Category: Case study

Identity Theft

This will probably be one of the most challenging posts I’ve ever attempted to write because in all truth, I don’t think we really still know what actually happened to my daughter’s online identity, let alone wholly knowing how it happened, but I’m going to try and explain the sequence of events as an alert to you all, and a reminder to us too!

Some background and a plausible explanation of why they got themselves into the situation they found themselves.

They’d been self-employed for a short while now, working as a freelancer, and had just submitted their first tax returns in that capacity.

They were working from home, with two young children with one under six months old, and both very demanding of their time.

The family is living in another family member’s house whilst they “do up” their new house.

They’re adept at multi-tasking (obviously too adept as it turns out) and is (as many of their age are able to do) capable of nestling their phone between chin and shoulder whilst doing other tasks!

What happened next!

She had a phone call purporting to come from HMRC (we’re presuming this was just a fortuitous coincidence from the fraudster’s point of view – they had no way of knowing the employment status of the family member) – saying that they had a refund owing. As explained above she thought this was quite possibly the case as she had just completed a tax return – again an unhappy coincidence! She was told to click on a link in a text message to complete the process of getting the refund. She had their youngest child on her hip, was preparing a meal and was “distracted”. She filled-in the required information from the link!!!!

Agh! No!

Shortly afterwards (the same day) she presented her credit card at a supermarket and payment was refused. She realised something was wrong. She found she didn’t have access to her online banking. She contacted the bank by phone. The bank “supposedly” froze the account there and then but it was apparent that at least two transfers of money had been made to someone who was a Payee in her account – why? That’s the clever bit of the scam, I’ll explain later!

More payments appeared to have been made … help!!!

How could this be? The account was frozen … wasn’t it?

Get the family involved!

Having a son who’s an IT expert comes in useful, especially if he lives on the other side of the world! He worked through the night (day) in securing as many of her accounts as he could. Changing passwords, which were admittedly rather weak and used more than once (should have listened to Dad) – but he had no idea just how much data had been downloaded, or indeed just how much they had to start with as a result of perhaps a previous “pwned” event.

Having another local son who’s also very practical and logical helps also. He suggested that she contact the payee and tell them about the payment and request it be refunded. What transpired next turns out to be the “clever” part of the scam, although on this occasion it wasn’t conducted very expertly because they attempted multiple payments to the same payee. The payee confirmed that they’d had this payment, wondered what it was and had been a bit puzzled as to why Mr X had contacted them and requested a refund to a bank account because “he’d made a mistake”.

This was obviously NOT the same account as that from which the payment had originated and turned out to be the way the scammers were hoping to transfer funds from the hi-jacked bank account to one of their own! Fortunately, my son’s suggestion alerted the payee and the payee advised their bank NOT to transfer the money.

Phew! How did this all happen when the bank account was supposed to be frozen?

The key to this scam was getting control of my daughter’s mobile phone number. She didn’t realise it immediately, but soon became aware that it had been “stolen” through a scam called SIM swapping. This usually is done by a seemingly distressed person going into a mobile phone shop and pleading for a new SIM with a phone number “because their phone has been stolen” and “it’s absolutely imperative they have their number back immediately as there’s something very important happening right now”.  This is described here.

Why do they want to do this? Because they can transfer calls made to the rightful owner of the phone to their own phone.

Why do they want to do this? Because they can then request the bank account to be unfrozen, and also use their access to the phone number for any number of authorisation features.

And what is more they can lock you out of your phone accounts.

How did they do this in this case? Well GiffGaff is an online service provider and they have stated that they did everything they were supposed to do to authenticate the request for a SIM swap – but it is evident that there are serious weaknesses in their processes. They have stated they are looking at this for the future. Just Google “GiffGaff SIM swap Fraud” to see what is returned – it’s frightening!

So what happened next, and was there a happy ending?

Well, believe it or not, even with a personal visit to the bank and assurances that no more payments would be made, the bank did allow the account to be unfrozen and transfers out of her account were attempted. A second visit to the bank resulted in heartfelt apologies being made and offered over the way their fraud department had handled the problem and a complaint being raised by the branch against their own department on my daughter’s behalf – I don’t know the outcome of that!

Well, there was a happy financial outcome. Thanks to the prompt action and thinking of my local son, the initial transfer was halted. It’s not conclusive whether my daughter could have received compensation (as detailed here) as she was the instigator of the problem through her own mistake (the HMRC phone call). All other attempted transfers were eventually trapped by the bank and refunded to her – so no financial loss.

However …

Much more significant than the potential financial loss was what it did to her confidence. She insisted on getting a new phone, because she wouldn’t accept any advice from any family member (especially me) that there wasn’t anything on her phone that wouldn’t continue to monitor her.

She also lost all confidence in using any online systems – which up until then she’d been very reliant upon.

She also lost a lot of confidence in herself as she realised just how gullible (but extremely unfortunate) she’d been … but the positive side of this, and the main reason for sharing this is that she’ll be much more careful in the future!

Postscript.

We don’t know whether the identity theft side of this will ever be resolved. We all know that a huge amount of information is held on us on the internet. We all know that some websites have had their security breached and identity information stolen. We don’t know what was held by others about my daughter. She had a public profile, they now have the potential to add even more information to their database about her if they had managed to download information from her email (and other) accounts before my son locked them down. We just don’t know.

There was a mysterious book that arrived at her house with a cryptic message in it.

There have been some scamming emails purporting to come from her since this event.

She now uses a different email account.

We just don’t know whether these are connected to the fraud event or are just strange random occurrences … and I suppose we never will know just how much additional information they may have downloaded – emails, photographs, documents, etc. etc. Very frightening.

NatWest Guide to Fraud
Some privacy tips for iPhone users.

A satisfying and pleasant end to a trying day.

You’ve got to hand it to Apple. They do look after their customers well – at least this one they do!
You may remember I’d been having trouble with the boot-up of my 2013 iMac – yes, it’s at least 5 years old. It’s a powerful machine which I bought to do photo work and it’s been a delight, but the problems reported here …
I’ve now had an introduction to the SBOD
… had come back this month. After a couple of attempts to fix the problem myself, which I had assumed to be software problems, which involved me re-installing the operating system on a completely clean disk (ie I had to re-install all my data and applications from backup which was painless and automatic, but took a bit of time), I contacted their support via online chat, and after Traci had exhausted everything she could remotely, I was referred to the Genius Bar in the local Apple Store for an appointment that same day (actually 18:45 in the evening). A very competent and pleasant hardware technician (David) did “triage” on the machine and announced that the Fusion Drive was in fact faulty – it was a hardware problem.
And … they offered to replace and repair it at no cost to myself as I’d bought it from Apple, not elsewhere.
That’s the way to create brand loyalty. Thanks David. Thanks Apple Store, Cardiff.

Creating your own online magazine

I am a creature of routine. I used to listen to Today on Radio 4 when I got up in the morning; now because I can’t stand the egos being pushed into my ears, I have a much more peaceful and indeed useful start to the day – after I’ve scanned The Guardian (online), BBC News (online) and Wales Online websites, and checked my email and other social media such as Google+ (alas – soon to be no more), WhatsApp, Twitter and less frequently than I used to – Facebook.
I’ll start at the beginning and describe what I do to curate my interests, my daily internet workflow. The jumping-off point is to check my RSS Feeds using Feedly. What is an RSS Feed I hear some of you say? Well it’s a signal from a website that new content has been posted on a website. So if there are a number of sites that you are interested in, you can get an alert with an extract of content sent to you by what is called a RSS Feed, which you can then pick-up and read in full using a RSS Reader. Now the favoured Reader for a long-time was Reader (from Google) – but as is their wont, Google “sunsetted” it. That is they killed it off. Fortunately a really good alternative came to the rescue in Feedly. Every time I come across a website I want to follow, I add it to my Feedly and, as long as a RSS Feed can be setup for the site, place it in a category for the feed (eg photography, or IT) so that my stream of reading is organised to some level. I could stop there, after all I’ve got the link to the webpage, it’s stored in a category and I can go back and read it anytime I’m online. However, what if I just want to scan quickly the content, and go back to it later, or what if I want to read it online? That’s where Pocket comes in.
If I see an article in Feedly that I want to read later, or even archive, I add it to my Pocket, giving it some tags to help me find it later. I do both of these tasks on a smartphone, or tablet, it’s much easier than using a desktop/laptop as there are good apps which work together for both Feedly and Pocket. Once in Pocket, the article, stripped of everything that is irrelevant, can be read offline – once it’s sync’d the content from the web to your device – or alternatively you can click on a button to read the original article online.
But then occasionally, I come across some content that I want to share more widely – to the Thought grazing community for instance; and for this I use Flipboard which is a really easy way of creating an online magazine; made up of articles (perhaps with comments added) which you found interesting. From my Pocket app, I just click on the Share button and select <Share via …> and chose Flipboard. On Flipboard I’ve created a couple of “magazines”, so I chose which one I want to “publish” the article to, and perhaps write a comment about the article; and then Post it. That’s all there is to it, but what do you need to do to replicate my workflow and produce something like this …
View my Flipboard Magazine.

Curating the web
Step 1 – create a Feedly account, and download the app if you’re going to use a smartphone, or tablet
Step 2 – select websites you want to get an RSS feed from [see above, or read What is an RSS feed?]
Step 3 – check periodically to see what has “popped-up” in your feed reader.
Saving for another day, or for off-line reading (bookmarking+)
Step 1 – create a Pocket account, and download the app if you’re going to use a smartphone, or tablet
Step 2 – save to Pocket from your browser (perhaps using a browser extension), or from a sharing icon in Feedly
Step 3 – tag your articles, and read at your leisure, or when you want to
Creating a magazine to share with others
Step 1 – create a Flipboard account, and download the app if you’re going to use a smartphone, or tablet
Step 2 – create a Magazine within your Flipboard account, and decide whether to make it Private or Public
Step 3 – add articles to your magazine from your Pocket app (as described above) , or from your web browser
Good luck!

IT @ 93 – my mother

My 93 year old mother lives nearly three hours away from me, and not much less away from my sister. About 10 years ago I persuaded her to get a laptop, with a printer, and she soon took to emailing friends and family and looking at the photos we shared with her. In her youth she had used a typewriter and those skills very quickly came back.
With the arrival of the first tablets I soon realised that here was a device that she could adopt as her ability to type declined as her arthritis limited her dexterity. She’s now on her second iPad. It’s been a godsend. As well as her email which she still uses regularly, she uses the social network Google+ to chat with her grandchildren, and watch the progress through videos of her great grandchildren. She plays online scrabble with a grandson in Australia, and others as well and she occasionally wins – which gives her a huge amount of pleasure – as does the occasional Facetime (video call – skype-like) session she has with us.
She also reads the news off the web and browses the internet using Google. Just recently she took her first photograph using the iPad and shared it with the family. All of this in a safe and secure IT environment with privacy ensured so that only the family share in these communications.
The iPad has kept her in touch with her family. She passionately advocates its use and adoption to her friends as a way of them keeping in touch with their relatives and with her. It’s become an essential part of our “care package” for her.