in transit, and iPhones come with various built-in security features, such as Face ID, Touch ID, and Secure Enclave.

    Moreover, let’s not forget Google. Google is primarily an ad company, which means it collects your data for profit. The experience comes second or third. Sandboxing works well on both operating systems, but Google apps, especially Google Play Services, monitor every interaction you have on or near your phone and sell that data.

    Imagine this scenario: You are considering renewing your car’s insurance for another year, but it comes 20% more expensive than last year’s insurance. You wonder why. Meanwhile, you had been searching on your phone, through the Google search bar, for a pair of prescription glasses because you developed a bit of nearsightedness. While you normally wouldn’t even think about it, somehow the insurance company got “notified” about it and voilà! While Apple collects personal data, they confirm that they will never sell it. But, it’s up to the user if they trust them or not. Personally, after the “throttling-gate” was exposed, I tend not to trust them so much, but for now, I believe them as I’m pretty sure they don’t want to lose more money in the courts. Another alternative would be GrapheneOS, which is based on Android. I tried it for a month. Good luck with that.

    As for the devices’ costs, a mid-range Android device costs more than £200. Those devices tend to last for 2 years on average, so it’s £100/year for a phone. iPhone prices start from £600, but a device can last for 5-6 years with constant updates. It comes slightly more expensive than the £200 mid-range Android, but the quality is not comparable.

    That said, in the end, it’s up to the user’s priorities and preferences. Android is offered in a wide range of devices for every budget and need, while iPhones are more premium. Androids are more customizable, and the user can experiment with custom ROMs, while iPhones are locked. If someone is concerned about privacy and security, I would recommend iOS more. If those are not a concern and the budget is the priority, then Androids are very good devices. Also, Samsung and some Chinese brands like Oppo have made huge strides to offer state-of-the-art devices and designs like flip phones that cannot be found in Apple’s device family. Those devices might cost more than Apple’s Pro models, but they offer an experience that the user hasn’t had before. At the very end, it’s all about personal preference.