[Lex Computer & Tech Group/LCTG] Scammers are so creative
Ken Pogran
pogran at alum.mit.edu
Mon Oct 17 14:13:08 PDT 2022
Is there a way to update the firmware on a Smart TV other than by
downloading it across the Internet (I'm less worried about WiFi / wired
network distinctions)? I don't even know if my Sony TV has a USB port,
or whether Sony even mails out off-line updates.
It strikes me that Stan may have somehow installed a "hacked" version of
the Prime Video app.
My TV has been urging me to allow it to update its firmware for several
weeks. I don't know what's the bigger risk: NOT updating firmware that
might fix existing security flaws, or installing new firmware (or apps,
from Google Play) that might have been hacked. On balance, I think
allowing the firmware update is the better choice.
Ken Pogran
Robert Primak wrote on 10/17/22 4:32 PM:
> Stan --
>
> I assume all your devices, especially that Smart TV, have their own
> internal security, receive signed firmware updates only, and do not do
> WiFi "over the air" updates. And that all devices are using WPA2 or
> WPA3 encryption. I also assume that WPS (WiFi Protected Setup, which
> can bypass your network security and has known malicious exploits) is
> turned off in your router and on all connected devices.
>
> If any of these conditions was not met, you may have your answer right
> there.
>
> Otherwise, somewhere, somehow you may have clicked on something else
> which was not genuine, or downloaded and installed a malicious app
> into the smart TV. Without auditing your Smart TV and your network in
> person,we can't offer anything more definite or more specific.
>
> Hiding the network SSID no longer works for providing extra security.
> Hackers know how to unhide hidden networks these days.
>
> There are security appliances you can buy for $$$ but these really are
> leveraging the same security measures we can apply for ourselves. We
> can limit the number of open ports in our routers and modems, but this
> is a bit more tedious and technical than many of us want to do for
> ourselves. Some home network security suites include port stealthing.
> Most of these apps cost subscription money.
>
> -- Bob Primak
>
>
> On Monday, October 17, 2022 at 12:05:20 PM EDT, Stan Rose
> <stan_rose at alum.mit.edu> wrote:
>
>
> I am usually extremely careful in recognizing and avoiding scams but
> was caught by one last month, and not by an email, text message or web
> pop up.
>
> We were about to watch a movie on Amazon Prime via the Prime Video app
> on our Sony Smart TV. When we started the app, a very real looking
> message came up on the TV that we needed to renew our Prime
> subscription. It gave an 800 number to call to expedite renewal. When
> I called that number, the person offered a 2 year discount for $190
> instead of the usual $119 per year.
>
> After giving him the card info, the TV went through the normal process
> of asking me to enter it's displayed code into my phone's prime video
> app. That all looked normal.
>
> After that, I checked if my Prime subscription was extended the
> promised 2 years and saw it wasn't. It was only then that I rememberd
> I had renewed my subscription in April so it had not expired. I called
> Chase and they reversed the charge and have subsequently been told
> they made the refund permanent.
>
> I guess I was sucked in by believing this couldn't happen on the TV
> but now I know it can. I don't know how they did it, but they did. I
> thought I had done everything to protect my network, such as changing
> the WiFi SSID and password and even changing the normal 192.168.1.1
> address to something else. I've changed the password on all Iot devices.
>
> Anyone know how they pulled that off?
>
> Stan
>
> On Mon, Oct 17, 2022 at 12:51 AM Robert Primak <bobprimak at yahoo.com
> <mailto:bobprimak at yahoo.com>> wrote:
>
> There are also scams very similar to this one revolving around
> hurricane relief from Ian. There was one billionnaire who did
> pledge direct relief to homeowners affected by Ian, but I think
> that was Elon Musk, andf it was not in the form of free Internet,
> though he also is offering that for a few areas of SW FL.
>
> You have to be very careful about everything these days. None of
> these charitable foundatiuons will use email as their first method
> of contact, out of the blue. Nor a phone call, especially to a
> cell phone. If it looks too good to be ture, check with the
> original source. Use an independent direct link or contact method.
> And don't be in a rush -- there is never so much time pressure
> that you can't use some well-known method to verify an offer. Or a
> threat.
>
> That said, I have had to deal with a couple of truly insider scams
> in recent years. Some of these problems originated with actual
> fraudulent accounts opened with my personal information, probably
> obtained through data leaks from places I should have been able to
> trust, like in one instance, a medical billing service. Yeah sure,
> they apologized, paid and offered credit monitoring -- but the
> damages were already done.
>
> Be safe out there!
>
> -- Bob Primak
>
>
>
> On Sunday, October 16, 2022 at 10:09:14 PM EDT,
> <carllazarus at comcast.net <mailto:carllazarus at comcast.net>> wrote:
>
>
> Here is a new scam. I received an email that says I am
> pre-qualified for the Scott Mackenzie Foundation relief fund, and
> there is an email address I am to contact for more details. I
> think they meant Mackenzie Scott, ex-wife of Jeff Bezos, but you
> can’t get everything right. Her foundation is giving grants to
> many causes, but I doubt they are getting ready to give me money.
>
> -- Carl
>
> Carl Lazarus
>
> H: 617-964-7241
>
> carllazarus at comcast.net <mailto:carllazarus at comcast.net>
>
> ===============================================
> ::The Lexington Computer and Technology Group Mailing List::
> Reply goes to sender only; Reply All to send to list.
> Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>
> Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
> To subscribe: email lctg-subscribe at toku.us
> <mailto:lctg-subscribe at toku.us> To unsubscribe: email
> lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us>
> Future and Past meeting information: http://LCTG.toku.us
> List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
> This message was sent to bobprimak at yahoo.com.
> <mailto:bobprimak at yahoo.com.>
> Set your list options:
> http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com
> ===============================================
> ::The Lexington Computer and Technology Group Mailing List::
> Reply goes to sender only; Reply All to send to list.
> Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>
> Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
> To subscribe: email lctg-subscribe at toku.us
> <mailto:lctg-subscribe at toku.us> To unsubscribe: email
> lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us>
> Future and Past meeting information: http://LCTG.toku.us
> List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
> This message was sent to rosesta at gmail.com <mailto:rosesta at gmail.com>.
> Set your list options:
> http://lists.toku.us/options.cgi/lctg-toku.us/rosesta@gmail.com
>
> --
> Stan Rose
>
> stan_rose at alum.mit.edu <mailto:stan_rose at alum.mit.edu>
>
>
> ===============================================
> ::The Lexington Computer and Technology Group Mailing List::
> Reply goes to sender only; Reply All to send to list.
> Send to the list: LCTG at lists.toku.us Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
> To subscribe: email lctg-subscribe at toku.us To unsubscribe: email lctg-unsubscribe at toku.us
> Future and Past meeting information: http://LCTG.toku.us
> List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
> This message was sent to pogran at alum.mit.edu.
> Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/pogran@alum.mit.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20221017/06d86b93/attachment.htm>
More information about the LCTG
mailing list