Social Media – Divide by cucumbr

How I lost 0.12 USD to ticked fraud

30. Nov 2018Paul B Svenning

In August 2019 there will be a Rammstein concert here in Oslo, and of course the tickets were sold out in no time at all… so in short no tickets for me But a couple of days ago a friend of mine told me that someone on Facebook is selling four tickets to that exact concert. So, my wife and I contacted someone that claimed to be a student called Magnus Lie with the email address magnus.lie10@gmail.com.

Magnus turned out to be really friendly kind of guy, offering to help us set up an account with skrill.com for secure money transfer, and he claimed using skrill.com would keep both parties happy and safe from fraud (and other evil things) He was even asking some control questions about our skrill.com setup, just to keep us safe and secure (very nice of him to ensure that we don’t get tricked).

So, when we were setup and ready to go he told us to just go ahead and transfer the money to magnus.lie10@gmail.com and he would make the necessary arrangements on his side. Paranoid as we both are we did a quick google search on “magnus.lie10@gmail.com” , a search that gave no relevant hits. I also decided to do a quick test transfer on http://www.skrill.com to see what happened. Well it turned out that Mr Lie seemed to have an alias a Mr Uday Daas. So, when we asked Magnus (or Uday) who Uday Daas was he went silent for some minutes (suspect that the number of minutes reflects the time needed to setup a new Gmail and Skrill account..” – Oh, he said. did you use the correct email address? did you use magnus.lie11@gmail.com? And that was the end of that trade.

It seems to be a common trade/weakness with fraudsters that they are just way to helpfull, and since I’m a Norwegian, my spider sense starts tingling when people are service minded… its just not right 🙂

And Magnus\Uday please don’t spend the 0.12 USD, you got from me, on candy. Make sure you put it your piggy bank so you can save it for someting nice….

Go gentle online

2. Jul 20182. Jul 2018Paul B Svenning

First, yes the title for this post is lifted from the Robbie Williams song “Go gentle” that he wrote to his daughter

My own daughter is now rapidly closing thirteen, the magic age limit where the gates to social media hell or heaven is opened. For at thirteen she meets the age restriction set for most social media sites. She will then be allowed to create accounts, but she does not necessary have the right to (at least not if you ask me). The world of Snapchat and Instagram will lay at her feet. Btw I asked her about Facebook, but apparently only old farts like me still use Facebook.

So, because I have chosen a career within the field of information security, I’m unfortunately all too aware of all the dangers that lures behind almost every connected device out there. And the infosec guy in me keeps whispering in my ear that I need to monitor everything she does and be friend with, and follow her on any social media platform out there that she might think of joing, So she is safe from “bad hombres” with bad intentions, or see if she is visiting websites that I don’t want her to visit.

Well first of all, the “friend with your own kids on social media” does not really work, does it? I have had several parents telling me that “They have full control of what their kids are doing on different social media platforms, because they follow them.” and my answer often is, so you don’t think your kid is smart enough to create multiple accounts..? I know that I would have done that, too escape thy prying eyes of my parents. And if you have full control, why have we been discussing cyberbullying since the kids were 9?

And when it comes to doing 1984 style full monitoring, that kind of goes against all privacy principles I have. And to be honest I don’t want to know every little detail about what she is doing online, and I don’t want her to feel like her parents are doing 24/7 monitoring of her life.

The trust option.

So, we are trying to go for the trust option. For some of you this might sound a little blue eyed and “Norwegian” and yes, I know that she will do things she is not allowed to, honestly, I will be very surprised if she doesn’t. The trust approach includes setting up a contract between us (the parents) on her, outlining how she is to behave online, do’s and don’ts and consequences if guidelines are not followed. But what it is also equally important is that it puts requirements on us as her parents. That we are not to take sneak peaks on the content of her phone or computer, and that we will not use functions like “find my phone” to figure out where she is. My hope and wish is that this setup will make sure that if something bad happens online, she will come to us and talk about it, or any other adult she trusts, so she don’t need to fight online trolls alone

Password sharing

However, stepping onto the scene of social media will include sharing her passwords, with her parents. Not because we wish to log on and read her messages, but because if something happens, e.g. if she is running hours late from coming home at the agreed time, we as parents will need to look at social media accounts to be able to know where she is. But sharing of passwords also goes back to trust. We as parents are only allowed to use the passwords under certain conditions and the passwords are kept in an online vault (I use the Lastpass family plan for this) so she will be notified if we open her password vault. Of course this will only work if she trust us enough to put all her passwords into that password database. Even for accounts she don’t want her parents to know exists.

Blue eyed?

As I stated earlier, this might be a bit too naïve and blue eyed, and a couple of years down the line I might think “how stupid was I? I should have listen to my inner infosec guy and installed monitoring software and used “find my phone” to have full control.