[Lex Computer & Tech Group/LCTG] Scammers are so creative

carllazarus at comcast.net carllazarus at comcast.net
Mon Oct 17 14:32:26 PDT 2022 

My Sony smart TV announces from time to time that it is ready to update.  It doesn’t give any information about the updates.  The only choice it seems to give is to update now or wait until later.  So far I haven’t been burned, but I have no idea of what security Sony has.

 

-- Carl

 

From: LCTG <lctg-bounces+carllazarus=comcast.net at lists.toku.us> On Behalf Of Ken Pogran
Sent: Monday, October 17, 2022 5:13 PM
To: Robert Primak <bobprimak at yahoo.com>
Cc: Stan Rose <stan_rose at alum.mit.edu>; Lex Computer Group <lctg at lists.toku.us>
Subject: Re: [Lex Computer & Tech Group/LCTG] Scammers are so creative

 

Is there a way to update the firmware on a Smart TV other than by downloading it across the Internet (I'm less worried about WiFi / wired network distinctions)?  I don't even know if my Sony TV has a USB port, or whether Sony even mails out off-line updates.

It strikes me that Stan may have somehow installed a "hacked" version of the Prime Video app.

My TV has been urging me to allow it to update its firmware for several weeks. I don't know what's the bigger risk: NOT updating firmware that might fix existing security flaws, or installing new firmware (or apps, from Google Play) that might have been hacked.  On balance, I think allowing the firmware update is the better choice.

Ken Pogran


Robert Primak wrote on 10/17/22 4:32 PM:



Stan -- 

 

I assume all your devices, especially that Smart TV, have their own internal security, receive signed firmware updates only, and do not do WiFi "over the air" updates. And that all devices are using WPA2 or WPA3 encryption. I also assume that WPS (WiFi Protected Setup, which can bypass your network security and has known malicious exploits) is turned off in your router and on all connected devices.

 

If any of these conditions was not met, you may have your answer right there. 

 

Otherwise, somewhere, somehow you may have clicked on something else which was not genuine, or downloaded and installed a malicious app into the smart TV. Without auditing your Smart TV and your network in person,we can't offer anything more definite or more specific. 

 

Hiding the network SSID no longer works for providing extra security. Hackers know how to unhide hidden networks these days. 

 

There are security appliances you can buy for $$$ but these really are leveraging the same security measures we can apply for ourselves. We can limit the number of open ports in our routers and modems, but this is a bit more tedious and technical than many of us want to do for ourselves. Some home network security suites include port stealthing. Most of these apps cost subscription money. 

 

-- Bob Primak 

 

 

On Monday, October 17, 2022 at 12:05:20 PM EDT, Stan Rose  <mailto:stan_rose at alum.mit.edu> <stan_rose at alum.mit.edu> wrote: 

 

 

I am usually extremely careful in recognizing and avoiding scams but was caught by one last month, and not by an email, text message or web pop up.

 

We were about to watch a movie on Amazon Prime via the Prime Video app on our Sony Smart TV. When we started the app, a very real looking message came up on the TV that we needed to renew our Prime subscription. It gave an 800 number to call to expedite renewal. When I called that number, the person offered a 2 year discount for $190 instead of the usual $119 per year.

 

After giving him the card info, the TV went through the normal process of asking me to enter it's displayed code into my phone's prime video app. That all looked normal.

 

After that, I checked if my Prime subscription was extended the promised 2 years and saw it wasn't. It was only then that I rememberd I had renewed my subscription in April so it had not expired. I called Chase and they reversed the charge and have subsequently been told they made the refund permanent.

 

I guess I was sucked in by believing this couldn't happen on the TV but now I know it can. I don't know how they did it, but they did. I thought I had done everything to protect my network, such as changing the WiFi SSID and password and even changing the normal 192.168.1.1 address to something else. I've changed the password on all Iot devices.

 

Anyone know how they pulled that off?

 

Stan

 

On Mon, Oct 17, 2022 at 12:51 AM Robert Primak <bobprimak at yahoo.com <mailto:bobprimak at yahoo.com> > wrote:

There are also scams very similar to this one revolving around hurricane relief from Ian. There was one billionnaire who did pledge direct relief to homeowners affected by Ian, but I think that was Elon Musk, andf it was not in the form of free Internet, though he also is offering that for a few areas of SW FL. 

 

You have to be very careful about everything these days. None of these charitable foundatiuons will use email as their first method of contact, out of the blue. Nor a phone call, especially to a cell phone.  If it looks too good to be ture, check with the original source. Use an independent direct link or contact method. And don't be in a rush -- there is never so much time pressure that you can't use some well-known method to verify an offer. Or a threat. 

 

That said, I have had to deal with a couple of truly insider scams in recent years. Some of these problems originated with actual fraudulent accounts opened with my personal information, probably obtained through data leaks from places I should have been able to trust, like in one instance, a medical billing service. Yeah sure, they apologized, paid and offered credit monitoring -- but the damages were already done. 

 

Be safe out there! 

 

-- Bob Primak 

 

 

 

On Sunday, October 16, 2022 at 10:09:14 PM EDT, <carllazarus at comcast.net <mailto:carllazarus at comcast.net> > wrote: 

 

 

Here is a new scam.  I received an email that says I am pre-qualified for the Scott Mackenzie Foundation relief fund, and there is an email address I am to contact for more details.  I think they meant Mackenzie Scott, ex-wife of Jeff Bezos, but you can’t get everything right.  Her foundation is giving grants to many causes, but I doubt they are getting ready to give me money.

 

-- Carl

 

Carl Lazarus

H: 617-964-7241

carllazarus at comcast.net <mailto:carllazarus at comcast.net> 

 

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>       Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us <mailto:lctg-subscribe at toku.us>   To unsubscribe: email lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us> 
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to bobprimak at yahoo.com. <mailto:bobprimak at yahoo.com.> 
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>       Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us <mailto:lctg-subscribe at toku.us>   To unsubscribe: email lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us> 
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to rosesta at gmail.com <mailto:rosesta at gmail.com> .
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/rosesta@gmail.com

-- 

Stan Rose

stan_rose at alum.mit.edu <mailto:stan_rose at alum.mit.edu> 






===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>       Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us <mailto:lctg-subscribe at toku.us>   To unsubscribe: email lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us> 
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to pogran at alum.mit.edu <mailto:pogran at alum.mit.edu> .
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/pogran@alum.mit.edu

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20221017/ce6df70c/attachment.htm>

More information about the LCTG mailing list