[Lex Computer & Tech Group/LCTG] Scammers are so creative

Drew King dking65 at kingconsulting.us
Mon Oct 17 16:07:29 PDT 2022 

Stan,

What about your TV's Android security patch level? How old?

You'll have to go into settings to check.

Sony only provided me with limited updates before they stopped updating 
my TV altogether. I no longer receive any security updates. My TV is not 
that old, perhaps 2 years. Only, it stopped receiving updates over 1 
year ago.

Your TV is likely running some version of the Android operating system. 
Mine is running version 9.


Drew.

On 10/17/2022 5:01 PM, Stan Rose wrote:
>
> I certainly did mean WPA2 (I never use WPS!).
>
> Stan
>
> *From:* Robert Primak <bobprimak at yahoo.com>
> *Sent:* Monday, October 17, 2022 4:58 PM
> *To:* stan_rose at alum.mit.edu
> *Cc:* 'Lex Computer Group' <lctg at lists.toku.us>
> *Subject:* Re: [Lex Computer & Tech Group/LCTG] Scammers are so creative
>
> You mean, WPA2. WPS is the automatic connection protocol with the 
> security flaws.
>
> It looks like you are being more careful with the network and the 
> smart TV than most people.
>
> Could be, the smart TV itself has a security flaw, but that's just a 
> guess.
>
> -- Bob Primak
>
> On Monday, October 17, 2022 at 04:45:47 PM EDT, Stan Rose 
> <rosesta at gmail.com> wrote:
>
> Bob
>
> I am using WPS2 with a fairly long password. I tried using WPS3 but 
> found that some of my devices don’t support WPS3, yet, so I had to 
> drop back to WPS2. The router’s firmware is up to date (it’s actually 
> a new Netgear RAX70 router). The TV is actually connected over 
> Ethernet, not WiFi, and is fully up-to-date. The only apps I’ve 
> installed on the TV are standard streaming apps, like Hulu, Prime, 
> Netflix, Disney+ etc.
>
> I use the FING app to monitor the network, although I don’t have their 
> hardware device.
>
> Stan
>
> *From:*Robert Primak <bobprimak at yahoo.com>
> *Sent:* Monday, October 17, 2022 4:33 PM
> *To:* Stan Rose <stan_rose at alum.mit.edu>
> *Cc:* Lex Computer Group <lctg at lists.toku.us>; carllazarus at comcast.net
> *Subject:* Re: [Lex Computer & Tech Group/LCTG] Scammers are so creative
>
> Stan --
>
> I assume all your devices, especially that Smart TV, have their own 
> internal security, receive signed firmware updates only, and do not do 
> WiFi "over the air" updates. And that all devices are using WPA2 or 
> WPA3 encryption. I also assume that WPS (WiFi Protected Setup, which 
> can bypass your network security and has known malicious exploits) is 
> turned off in your router and on all connected devices.
>
> If any of these conditions was not met, you may have your answer right 
> there.
>
> Otherwise, somewhere, somehow you may have clicked on something else 
> which was not genuine, or downloaded and installed a malicious app 
> into the smart TV. Without auditing your Smart TV and your network in 
> person,we can't offer anything more definite or more specific.
>
> Hiding the network SSID no longer works for providing extra security. 
> Hackers know how to unhide hidden networks these days.
>
> There are security appliances you can buy for $$$ but these really are 
> leveraging the same security measures we can apply for ourselves. We 
> can limit the number of open ports in our routers and modems, but this 
> is a bit more tedious and technical than many of us want to do for 
> ourselves. Some home network security suites include port stealthing. 
> Most of these apps cost subscription money.
>
> -- Bob Primak
>
> On Monday, October 17, 2022 at 12:05:20 PM EDT, Stan Rose 
> <stan_rose at alum.mit.edu> wrote:
>
> I am usually extremely careful in recognizing and avoiding scams but 
> was caught by one last month, and not by an email, text message or web 
> pop up.
>
> We were about to watch a movie on Amazon Prime via the Prime Video app 
> on our Sony Smart TV. When we started the app, a very real looking 
> message came up on the TV that we needed to renew our Prime 
> subscription. It gave an 800 number to call to expedite renewal. When 
> I called that number, the person offered a 2 year discount for $190 
> instead of the usual $119 per year.
>
> After giving him the card info, the TV went through the normal process 
> of asking me to enter it's displayed code into my phone's prime video 
> app. That all looked normal.
>
> After that, I checked if my Prime subscription was extended the 
> promised 2 years and saw it wasn't. It was only then that I rememberd 
> I had renewed my subscription in April so it had not expired. I called 
> Chase and they reversed the charge and have subsequently been told 
> they made the refund permanent.
>
> I guess I was sucked in by believing this couldn't happen on the TV 
> but now I know it can. I don't know how they did it, but they did. I 
> thought I had done everything to protect my network, such as changing 
> the WiFi SSID and password and even changing the normal 192.168.1.1 
> address to something else. I've changed the password on all Iot devices.
>
> Anyone know how they pulled that off?
>
> Stan
>
> On Mon, Oct 17, 2022 at 12:51 AM Robert Primak <bobprimak at yahoo.com> 
> wrote:
>
>     There are also scams very similar to this one revolving around
>     hurricane relief from Ian. There was one billionnaire who did
>     pledge direct relief to homeowners affected by Ian, but I think
>     that was Elon Musk, andf it was not in the form of free Internet,
>     though he also is offering that for a few areas of SW FL.
>
>     You have to be very careful about everything these days. None of
>     these charitable foundatiuons will use email as their first method
>     of contact, out of the blue. Nor a phone call, especially to a
>     cell phone.  If it looks too good to be ture, check with the
>     original source. Use an independent direct link or contact method.
>     And don't be in a rush -- there is never so much time pressure
>     that you can't use some well-known method to verify an offer. Or a
>     threat.
>
>     That said, I have had to deal with a couple of truly insider scams
>     in recent years. Some of these problems originated with actual
>     fraudulent accounts opened with my personal information, probably
>     obtained through data leaks from places I should have been able to
>     trust, like in one instance, a medical billing service. Yeah sure,
>     they apologized, paid and offered credit monitoring -- but the
>     damages were already done.
>
>     Be safe out there!
>
>     -- Bob Primak
>
>     On Sunday, October 16, 2022 at 10:09:14 PM EDT,
>     <carllazarus at comcast.net> wrote:
>
>     Here is a new scam.  I received an email that says I am
>     pre-qualified for the Scott Mackenzie Foundation relief fund, and
>     there is an email address I am to contact for more details. I
>     think they meant Mackenzie Scott, ex-wife of Jeff Bezos, but you
>     can’t get everything right.  Her foundation is giving grants to
>     many causes, but I doubt they are getting ready to give me money.
>
>     -- Carl
>
>     Carl Lazarus
>
>     H: 617-964-7241
>
>     carllazarus at comcast.net
>
>     ===============================================
>     ::The Lexington Computer and Technology Group Mailing List::
>     Reply goes to sender only; Reply All to send to list.
>     Send to the list: LCTG at lists.toku.us      Message archives:
>     http://lists.toku.us/pipermail/lctg-toku.us/
>     To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email
>     lctg-unsubscribe at toku.us
>     Future and Past meeting information: http://LCTG.toku.us
>     <http://LCTG.toku.us>
>     List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
>     This message was sent to bobprimak at yahoo.com.
>     Set your list options:
>     http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com
>
>     ===============================================
>     ::The Lexington Computer and Technology Group Mailing List::
>     Reply goes to sender only; Reply All to send to list.
>     Send to the list: LCTG at lists.toku.us     Message archives:
>     http://lists.toku.us/pipermail/lctg-toku.us/
>     To subscribe: email lctg-subscribe at toku.us To unsubscribe: email
>     lctg-unsubscribe at toku.us
>     Future and Past meeting information: http://LCTG.toku.us
>     <http://LCTG.toku.us>
>     List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
>     This message was sent to rosesta at gmail.com.
>     Set your list options:
>     http://lists.toku.us/options.cgi/lctg-toku.us/rosesta@gmail.com
>
> -- 
>
> Stan Rose
>
> stan_rose at alum.mit.edu
>
>
> ===============================================
> ::The Lexington Computer and Technology Group Mailing List::
> Reply goes to sender only; Reply All to send to list.
> Send to the list:LCTG at lists.toku.us       Message archives:http://lists.toku.us/pipermail/lctg-toku.us/
> To subscribe: emaillctg-subscribe at toku.us   To unsubscribe: emaillctg-unsubscribe at toku.us
> Future and Past meeting information:http://LCTG.toku.us
> List information:http://lists.toku.us/listinfo.cgi/lctg-toku.us
> This message was sent todking65 at kingconsulting.us.
> Set your list options:http://lists.toku.us/options.cgi/lctg-toku.us/dking65@kingconsulting.us
-- 
Drew King

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20221017/ece9ed33/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: G1HASbHEkt5gFvkq.png
Type: image/png
Size: 630320 bytes
Desc: not available
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20221017/ece9ed33/attachment.png>

More information about the LCTG mailing list