On Safe and Savvy we blog about how to protect your online life and the irreplaceable content on your computer.

Mobile Threat Report Q1 2013 — Android becomes more and more like Windows

May 15, 2013
By Jason

Our latest Mobile Threat Report is out and the findings show that the Android malware ecosystem is more and more resembling the Windows ecosystem.

New mobile threat families and variants rose by 49% from last quarter, from 100 to 149. 136, or 91.3% of these were Android and 13, or 8.7% Symbian. Q1 2013 numbers are more than double that of a year ago in Q1 2012.

While the “walled-gardens” of the iOS and Windows Phone, where apps require approval before sale, have prevented malware threats to develop for the iPhone or Nokia models running those systems, Android threats are increasing and becoming more likely to affect average users.

“I’ll put it this way: Until now, I haven’t worried about my mother with her Android because she’s not into apps,” F-Secure Security Advisor Sean Sullivan said. “Now I have reason to worry because with cases like Stels, Android malware is also being distributed via spam, and my mother checks her email from her phone.”

You can get the entire report here and as you read through it, listen to our Chief Research Officer Mikko Hypponen and Sean Sullivan walk through the report in this exclusive preview. (Sorry, there is a odd echo for the first few minutes of the recording.)

Here’s a look at profit-motivated threats. Is anyone surprised that mobile malware authors are mostly motivated by money?
fig2_profit_motivated_threats

As far as the types of threats our Labs is seeing, Trojans continue to dominate:

fig3_threats_by_type

We protect your mobile devices from all common threats. Get F-Secure Mobile Security free for 30 days or download it at Google Play .

Cheers,Jason

How to create a great profile picture

May 13, 2013
By Micke

Our identities in social media play an increasing role in our lives, both the private and professional part of it. And our visual image, the profile picture, is a central part of that. A colleague asked med for some hints about how to create a great profile picture, and here’s my answer. Note that this is written with a professional in mind, but you can apply the same process if you want to make a profile picture for purely personal use. That is actually even more fun as you often can be bolder and more creative.

Plan the message – your “personal brand”

Ok, so you want a profile picture. Let’s first think about you and your profile. Why did you create the profile? What are you trying to tell the world? What kind of impression do you want to deliver with the profile and its picture? Do you want to be seen as a leader, an expert, a visionary, an entrepreneur, an entertainer, a trustworthy partner or just as a nice and comfortable person? And what’s the scope? Is it limited to your professional role only, or do you have hobbies, sports, organization memberships etc. that you want to expose as well? But be focused and don’t bring in too many things. And what’s your primary target audience?

Start by thinking about your personal brand for a while.

Plan the image

When you know who you are and what your brand is, then it is time to plan how to express it visually. Here come’s some points you should consider and which hopefully help you decide what your picture should look like.

But you could start by checking your own photo collection, or ask a friend who likes to shoot. There may already be a picture of you that match your personal brand. If you find a candidate you have to decide if it is good enough or if you want build from scratch. Jump straight to the last section if you find a good shot.

A profile picture is small. It may be displayed at medium size on your profile page but most people see just a small thumbnail of it. Do not plan a picture with a message that depends on small details.
Make a long-lasting picture. Like the logo of a brand, your picture shouldn’t change frequently. Avoid using visual elements that are in right now, but may be passé tomorrow.
Portrait or not? Profile pictures were planned to be a portrait of the user, but there is usually no policy or technical limitation that enforce this. You can use any image, but this guide will focus on how to make a portrait of you.
Color or black & white? BW can be used to create an artistic impression, and it may help gaining attention among vivid color shots. But BW depends a lot more on form and shapes, which are hard to express in small format. Color is a safer choice.
Think of feelings and adjectives that would support your brand. Like calm, reliable, energetic, empathy, joyful, fun, dignity, etc. Keep the selected words in mind throughout the process.
Get inspired by others’ profile pictures. Use Google’s image search with keywords like “profile picture” or “portrait”. Add another word to the search if you want pictures with a particular concept. Also browse through your favorite social media and pay attention to others’ profile pictures. Don’t be shy to steal ideas and build upon them, but avoid copying people in the same digital neighborhood.
How bold do you dare to be? You fight for attention in a boiling kettle full of vivid images, but your role and brand may require some dignity.
Find out what aspect ratio your favorite social media use for profile pictures. Are they shown as squares or are they higher than they are wide? This should be taken into account when planning the composition.
Just a portrait or some environment too? Putting a person into an environment tells a lot more than just a face. Could a particular environment be a good way to express your brand? Are you interacting with the environment or just posing in front of it? But do remember the restriction about image size and small details.
All pictures have a background even if it isn’t an environment. Dark or light? Smooth or textured? Solid color or gradient color? Just remember that the background shouldn’t compete with the object unless it has an important story to tell.
What colors do you like and what colors would support your brand? If you want to address a global audience, remember that colors have different meanings in other cultures. Check this and this before you decide.
Your role may demand a certain type of clothing, and you may have some strong personal preferences in this area. You can be mainstream by following the code or revolt by going your own way. As profile pictures are small you are quite likely to do just show head and parts of the upper body rather than full figure, so the lower parts doesn’t matter. A hat works fine, if it fits your brand.
How do you want to pose? Do not plan a too fancy pose as those rarely feel natural in the final picture. Remember that your hands tells a lot about your feelings, also plan their position.
Are there any personal attributes that definitively are part of your brand? A typical piece of clothing, or maybe a ponytail?
The face expression is important. Use the feelings and adjectives mentioned above when figuring out what expression is best for you.
Even subtle changes in the camera angle can have a significant impact on the feeling of the picture. You are on the same level as your peers. You may look helpless and begging if you look up on your audience. And a powerful rulers looks down on his people. These rules may not apply anymore if you go for dramatic camera angles.
The lighting of the subject is important. A sharp harsh light creates sharp shadows and make the picture more dramatic. So does light from an unnatural direction, like illuminating a face from below. Smooth even light from every direction eliminates shadows but make the picture dull. The right lighting is usually somewhere between these extremes.
If you don’t need an environment you can play with the framing of the face. A dramatic effect is to frame the face really tightly, or even focus on a part of it.
Looking into the camera creates a connection between you and the audience. But you may want to differ by looking out of the picture or at an object in the visible environment.
Accessories may emphasize your story. You can bring in items that relate to your role and brand.
You may want to add graphical elements in post processing. It is good to plan that before you start shooting. These elements will become part of the final composition and affect the visual balance of the picture.

Yes, a lot of different aspects to think of. You do not need to pay a lot of attention to all of these, but they are all things that affect the picture. You may pick some of these points and focus on them. Hope this section puts your mind in creative mode so that you can come up with a great idea.

Take the photo

OK, now you should have a visual idea in your mind about what you want to create. Let’s start doing it by shooting the picture. Some hints that makes it easier to succeed.

Ask someone to help you. Sure, you can use a tripod and timer to shoot by yourself. But it is so much easier if you don’t have to run back and forth between your pose and the camera. It is of course a plus if that someone has experience in portrait shooting. Depending on your planned shot, it might be good to have an assistant as well.
Plan what camera to use. You do not need the latest megapixel monster as the picture will be shown small. But you should definitively use a camera that produce sharp pictures. Some mobile phone cameras are already good enough, but cheap pocket cameras may not be. Most cameras manage to take decent photos in good light, but use a system camera if you want to play with low-light scenes.
Scout the place to shoot where you have the right environment or background.
Plan when to shoot. The light conditions depend on weather and time of day. Other conditions, like traffic for example, may dictate when to shoot if you are planning to do it in a public place.
Plan the lighting. Will natural light be enough or do you need artificial light to achieve the desired result? If the light is sharp, you may want your assistant to reflect light onto the shadow side of the face using a light flat object, like a sheet of Styrofoam.
Shoot wide. Leave enough room on all sides of the object. It is easier to crop and create the perfect composition afterwards on the computer.
Control the balance between object and background. You can make the background less distracting by making it darker or less sharp. You can blur it by moving the object further from the background and/or using a larger aperture setting in the camera.
If you plan to replace the background using Photoshop, then it should be as even as possible. Select a color that creates a sharp contrast around all parts of you.
Be careful with focusing, especially if you try to blur the background by using a large aperture. Always make sure the primary area of interest is in focus, which almost always is the eyes in portraits.
Work on the technical details first without minding pose and face expression. Shoot, check the result on the camera’s screen, adjust something and shoot again until the light and exposure are right.
Then continue to find the right pose. Just shoot until you are satisfied with what you see on the screen.
Finally work on the face expression.
When done, look through the shot carefully and check all the details. Load the picture into a laptop and view it on a proper screen before you pack your stuff and leave the shooting scene. At this point it is still easy to correct small details and take another shot.
Why not try some variations when you are up to speed. Change clothes or pose or something else and shoot some more. It’s good to have more shots to select from.

Finalize the image

Now you should have a decent picture of yourself. It might be good as is, but all pictures can be improved by post processing. Use Photoshop or your favorite image editing program, or ask a savvy friend to help. These are examples of things that can be used to brush up the picture.

Adjusting overall exposure, contrast and color saturation.
Putting more or less attention on objects by making them darker or lighter.
Selectively blurring unimportant parts.
Cropping the picture.
Concentrating focus to the center of the image with a vignetting.
Cloning out distracting details.
Replacing the background.
Adding graphical elements like frames, logos and symbols.
Maybe doing more advanced manipulations like combining two shots with different face expressions. Your imagination is the only limit. (And the limited picture size of course.)
Or why not get a cheap round of plastic surgery if your Photoshop operator is savvy enough for that.
Remember to zoom out and view the picture as small as it will be shown in reality. Does it still work?

OK, that’s it. Now you should have a great profile picture. But as always, testing is important. Show the picture to someone else and ask them for honest opinions. Your test audience should not know how you have planned the picture and what you have tried to achieve. Even better, use people who don’t know you at all. Ask them to describe the person in the picture just based on what they feel when seeing it. (Some persons are better than others on this.) It’s a success if that match what you tried to achieve.

And last but not least. This is important but it is after all just a picture. It helps you get attention and new followers, but in the long run people will still judge you by what you post.

Safe surfing,
Micke

Facebook’s new Timeline: Here come the gifts!

April 29, 2013
By Jason

Our Security Advisor Sean Sullivan has playing around with Facebook’s new Timeline layout.

His first impression is that it’s designed to encourage you to share and encourage your friends’ media consumption.

Coming soon to Facebook… television you’ve watched? And a new timeline layout? Oh please no. #DoNotWant twitter.com/5ean5ullivan/s…

— Sean Sullivan (@5ean5ullivan) April 29, 2013

In the endless attempt to monetize a free service that about one billion human beings rely on, Facebook is also encouraging you to give your friends more than just warm birthday greetings. They want you to give gifts.

Here are some of the gifts my friends are recommended to give to me:

Yes, I am over 21 years old. Sean found that if you’re under 21, Facebook recommends chocolate instead of wine.

It’s natural to speculate that Facebook wants to become a recommendation engine that serves you media and gift recommendations based on your interactions. This — as always — will lead to some unintended consequences.

Perhaps, the next time you change your relationship status to “single”, your friends will see this gift recommendation:

Did the Boston bombs change anything?

April 29, 2013
By Micke

One interesting aspect of our privacy is photography and filming in public places. If you show up in a public place, then any individual can take a picture of you. There’s nothing you can do about it, you just have to accept it. And you ARE being photographed almost all the time. If not on tourists’ snapshots and home videos, then on surveillance cameras operated by the authorities.

There seem to be a war between these two groups of photographers, especially in US after 9/11. Ordinary people who take snapshots of fine buildings have noticed this. Photography is often considered suspicious activity and many innocent tourists have been treated like suspect terrorists. Security guru Bruce Schneier has pointed out several times that the authorities watch far too much TV. They try to fight movie-plot threats rather than real terrorism. The war against photography is a good example. TV needs visual elements so the villains often goes on a photo trip before the strike. No pictures are however found when investigating real terrorism. Simply because they are not needed. To fly a jumbo into a skyscraper you need a map, not a photo of the building taken from ground level. But the authorities are desperately seeking ways to show that they are doing something, so photography becomes a convenient target.

What brings this to mind right now is the Boston bombs. There is said to be around 600 surveillance cameras in the area. FBI also had the suspected bomber’s face on file and was able to run automated face recognition against the surveillance footage. But that wasn’t enough, so they turned to the public and asked for photos and videos shot by ordinary citizens. The former enemy suddenly became a friend when FBI didn’t have enough footage themselves.

The request turned out to be successful. Submitted amateur footage is reported to have been crucial in identifying the bombers. This proved that photography in public places contributes to security rather than poses a threat.

I wonder when we reach the point where FBI doesn’t have to ask for these photos? More and more people upload their shots to social media sites. Chances are that the Tsarnaev brothers already are published by many ordinary citizens on their private walls, Flickr-accounts etc. Time and position metadata makes these shots suitable for face recognition scans. Privacy settings are of course an obstacle, but I wouldn’t be surprised if the US authorities demanded full access to such photos bypassing the security settings. An even scarier scenario, what if FBI gets legal access to all shots that smartphones upload automatically? The shots from my mobile camera land on SkyDrive. Personally I don’t like the idea of participating in an intelligence network with global reach but operated by a national agency.

Will this case change anything? I would like to see the Boston incident as an eye-opener that contributes to a less hostile attitude against photographing citizens. But that is probably naive. The war against photography will most likely go on just like before, at least until the next case where FBI need some help. And we may be heading towards a world where the authorities doesn’t ask kindly for these shots, but grab what they want from the net. Let’s hope that the legislators and privacy advocates manage to maintain a balance between privacy and terrorism hysteria.

Micke

Image by R/DV/RS @ Flickr

If you think that you and your company are not a target for malware attacks, think again

April 25, 2013
By Eija

vulnerabilities According to Verizon 2012 Data Breach Investigation Report, about 80% of all victims of malware attacks are targets of opportunity. With 94% of data compromised involving servers, it is essential to pay attention to server security. And as email is one of the tools that is used on a daily basis in any business, email security is of utmost importance.

A lot of attacks have used the Blackhole exploit URLs. According to the Threat Report H1/2012 by F-Secure Labs, as many as 1 out of 25 emails contain spam with such a malicious URL which is intended to deliver a malicious payload to a victim’s computer. The Blackhole exploit kit targets vulnerabilities in the operating system, old versions of browsers such as Firefox, Google Chrome, Internet Explorer and Safari as well as many popular plugins like Adobe Flash, Adobe Acrobat and Java.

As normal spam filtering may not catch these kind of threats, it is important to understand the new forms of the spam emails. Ordinary spam definition updates are too slow and usually do not protect you from the Blackhole exploits, so Real-time URL reputation check is a must to have.

Windows and Java continue to be the most popular targets. F-Secure Threat Report H2/2012 states that a vast majority of exploit attacks in general relate to four commonly known vulnerabilities in Windows or Java, and all of these already have security patches.

With this in mind, it is essential to protect servers and email efficiently enough from attack.

F-Secure E-mail and Server Security solution uses the same awarded DeepGuard technology as Client Security, which has been given the Approved Corporate Endpoint Protection certificate by AV-Test. Check out the latest supported platforms on our Downloads page.

E-mail and Server Security was the first product launch for which I was responsible for on the marketing side here at F-Secure. And this is my first blog post in Save and Savvy as well! Time seems to have been flying since I joined the company at the beginning of March, there are so many interesting things going on.

Cheers, Eija

The photo, the net and the law

April 23, 2013
By Micke

Digital technology and the net are reforming so many things, among them photography. Do you remember when we used to develop films with 2 or 3 summer holidays on the same roll, and then bury the prints deep in the family album? Now we can snap hundreds of shots a day and share them on the net in real-time. If you are lucky your shared shot or video can get more viewers than a small newspaper has readers. The newspaper is made by professionals who know the ethical and legal aspects of publishing. But do you know? How do you decide if it is OK to publish a shot or not? Or to take the photo in the first place? With common sense? That’s OK, it’s a good start. But I suggest that you get familiar with some of the basic legal aspects too.

You know how it is to ask a lawyer if something is legal or not. It’s impossible to get a straight answer. I start to understand why when digging into this problem. There are really so many aspects that matter and many things that aren’t black and white (no pun intended). And on top of that, the international aspect. Laws are different in every country. I have been looking a long time for a good and comprehensive guide that covers photo law in different countries. In vain so far.

That’s an indication about how big and complex the issue is. But I’m going to give it a try anyway. I have tried to list the basic principles in a very compact form. This list can’t be very precise as it isn’t country specific. So be aware that the law in a specific country can differ from what’s stated below. But the risk that your camera puts you in trouble should be significantly lower if you know at least these principles. Read More »

F-Secure Mobile Security Detects 100% of Mobile Malware

PC Magazine‘s Neil J. Reubenking explains:

April 22, 2013
By Sandra

mobile In March, AV-Test tested 26 mobile malware solutions and we’re proud to announce F-Secure Mobile Secure received a protection score of 6.0 out of 6.0.

Our solution blocked 100% of the representative set of malicious apps discovered in the last 4 weeks tested. Nice.

The test went beyond just testing the ability to block bad software.

Antivirus protection is important, but for mobile users additional security features like anti-theft can be just as important. In the initial test of Android-based antivirus, AV-Test noted whether each product included specific additional security features: 1) anti-theft (remote lock, wipe, and locate), 2) call blocking, 3) message filtering, 4) safe browsing, 5) parental control, 6) backup, and 7) encryption. In the latest test, products are scored on whether they include extra security features, either the seven from the preceding list or other useful security features.

You can see our complete score card here.

We want to congratulate all the fellows on who work to make our Mobile Security the best protection in the world.

And you can try Mobile Security for free here.

Cheers,
Sandra

‘Spring Clean’ your Facebook account in 3 steps

April 13, 2013
By Jason

You’ve probably been using for Facebook for years.

Thus your profile has all kinds of likes and apps you probably don’t remember adding. That’s why spring is the perfect time to look at your page and try to make it new again. Here are 3 easy steps that will improve your privacy and your Facebook experience.

1. Stop your friends from sharing your private information.
If you take pains to lock down your Facebook profile, it may disturb you that some of your private information may still be shared with strangers by your friends.

They’re doing it not because they want to make your privates public but because you haven’t locked down how they can share your information via Facebook apps.

To fix this, just go to “Privacy Settings” then the “Apps” section. Next to “Apps others use” click “edit”. You’ll see this:

But likely some of the boxes will be checked. Any box that is checked can be shared by your friends to the makers of any app the authorize. Uncheck the boxes and click “Save Changes”

2. Clean out your old apps.
Now, while you’re on this page, you should scroll up do some spring cleaning. Click that little “x” next to any app you don’t use anymore. And if you aren’t sure if you use an app, you can always click “x” and reauthorize it later.

To be extra safe, you can always do what F-Secure Security Adviser Sean Sullivan does turn off Facebook’s “platform” so none of your information can be shared with apps. This also means, you can’t use any apps, of course.

To do this, click “Edit” next to “Apps you use”

Then click “Turn Off Platform.”

3. Audit your friends and ‘likes’
The best way to keep your Facebook account useful and free of annoyances is to review your friends and “likes” to get rid of anyone who doesn’t respect your privacy or clutters your feed.

This sounds easier than it is since most people have dozens if not hundreds of connections of Facebook. As you have to view your “Friends” list and “unfriend” each user one by one. Your “Likes” list is even more annoying. If you have time, you should do this at least once a year. So why not for Spring?

Or you can do this on an ongoing basis whenever you visit your newsfeed. See something offensive, unlike that page or friend, if he or she isn’t really a friend anyway. But be aware that you won’t see all of your friends and “likes” on your feed. Facebook filters it so you only see those you’re most likely to interact with along with the posts they’re being paid to promote.

Jason

[Photo via El Frito]

Share this with all your friends and make Facebook a better place

April 10, 2013
By Micke

Help a sick child with cancer. Help us raise funds for this poor boy beaten by his stepfather. Learn how to help yourself if you have a heart attack and nobody is around. Isn’t Facebook a fantastic place, you can learn so much and get involved in things that matter through posts that your friends pass around. I’m sure you know what I’m talking about. We have all seen these posts that circulate on Facebook and other communities.

What do you think about them? Do you pass them on? Does this kind of messages play on your emotions? Do you like the feeling of helping a poor child somewhere in the word by clicking share? Have you ever tried to verify if the sad story is true? Or do you want to hold on to the dream that you are helping, and avoid checking the background even if there is a grain of doubt? Or are you one of the skeptics who dislike chain letters and write an angry reply instead?

Chain letter may be an old-fashion term from the snail-mail era. But that is really what we are talking about here. They are also called hoaxes, which refer to the content rather than the spreading mechanism. Our modern communities on the net provide an ideal environment for them. It has never before been so easy to share information with a large number of friends globally, just by a click. The content might be anything, but there are some easy ways to identify them.

They play on your emotions, often empathy or fear.
They tell you to share it with all your friends.
There’s often a shocking picture of a claimed victim. (The same picture is often reused in many different chain letters.)
It may claim that the victim gets money for each share. (This is never true.)
There’s no or very little details of the claimed victim to make it harder to debunk the story.
There’s no reference to news articles or other reliable sources, or the article is fake if there is one.

Here comes a couple of examples from different categories.

Help save baby with cancer is a really classical example. Who can resist a sick child? And that thing on the little boy’s face. OMG! In reality, this story is just made up and the boy doesn’t exist. Or the baby in the picture certainly exists, but he has appeared in many different chain letters and nobody knows where the picture comes from or if that thing is fake or real. The promise of one dollar per share is also just made up, there is no such commitment in reality.

YOU COULD SAVE A LOVED ONES LIFE BY KNOWING THIS SIMPLE INFORMATION!!! First aid and medical advice is another common chain letter category. I have attended a number of first aid courses at different levels, and this example is legit as far as I can tell. The described STR-rule is also well known and used elsewhere too. But how do you know that? If you can assess that, you don’t need the advice. And if you can’t, you have no clue if the advice is reliable and accurate. This one might be legit, but that can’t be said about all the other messages of this kind. They can in the worst case be directly harmful! (I have selected to not share one of those here.)

Facebook is not a good info source for matters of life and death. If you truly care about your loved ones and want to be able to help, then there is no substitute for professional first aid training. Trash all chain letters of this kind and sign up for a course today!

[Insert celebrity of your choice] found dead at Dominican Republic resort. This is really a sick form of humor. There’s a web-based generator that can generate hoaxes like this. It even creates fake news pages that can be passed around with the chain letter. I’m including the link to the generator here. I trust that you use it only to learn how to spot these hoaxes, not to make one yourself.

If you see some shocking news like this and the source isn’t one of the big news networks that you recognize, then turn to Google and get a second opinion before you hit share. Well, sites can be faked so Google is a good idea even if you recognize the news source.

But these chain letters are mostly harmless, you might think. Is it really that bad to pass one on? Well, they don’t harm the reader directly. Messages that trick you into downloading a file or opening a site that can contain malware is a different cup of tea. Phishing scams that trick you into entering secret data at a faked site are also truly harmful. Chain letters and hoaxes are not harmful in this way.

But that’s not the full story. There are still several reasons to avoid them:

Your own reputation. You may feel good when “helping a sick child”, but do your friends think the same way? Some of them may think you are gullible and easily fooled.
You create unnecessary noise on Facebook, or whatever community you are on. It may already be hard enough to spot the relevant posts from 500+ friends and a load of groups. Your friends do not need more junk to cover the valuable posts.
Things seem to replicate, especially problems. If you have a habit of sharing chain letters and hoaxes, you contribute to the culture among your friends. You signal that it is OK to share hoaxes and your habit will spread to some of them.
If you forward a message with some advice about first aid, a friend uses it and it tunes out to be bad advice. How would you feel? If you share info like this, you also carry responsibility for it.
Passing on jokes about someone killed in an accident is really sick humor, even if you might be in shock and believe it when you press share. Double-check before sharing and spare your friends that unnecessary shock.
If your account is compromised and misused to spread truly harmful content, it will blend in better in a stream of chain letters. Your friends are less likely to notice any difference and more likely to click on the malicious link from “you”. Such post will however stick out if your normal posts are strictly no-nonsense.
A historical note. Old-school computer folks dislike chain letters because they were seen as a bad thing in the early days of e-mail. This was based on the limited capacity of the computers and telecommunications at that time. Technical capacity is not a problem anymore, today’s bottleneck is our capacity to process all the messages we get. But as said above, even if the technical capacity is there, it is still a bad idea to circulate chain letters.

And by the way. Why should you support this particular child? Just because you got a picture of him? There are probably thousands of real children with the same disease. You feel emotionally involved, that’s good. Let’s use your emotions for something more productive than just passing hoaxes around. Look up a local charity organization that work with children and make a donation while watching the picture. That really matters!

So, to summarize. Don’t feel bad if you have shared chain letters like this. As said, they do no direct harm. But I hope that as many as possible become aware of the downsides and start ignoring them. Our Facebook experience would be tidier.

So now you know how to spot a chain letter. Just click the share button and make sure all your friends on Facebook also know. Hey, wait…

Safe surfing,
Micke

Image from About.com Urban legends

3 Comments

Our free Online Scanner is back — and now it has a superpower

April 4, 2013
By Sandra

3249616410_c753a40a40_n If we had to sell you our new Online Scanner, it would be the easiest sale in the world. Here’s why:

It’s free;
it’s fast;
it works on your Windows PC EVEN if you have security software from another company installed;
it’s light — less than 5 MB — and doesn’t require installation;
it eliminates viruses;
and now it removes one of the most difficult-to-remove malware in existence — advanced rootkits.

Rootkits are tough to detect and even harder to get rid of. They boot up even before your operating system does and often require restarting your system from a CD or flash drive with the help of customer service or an IT expert.

But with our Online Scanner, you can remove them easily, quickly and for free with just a few clicks.

Millions of computers around the world are infected with rootkits like TDL and ZeroAccess. To make sure your PC isn’t one of them, run Online Scanner and then make sure your PC is protected with security solution like our Internet Security 2013 that protects you against advanced threats.

Cheers,

Sandra

Photo credit: AnyaLogic

I don’t need to cover my traces, or do I?

April 2, 2013
By Micke

Anonymity on the net is a topic that is discussed more and more frequently. We all know that many services on the net can be used anonymously. Or can they? The Internet is a giant data processing machine, and data about us users is getting more and more important. Anonymity on the net is to an increasing degree becoming a hallucination. Your access is logged, your surfing is tracked by cookies and the big data companies are even gathering info about your non-digital life. People are to an increasing degree doing things online thinking they are anonymous, but in reality they leave traces behind. These traces can lead back to their real identities, and in worst case put them in serious trouble.

I’m not going into the big picture about anonymity and privacy here. I’m going to present a tool that can be used to obfuscate your true identity. The anonymity network TOR. This is a tool and network that provides fairly strong protection against anyone who try to find out where a connection over the Internet really came from.

Let’s first debunk two myths.

This kind of stuff is only needed by criminals. I’m a law-obeying citizen! Well, yes. It is in most cases OK to surf without this kind of protection. But it is also good to be aware of this possibility. There are situations where it can be smart to cover your traces even if you have perfectly honest intentions. And being anonymous is not wrong in any way, you have the right to use this kind of tool if you like.
I don’t know how to do this. I’m no hacker. Don’t worry. Using this tool is no harder than installing a program on your computer.

So what’s the problem we are trying to tackle here? Practically all services on the net log all access. This log contains the so called IP-address that you are using, no matter if you have entered your real name at the site or not. The IP-address is a numeric code that is unique for all devices that connect to the net. Your ISP assigns one to your computer (or router, or modem) automatically when you connect to the net and you don’t have to worry about that. When you surf “anonymously” on a site, the site owner will know this IP-address but not who it has been assigned to. That information remains in the ISP’s log and is typically revealed only to authorities when investigating crimes. (Depends on local laws.) So you can under normal circumstances be traced back to your ISP, but the trace stops there.

So you have a certain level of privacy when surfing from home. But what about your computer at work? Here the company is in the ISP’s position. All traffic you generate can easily be traced to the company, but not to your workstation. The company’s administrators may be able to trace further, but that depends on how the internal network is managed.

Here’s some examples of situations where the default protection may be insufficient:

Your ISP may protect your identity, but how reliable is that? Someone may present fraudulent accusations to get access to your true identity. People may misuse their access rights and leak data. The ISP’s employees are just humans after all. You don’t have to worry about that if you are using TOR.
What if you discuss something online from work, but the topic is totally unrelated to your employer? Or even in conflict with your employer’s interests. Then it’s best if no one afterwards can claim that someone from that company made a comment in the discussion.
If you consider becoming a whistle-blower, get TOR! Handle the case through TOR exclusively. This is a tricky situation where you may break contracts or even the law, and still do very much good for the society. You may have to pay a high price for being a hero unless you protect yourself.
TOR can circumvent some national censorship schemes. This benefit is obvious in totalitarian states, but might be more relevant to you than you think. Finland, for example, is considered to be a democratic country without severe human rights problems. But despite that we have an Internet censorship scheme that was developed to stop child pornography. Now it is misused to block on-line poker, criticism against the authorities and many other things. The list of censored sites is secret and site owners can’t challenge it in court. But TOR-users have free access. (Yes, seriously! Sounds like China or Iran but this is in EU.)
TOR is not only protecting your identity, it also encrypts traffic and prevents 3^rd parties from finding out what you are doing and who you are communicating with. This may be beneficial if you don’t trust the network you are using. A good example is FRA in Sweden. They have legal rights to intercept all network traffic crossing Sweden’s borders, including traffic in transit to other countries. A bummer for us here in Finland as our cables to the world go west.

TOR is a privacy network that routes your traffic through a chain of several randomly picked servers before it goes to the site you are accessing. The traffic is encrypted all the way from your computer to the last relay machine. The protocol is also designed so that the relaying machines never know more than they need to know. The first server knows who you are but not what you are doing or what site you are accessing. The last server can see your traffic in plaintext and knows where it is going, but do not know who you are. None of this is however logged by the TOR relays as their purpose is to ensure your privacy. Even if someone with malicious intent would get hold of one of these servers, they would not be able to reveal your secret.

The simplest way to use TOR is to download and install the browser bundle. It consists of two parts that work together seamlessly. “Vidalia” is the control center that sets up the chain of secure servers and handles communication. “TorBrowser” is a Firefox-based web browser that is preconfigured to communicate through TOR. It makes it easy to start using TOR, no nerdy settings needed. A separate browser is also really necessary to guard your privacy as your normal browser is full of cookies that can identify you.

Installing TOR is easy, but that alone does not guard your identity. If you want to be truly anonymous at some certain site, you need to follow some additional guidelines.

Do not use a user name or account that you have used previously without TOR. That account can be connected to your real IP-address using old log entries. Start fresh and create a new account through TOR. Needless to say, your new alias shall not give any hint about your true identity.
Make sure that all your access to the site where you want to be anonymous is through TOR. Even a single login from a connection that can be traced may reveal you.
If you have to provide a mail address for your new account, use TOR to create a new mailbox in a webmail service of your choice and use that address exclusively. tormail.org is an alternative if you are paranoid.
Think about what info you submit when anonymous. Personal info is naturally no-no, but also other kind of knowledge may reveal you or limit the number of possible persons behind your alias.
Don’t use both your anonymous identity and your real identity from the TorBrowser at the same time. This makes it possible to tie them together as they both would use the same IP-address. You can use the Vidalia-console to refresh the IP-address that is shown outwards. Make sure you do this before logging in with another identity, or use your real-life identity from your normal browser instead.
Don’t break the law. That is of course good advice in generic as well. In this case a criminal investigation will pose a greater threat against your anonymity as the authorities have much more abilities to trace you.

Disclaimer. I hope you never truly need this kind of protection. But if you are in doubt, play safe and cover your tracks. Also keep in mind that it is tricky to be truly anonymous on the net. That is especially true if you are wanted by the authorities. Do not rely solely on this article if you are in a situation where your personal safety depends on anonymity, like for high-end whistle-blowers or opposition activists in non-democratic countries. What’s said above is a good start in these situations too, but you should get a more comprehensive understanding of on-line anonymity before putting yourself at risk.

Check what your surfing looks like from the site owners’ perspective. This site reveals the info. If using several connections, like home and work, check all of them. If you install TOR, visit the site from the TorBrowser to see how the address has changed.

Safe surfing,
Micke

PS. Another way to see the need for anonymity. The law protects our property against thieves, but still we use locks. The law protects our privacy on-line (to some extent), but most people do not enforce that in any way. TOR is for privacy what a lock is for theft. Why not play safe and lock it?

Photo by zigazou76 @ Flickr

One picture can tell more than you think

March 27, 2013
By Micke

One of my big passions is photography. I’m quite old-school as I mostly use a big DSLR, post-process my shots on the PC and upload some keepers to Flickr. But I’m also using my mobile phone camera more and more. Nothing beats the convenience of snapping a shot and being able to upload in one sweep. Some people, like me, just have a mental barrier to overcome, the technical perfectionism. A shot can be fun and interesting even if you haven’t spent hours tweaking it. I’m working on that…

Sharing photos on the net is fun, but did you know how much a single picture can tell? I’m not talking about the traditional “more than 1000 words” here. I’m talking about metadata. This is invisible data that describes the content and is embedded in the picture file. This is some of the data that a photo can contain:

Date and time when the picture is taken
Photographic parameters like lens, aperture and exposure time
Geographical position from a GPS-device
Information about the device that took the picture, brand, model, serial number, etc.
Name and contact information of the device’s owner
Information about the photo’s copyright owner and rights to use the photo
A lot of other info that professionals and serious amateurs can use to manage large photo collections.

All this data does really provide a lot of added value. You can automatically have shots sorted by capture time, you can plot photo locations on maps, find all shots taken with a certain camera or lens, and so on. The possibilities are almost endless. But metadata is like all other great things, it can be used and misused. The downside is naturally privacy.

I did a quick test with my Nokia Lumia, which is a Windows Phone -device. It turned out that its camera embeds the date and time, photographic parameters and the GPS-location automatically. But data about the owner is not included. This data is also kept when using all share-options that I currently have available; mail, Flickr, Facebook, SkyDrive and DropBox. There’s no setting anywhere that would control this behavior. In theory, I could reveal my exact location every time I upload a photo.

But this is not the full story. The service that you upload to can also decide how to process metadata. Facebook strips it altogether. This design was probably implemented to save storage space, but has a positive side-effect on privacy. Photographers who are interested in the photo parameters are however not happy. Flickr uses a different strategy. Metadata is extracted and used in the interface. You can decide if you want it to be showed or not. Users can also download smaller picture files without metadata, or the original with all data intact, if you choose to allow it. It’s quite natural that Flickr is more advanced as it is a site focusing on photo sharing.

So what should I do about this?

What data you share depend on many factors, so you really have to find out yourself. Go to the site where your pictures are shared. Download a picture of yours and examine its metadata. This can be done by opening the file’s properties or with some special tool. Photo editing software usually let you examine and manipulate the metadata. Opanda IExif is a free tool for Windows. Think about what data you can see and if you think it is a privacy problem.
If you share photos from your mobile device, there may not be much you can do to manage metadata. Look for settings controlling metadata in the camera program and all apps used when sharing. You may also look for alternative apps with better controls. If nothing else helps, you may have to accept the situation, restrict your sharing or disable the GPS if position info is your concern.
Old-school folks who share through a computer have much more options. Most workflow programs have options that control what metadata you embed in the final files. There’s also many tools available that can strip metadata from files before you upload. I already mentioned one above.

To summarize. You do not necessary have a privacy problem with metadata in photos you share. It depends on many factors. The device you take photos with, the software you use to process and transmit the shots and finally the site where they are published. And naturally your own privacy expectation, what data are you ready to share? But the most important point is to be on top of this yourself. Don’t leave it to chance. Check what you share and make up your mind if it’s OK or not.

An exercise for you. Download the photo file in this post and check what kind of metadata you can find in it. It’s taken straight from my workflow program on the PC, no data removed.

Safe surfing,
Micke

PS. Also keep this in mind if you feel tempted to cheat about when and where a shot is taken. You are unlikely to get away with it if you have photo-savvy friends.

Photo by Micke-fi @ Flickr

What’s a Hackathon and why are we doing one?

March 25, 2013
By Jason

The practice of software developers getting together in one place for an extended period of time first began in the late 90s. Hackathons are now a fixture of tech culture, giving experts and aspiring experts — who often work remotely on their own — a chance to get together in person and create something awesome. Many good causes and companies have gotten their starts at hackathons all over the world.

F-Secure is about to host our annual Hackathon in Bangsar South at our Kuala Lumpur office on April 12-13.

It will kickoff F-Secure’s 25th Anniversary celebrations in the APAC region. The theme is “Securing service in the Web” and developers will be provided with a variety of APIs for web reputation and real-time malware detection from our cloud network.

The winner gets to have dinner with our own Chief Research Officer and inductee to the Infosecurity Europe Hall of Fame — Mikko Hypponen

You can sign up here.

Cheers,

Jason

No, you don’t need my social security number.

March 19, 2013
By Micke

- (phone rings) Hello.
- Hello, I’m calling from American Express. Are you Mr. ***** ******?
- Yes, great that someone finally reacts to my reclamation.
- First I need to verify your identity. What’s your social security number?
- Excuse me but you are calling me on a number that you have in your register, so you can be pretty confident that you are talking to the right person. But I have no way of knowing that you really are from Amex. So YOU tell ME what my social security number is. I know you have it on file.
- (silence) Well, eh … we must identify our customers to be able to serve them by phone. It’s company policy.
- Yes, I know that. But I’m certainly NOT going to give out my number to a stranger who calls and asks for it. I really need some kind of identification from you first.

It went on like that for a while until I proposed a compromise. I told her the first part of my number and she told me the last digits. It all matched and we were able to proceed.

This post is not about American Express, it is about a severe and widespread problem that is visible in this case. The problem is these Social Security Numbers, SSNs, or National Identification Numbers which is a proper global term. They appear in most countries, in many forms and under many names. But they all have two things in common. They were designed to be unique and distinguish persons with the same name. And they are misused for identification.

The practice of using the SSN as proof of identity is really fundamentally flawed. They are used in the same way as a password, knowledge of the “secret” is supposed to prove who you are. The problem is just that the SSN isn’t designed to be secret. If you are a little bit Internet savvy, you know the basic rules for safe passwords. Think of your SSN as a password. It’s assigned once for your whole lifetime and you can’t change it. You are forced to use the same SSN on all services you use. It’s printed on various documents, depending on what country you live in. It’s recorded in numerous registers, and you don’t even know where all those registers are and who’s got access to them. Would you handle the password to your favorite net service this way? Hell, no! Still knowledge of this fundamentally flawed “password” may enable anyone to get credit, order goods, close accounts, etc. in someone else’s name. Scary!

But what can we do about it? Let’s refresh the memory with some practical advice about how to handle your SSN.

Do some googling and look for national advice about SSN security in your country. Laws and practices vary and a local source is typically more accurate. But here comes some generic advice.
Do not give out your SSN unless you know who he other part is.
Verify that the other part has a valid reason to use your SSN before you reveal it.
If a business demands your SSN, you can refuse to give it but the business can refuse to serve you. You can either comply or spend your money elsewhere.
Some try to phish for SSNs, look out for fraudulent web forms that ask for it.
Check what documents you carry in your wallet that have the SSN printed. Avoid carrying those documents daily, if possible, as your wallet may get stolen.
Invoices, tax documents etc. may have the SSN printed. Think about how you dispose those papers. If you have a shredder, use it.
Needless to say, don’t post the SSN on the net in any context.

This will help a bit, but not cure the fundamental problem. Your SSN is still used and stored so widely that you may be the victim of identity theft even if you do all this.

The problem is really the misuse of SSNs as proof of identity. And the next question is obvious, what should we use instead? Yes, that’s right. There is no common, safe and reliable method for identifying a caller. Some companies have their own methods to improve security. They may require both your SSN and for example a customer number or invoice number. Better, but still not good as those additional numbers aren’t protected very well either. The banks have good systems with sheets of one-time passwords, or similar. These system have been developed with security in mind and are typically reliable enough. They are developed for on-line access but often work for identifying a caller as well.

Banks have good systems, but they are unique for each bank. We would really need national systems, or even better, a global system for reliable identification of persons both on-line and over the phone. More and more of our transactions cross borders and national systems do not help if you are dealing with someone overseas, like in this case. The problem is not technical, public key cryptography and digital signatures could be deployed to achieve this. But agreeing on a reliable global identification standard that won’t become a privacy threat would certainly be a significant political achievement.

So we probably have to live with this flaw for quite a long time. National solutions will no doubt become available in some countries. Estonia is usually quick to utilize new technology and this is no exception, An electronic ID is a good fundament even if reliable identification over the phone still would require some additional technology. But the rest of us just have to acknowledge the risk, keep our non-secret SSNs as secret as possible and hope for the best.

Safe surfing,
Micke

Image by DonkeyHotey @ Flickr.

2 Comments

Facebook’s News Feed Is All About Photos — Here’s How to Protect Yours

March 15, 2013
By Jason

Facebook is now rolling out a new version of its news feed that will take the look of its mobile app and put it on the web. You can get a nice sample of what it will look like and sign up to be one of the first people to get yours here.

But before you do, now is an excellent time to think about something that’s going to be a much bigger issue soon — your photo privacy. The new newsfeed is all about highlight photos and making them easier to share.

In a recent survey of Facebook users, we found out that 1 out 5 have had a picture of piece of content posted on Facebook reused without their permission*.

This is why it’s important to remember the key rule of Facebook privacy: Nearly anything you share on Facebook can be reshared by your friends — no matter how locked down your privacy settings are. You do technically own the content you post on Facebook, meaning Facebook probably won’t claim control of your content (even though its terms and conditions suggest it might be able to.)

But once you post anything on a social network, you’re basically setting it free in the world.

There are also a few key things about photos that many Facebook users are not aware of, though they are listed in Facebook’s privacy help pages:

The privacy setting for your Cover Photos album is always public.

If there’s a photo of you in an album that someone else posted, only the person who posted it can change the album privacy. If you don’t like the photo, you can remove a tag or escalate the issue.

If you share a high resolution photo or album with someone, that person will be able to download those photos.

Unlike other photo albums you create, you can choose an audience for individual photos in your Timeline Photos and Mobile Uploads albums. Each time you post a new photo, you pick who sees that photo using the audience selector.

You can always change the privacy setting of any individual album or photo by adjusting the

icon. If you want to avoid your friends seeing an embarrassing photo of you that you didn’t post but were tagged in before you do, be sure to use the “Activity Log.” Here’s how:

How do I get to my activity log?

You can get to your activity log from your privacy shortcuts:

Click your privacy shortcuts in the upper-right corner of the page and select Who can see my stuff?

Click Use Activity Log.

Note: Only you can see your activity log. However, stories in your activity log may appear other places on Facebook, like on your timeline, in search or in your friends’ News Feeds.

Cheers,
Jason

*Based on a survey of 495 Internet users contacted in December 2- 31 2012 through Facebook, Twitter and the F-Secure Safe and Savvy blog and conducted through Surveygizmo.

Are we all RoboCops in the future?

March 13, 2013
By Micke

Internet together with small and inexpensive digital cameras have made us aware of the potential privacy concerns of sharing digital photos. The mobile phone cameras have escalated this development even further. Many people are today carrying a camera with ability to publish photos and videos on the net almost in real-time. Some people can handle that and act in a responsible way, some can’t. Defamatory pictures are constantly posted on the net, either by mistake or intentionally. But that’s not enough. Now it looks like the next revolution that will rock the privacy scene is around the corner, Google Glass.

Having a camera in your phone has lowered the threshold to take photos tremendously. It’s always with you and ready to snap. But you still have to take it out of the pocket and aim it at your object. The “victim” has a fair chance to notice that you are taking photos, especially if you are working at close distance.

Google Glass is a smartphone-like device that is integrated in a piece of headgear. You wear it all the time just like ordinary glasses. The screen is a transparent piece in your field of view that show output as an overlay layer on top of what’s in front of you. No keyboard, mouse or touchscreen. You control it by voice commands. Cool, but here comes the privacy concern. Two of the voice commands are “ok, glass, take a picture” and “ok, glass, record a video”. Yes, that’s right. It has a camera too.

Imagine a world where Google Glasses are as common as mobile phones today. You know that every time you talk to someone, you have a camera and microphone pointed at you. You have no way of knowing if it is recording or not. You have to take this into account when deciding what you say, or run the risk of having an embarrassing video on YouTube in minutes. A little bit like in the old movie RoboCop, where the metallic law enforcement officer was recording constantly and the material was good to use as evidence in court. Do we want a world like that? A world where we all are RoboCops?

We have a fairly clear and good legislation about the rules for taking photos. It is in most countries OK to take photos in public places, and people who show up there must accept to be photographed. Private places have more strict rules and there are also separate rules about publishing and commercial use of a photo. This is all fine and it applies to any device, also the Google Glass. The other side of the coin is peoples’ awareness of these laws, or actually lack thereof. In practice we have a law that very few care about, and a varying degree of common sense. People’s common sense do indeed prevent many problems, but not all. It may work fairly OK today, but will it be enough if the glasses become common?

I think that if Google Glass become a hit, then it will force us to rethink our relationship to photo privacy. Both as individuals and as a society. There will certainly be problems if 90% of the population have glasses and still walk around with only a rudimentary understanding about how the law restricts photography. Some would suffer because they broke the law unintentionally, and many would suffer because of the published content.

I hope that our final way to deal with the glasses isn’t the solution that 5 Point Cafe in Seattle came up with. They became the first to ban the Google Glass. It is just the same old primitive reaction that has followed so many new technologies. Needless to say, much fine technology would be unavailable if that was our only way to deal with new things.

But what will happen? That is no doubt an interesting question. My guess is that there will be a compromise. Camera users will gradually become more aware of what boundaries the law sets. Many people also need to redefine their privacy expectation, as we have to adopt to a world with more cameras. That might be a good thing if the fear of being recorded makes us more thoughtful and polite against others. It’s very bad if it makes it harder to mingle in a relaxed way. Many questions remain to be answered, but one thing is clear. Google Glass will definitively be a hot topic when discussing privacy.

Micke

PS. I have an app idea for the Glass. You remember the meteorite in Russia in February 2013? It was captured by numerous car cameras, as drivers in Russia commonly use constantly recording cameras as measure against fraudulent accusations. What if you had the same functionality on your head all the time? There would always be a video with the last hour of your life. Automatically on all the time and ready to get you out of tricky situations. Or to make sure you don’t miss any juicy moments…

Photo by zugaldia @ Flickr

Mobile Threat Report Q4 2012: 96% of all Mobile Malware written at the end of 2012 targets Android

4. Be very careful when giving your mobile number out.

March 8, 2013
By Jason

F-Secure Labs Mobile Threat Report for Q4 2013 is out and it’s clear that the most popular smartphone operating system is also the leading target for online criminals.

94% of all mobile malware the F-Secure Response Labs analyzed in Q4 targets Google’s Android platform.

You can get the whole report here.

Here’s what the growth of mobile mobile malware looks like over 2012.

variants

As Android threats have grown, Symbian malware has nearly disappeared. Why? Symbian which used to be the world’s most popular mobile OS is disappearing. Nokia phones are increasingly moving to Windows Phone, which — as you may have noticed — is attracting no threats. The world’s second most popular mobile platform Apple’s iOS for iPhones and iPads also had no threats found in 2012.

Why the difference? It comes down to platform openness and App store security.

How can you protect your phone from these threats?

1. Stick to the official app stores.
Apple and Microsoft have strict guidelines for their app stores and Google’s Play store is increasingly adopting restrictions that prevent bad apps from ever showing up. If you only get apps in the official stores, your chances of getting a bad app are almost zero.

2. Check out reviews.
Malicious apps are often weeded out by active users who rate and review software. If an app doesn’t have positive feedback and a lot of it, you probably don’t want to be the one who tests it out.

3. Keep your phone’s software updated.
Your smartphone is a mini PC with the same software issues that your PC has including software that continually needs to be updated. This may require some help from your carrier depending on your phone – but the basic rule is: The more current, the better.

The main thing to keep in mind is that while your family and friends may want to pry on your phone to see what you’re up to, the most likely reason a criminal will be targeting you is pretty obvious.

You guessed it: FOR THE MONEY.

screen-shot-2013-03-07-at-09-39-02

Cheers,

Jason

37 ways to mess up a PayPal scam

March 5, 2013
By Micke

Night at Hellsö marina I have a boat for sale. The sea is still one of my big passions, but I simply have too little time to use it. So I decided to let it go. I will buy a bigger one later, when and if I have more time. It’s still winter in Finland and all the small boats are on dry land covered by snow. But spring is approaching and the boating fever is spreading. It’s the right time to publish an ad on the net.

Soon I get a mail from a nice young lady. Let’s call her Mrs. Witney De Villiers, as that is what he or she called herself. (Probably a randomly picked false identity, any similarity to real existing persons is purely coincidental.) She was very keen on buying my boat and we had a nice conversation over a couple of days. I did unfortunately not sell the boat, but I got a nice story to tell instead. I will not bother you with all the details, so here’s a shortened version with all the important parts included.

- Hi, I’m in Mexico and I want to buy your boat. How long have you had it? What’s the final price? (Well, I’m in Finland and this is the point where I became more or less convinced that it is a scam.)
- I have had it for five years.
- OK, the price is fine. I want to buy it. Please take down the ad. What’s your PayPal account info so that I can make a payment? I’ll cover the PayPal charges. (Needless to say, the ad remained up.)
- Good news. I can accept wire-transfer which would be a lot cheaper for you than PayPal. (She can’t accept if this is a traditional PayPal scam.)
- Sorry, but I can’t do wire-transfers now. I only have access to PayPal because bla bla blaa …. (Yes, another scam-indicator.)
- OK, I created a PayPal account. Here’s the account info. But there’s some paperwork we need to handle before we proceed. Please fill in the buyer’s part of this attached contract and mail a scanned copy to me. I also need a picture of your photo ID. (The provided PayPal account info was false.) Read More »

25 Comments

Hear Mikko Unplugged – Don’t Miss our Live Lab Webinar!