[Lex Computer & Tech Group/LCTG] Scammers are so creative

Stan Rose rosesta at gmail.com
Mon Oct 17 14:01:55 PDT 2022 

I certainly did mean WPA2 (I never use WPS!).

 

Stan

 

From: Robert Primak <bobprimak at yahoo.com> 
Sent: Monday, October 17, 2022 4:58 PM
To: stan_rose at alum.mit.edu
Cc: 'Lex Computer Group' <lctg at lists.toku.us>
Subject: Re: [Lex Computer & Tech Group/LCTG] Scammers are so creative

 

You mean, WPA2. WPS is the automatic connection protocol with the security flaws.

 

It looks like you are being more careful with the network and the smart TV than most people. 

 

Could be, the smart TV itself has a security flaw, but that's just a guess. 

 

-- Bob Primak 

 

 

On Monday, October 17, 2022 at 04:45:47 PM EDT, Stan Rose <rosesta at gmail.com <mailto:rosesta at gmail.com> > wrote: 

 

 

Bob

 

I am using WPS2 with a fairly long password. I tried using WPS3 but found that some of my devices don’t support WPS3, yet, so I had to drop back to WPS2. The router’s firmware is up to date (it’s actually a new Netgear RAX70 router). The TV is actually connected over Ethernet, not WiFi, and is fully up-to-date. The only apps I’ve installed on the TV are standard streaming apps, like Hulu, Prime, Netflix, Disney+ etc.

 

I use the FING app to monitor the network, although I don’t have their hardware device.

 

Stan

 

From: Robert Primak <bobprimak at yahoo.com <mailto:bobprimak at yahoo.com> > 
Sent: Monday, October 17, 2022 4:33 PM
To: Stan Rose <stan_rose at alum.mit.edu <mailto:stan_rose at alum.mit.edu> >
Cc: Lex Computer Group <lctg at lists.toku.us <mailto:lctg at lists.toku.us> >; carllazarus at comcast.net <mailto:carllazarus at comcast.net> 
Subject: Re: [Lex Computer & Tech Group/LCTG] Scammers are so creative

 

Stan -- 

 

I assume all your devices, especially that Smart TV, have their own internal security, receive signed firmware updates only, and do not do WiFi "over the air" updates. And that all devices are using WPA2 or WPA3 encryption. I also assume that WPS (WiFi Protected Setup, which can bypass your network security and has known malicious exploits) is turned off in your router and on all connected devices.

 

If any of these conditions was not met, you may have your answer right there. 

 

Otherwise, somewhere, somehow you may have clicked on something else which was not genuine, or downloaded and installed a malicious app into the smart TV. Without auditing your Smart TV and your network in person,we can't offer anything more definite or more specific. 

 

Hiding the network SSID no longer works for providing extra security. Hackers know how to unhide hidden networks these days. 

 

There are security appliances you can buy for $$$ but these really are leveraging the same security measures we can apply for ourselves. We can limit the number of open ports in our routers and modems, but this is a bit more tedious and technical than many of us want to do for ourselves. Some home network security suites include port stealthing. Most of these apps cost subscription money. 

 

-- Bob Primak 

 

 

On Monday, October 17, 2022 at 12:05:20 PM EDT, Stan Rose <stan_rose at alum.mit.edu <mailto:stan_rose at alum.mit.edu> > wrote: 

 

 

I am usually extremely careful in recognizing and avoiding scams but was caught by one last month, and not by an email, text message or web pop up.

 

We were about to watch a movie on Amazon Prime via the Prime Video app on our Sony Smart TV. When we started the app, a very real looking message came up on the TV that we needed to renew our Prime subscription. It gave an 800 number to call to expedite renewal. When I called that number, the person offered a 2 year discount for $190 instead of the usual $119 per year.

 

After giving him the card info, the TV went through the normal process of asking me to enter it's displayed code into my phone's prime video app. That all looked normal.

 

After that, I checked if my Prime subscription was extended the promised 2 years and saw it wasn't. It was only then that I rememberd I had renewed my subscription in April so it had not expired. I called Chase and they reversed the charge and have subsequently been told they made the refund permanent.

 

I guess I was sucked in by believing this couldn't happen on the TV but now I know it can. I don't know how they did it, but they did. I thought I had done everything to protect my network, such as changing the WiFi SSID and password and even changing the normal 192.168.1.1 address to something else. I've changed the password on all Iot devices.

 

Anyone know how they pulled that off?

 

Stan

 

On Mon, Oct 17, 2022 at 12:51 AM Robert Primak <bobprimak at yahoo.com <mailto:bobprimak at yahoo.com> > wrote:

There are also scams very similar to this one revolving around hurricane relief from Ian. There was one billionnaire who did pledge direct relief to homeowners affected by Ian, but I think that was Elon Musk, andf it was not in the form of free Internet, though he also is offering that for a few areas of SW FL. 

 

You have to be very careful about everything these days. None of these charitable foundatiuons will use email as their first method of contact, out of the blue. Nor a phone call, especially to a cell phone.  If it looks too good to be ture, check with the original source. Use an independent direct link or contact method. And don't be in a rush -- there is never so much time pressure that you can't use some well-known method to verify an offer. Or a threat. 

 

That said, I have had to deal with a couple of truly insider scams in recent years. Some of these problems originated with actual fraudulent accounts opened with my personal information, probably obtained through data leaks from places I should have been able to trust, like in one instance, a medical billing service. Yeah sure, they apologized, paid and offered credit monitoring -- but the damages were already done. 

 

Be safe out there! 

 

-- Bob Primak 

 

 

 

On Sunday, October 16, 2022 at 10:09:14 PM EDT, <carllazarus at comcast.net <mailto:carllazarus at comcast.net> > wrote: 

 

 

Here is a new scam.  I received an email that says I am pre-qualified for the Scott Mackenzie Foundation relief fund, and there is an email address I am to contact for more details.  I think they meant Mackenzie Scott, ex-wife of Jeff Bezos, but you can’t get everything right.  Her foundation is giving grants to many causes, but I doubt they are getting ready to give me money.

 

-- Carl

 

Carl Lazarus

H: 617-964-7241

carllazarus at comcast.net <mailto:carllazarus at comcast.net> 

 

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>       Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us <mailto:lctg-subscribe at toku.us>   To unsubscribe: email lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us> 
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to bobprimak at yahoo.com. <mailto:bobprimak at yahoo.com.> 
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>       Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us <mailto:lctg-subscribe at toku.us>   To unsubscribe: email lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us> 
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to rosesta at gmail.com <mailto:rosesta at gmail.com> .
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/rosesta@gmail.com

-- 

Stan Rose

stan_rose at alum.mit.edu <mailto:stan_rose at alum.mit.edu> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20221017/fb95b2ea/attachment.htm>

More information about the LCTG mailing list