iPhone owners don’t fall for this

One day 2 weeks ago a group of friends was enjoying a night out in the West End. They were looking forward to a quality meal and a Saturday night show – but it didn’t quite go according to plan.

IPhone with multicoloured picture on the screen

Whilst waiting on a tube platform one of the friend’s wives had her pockets picked and her iPhone was stolen. Using her husband’s phone they registered the phone as stolen with Apple and continued on to the show. Thankfully they were able to put the theft behind them and have a great night in London.

Later that night a message pinged on her partner’s phone from “Apple”.

You’re iPhone 12 Pro was found at 00:35 GMT. View location here” it said, along with a link. He clicked the link and up popped Apple’s “Find my” iCloud screen and asked for his wife’s PIN.

Map of Melbourne, Australia

When the PIN was entered, up popped a map with a location – although it was a location in Australia.

Confused, worn out and little drunk from the night’s revelry they both decided to go to bed and approach things with a clearer head in the morning.

Sunday came and they both woke feeling more than a little concerned that Apple had managed to get the number for his Samsung phone to send the “Found iPhone” message to.

He opened the text again to click on the link but it no longer worked. Thinking back he remembered that he thought the map he had seen during the night looked a little odd. It was of a lower resolution than expected and lacked the ability to scroll around or to shrink or enlarge.

The penny dropped. They’d been scammed.

Thankfully, with bank accounts secured by bio-metrics, the bank accounts were secure and a quick check on shopping apps showed nothing had been bought, yet. Passwords were changed just to make sure.

A phone call to their service provider helped put their minds at rest. The PIN was required by the thief so that they could simply wipe the phone and sell it on.

Although nothing more than a phone was lost, the stress my friends went through, allied to the hassle of getting hold of a replacement phone and setting it up was bad enough.

So, be warned. If you have an iPhone stolen be wary of messages popping up on phones belonging to people in your contact list announcing that the phone has been found.

Have a great Christmas, a happy new year and stay Cyber Secure.

I look forward to communicating with you in the new year. If you need any help, please, just ask. You can reach me by phone – 01793 23

Password Deja Vu, Here we go again

Someone using their password to log in

I’ve been writing, OK moaning, almost annually about the stupidity of some people, feelings that are based on nothing more than their choice of passwords.

Every year, I hope things will get better. And every year they never seem to. More and more people are falling victim to Cyber Crime.

What happens is that major data centres are hacked and the hackers release details of the accounts they have acquired. Then a security company, such as NordPass in this instance, comes along and grabs all the data and simply finds which are the most popular, least popular and weakest passwords. Then they publish a “Top 20” of the most common passwords.

Hacker Inside logo in a blue circle

And the fact that things rarely change shows that a lot of people aren’t learning the lesson. There appears to be an assumption that simply picking a password that includes a per name, a birthday or something similar will be OK.

But, guess what, if you are being targeted by a hacker, they’ll already have that information, and they’ll use it to break in to your bank/savings accounts, go shopping online using your Amazon account (or a different shopping account) and have their ill gotten gains delivered elsewhere. Alternatively they’ll use a Pavement Pirate to steal the delivery from your doorstep.

According to the research, the passwords used for streaming platforms are often the weakest but if I can get in to your Amazon Prime Video I can also get in to your Amazon Shopping account and don’t fall in to the trap of using the same password for multiple accounts, or simply incrementing a password for different accounts. So, no more Password1, Password2 etc.

Just to recap, here’s how to create a really strong password

Rule 1. Make it longer than 12 Characters
Rule 2. Include numbers and symbols
Rule 3. Use a Password manager. they are everywhere these days and loads are free, such as the ones built in to your web browser
Rule 4. If you use a Password manager, let it create the really complex passwords for you
Rule 5. If you don’t use a Password Manager, think of 3 words and substitute some numbers for l3tt3r5
Rule 6. Don’t write your password down, anywhere
Rule 7. Don’t send user names and passwords together in an email. Send a user name by email and the password by SMS, for example

Believe it or not, 123456 was also the most popular password in 2021, 2020, 2019, and 2018.

And if you want to read the 2019 to 2022 internationally most used passwords lists you can read them on the NordPass website.

Please don’t allow yourself to become another statistic in Action Fraud’s Cyber Crime files, be smart and get strong passwords.

Here are the most common passwords in the UK

1/ 123456
2/ password
3/ qwerty 
4/ liverpool
5/123456789
6/ Arsenal
7/12345678
8/ 12345
9/ abc123
10/ chelsea
11/ qwerty123
12/ football
13/ dragon
14/ password1
15/ cheese
16/ letmein
17/ 1q2w3e4r
18/ monkey
19/ killer
20/ rangers

And, for the record, I have 1,175 unique, very strong (over 16 Characters, numbers and symbols) passwords securely stored in my Password Manager and if you want to check to see how secure your password is, NordPass provide a secure way to see how long it would take a hacker to crack a password of yours. Their tool will also let you know whether your passwords have been found in any Hacker databases.

How Strong is your Password test screen
And PLEASE, if this applies to to you – STOP USING PASSWORD or 123456

Have a great Christmas, a happy new year and stay Cyber Secure. I look forward to communicating with you in the new year. If you need any help, please, just ask. You can reach me by phone – 01793 238020 – email – andy@enterprise-oms.co.uk or just hunt me down on Social Media

The Day I was Phished

The day I fell for a Phishing Email

Andy Poulton here, your Chief SEO officer and the person who frequently writes about the need to be aware of scams arriving by email and the need to keep your passwords complex and not duplicated.

Well, guess what? I just fell for a Phishing email. And it serves to indicate that you can’t let your guard down for a single minute – because that’s what I did.

Background to the scam

I have a couple of domain names of my own and a number of clients who’s websites and domain names are hosted by One.com. I knew 2 domains were up for renewable in October 2023, I’d had reminders and even received invoices for the renewal but had yet to pay the bills.

It was the last full week of the month and I needed to get around to it. So, on Wednesday 25th I was working on a project, mentally creating a to-Do list and thinking about other tasks that needed completing too – so I think all of my mental capacity was in use.

Then, this dropped in my inbox. Yes, looking at it in hindsight shows how flawed it is but, with minimal spare mental capacity I just thought “heck, lets just get it done and dusted” and without paying any attention to anything in the email, quite the opposite of the advice I regularly hand out, I clicked the “Pay your invoice” link.

Scam email talking about domain renewal

I landed on a familiar looking page and paid no attention to anything bar the credit/debit card details boxes. I filled them in with genuine information and clicked “Submit”

Scam payment Page

The page cleared and I was left staring at the “buffering” spinny wheel of death for much longer than I should have been. (Probably no more than 20 seconds) and it was at this stage that my intelligence finally kicked in.

I went back and read the email. Of course it wasn’t from One.Com

Not a One.com email header

I took a fresh look at the payment page, realised the error (stupidity) of my ways and panicked.

Not a one.com web address

My vision saw my card details being sent to a lovely bunch of scammers who, with the Fullz (pretty much everything they needed) were rubbing their hands in glee that another fool had fallen for their tricks and were opening up the online stores, ready to go on a spending spree.

I opened my business banking app, saw that nothing had yet been taken and phoned my bank from within the App. My call was answered quickly and I was put through to the Fraud Department. I explained how stupid I had been, asked for my card to be cancelled, and requested a replacement. Which arrived just 2 days later.

I then conducted 2 complete virus and malware scans of my PC using 2 different anti-virus applications just to make sure that nothing nasty had been downloaded.

I also checked my account at least twice a day (and I still am – just in case). It seems I have had a lucky escape. Nothing has been spent on my account.

So, this is a warning. No matter how much pressure you may be under, please check carefully, every time you respond to an email demand for payment.

Be careful out there.

And if you need help with your Digital Marketing, SEO, Email Marketing, Social media etc don’t hesitate to get in touch. I won’t spam you and I certainly won’t share your details with spammers and the like.

I offer a free consultancy session or you can just drop me an email or give me a call on 01793 238020 or 07966 547146.

Problems (6)