Terms

Terms and Conditions

Please note that when accessing The F-Secure World Wide Web pages you agree to the following terms:
[sas_arrow_down][/sas_arrow_down]


Disclaimer

The contents of F-Secure World Wide Web pages are provided “as is” and “as available”. No warranty of any kind, either express or implied, is made in relation to the availability, accuracy, reliability or content of these pages. To the extent permitted by law, F-Secure shall not be liable for any direct, indirect, incidental or consequential damages arising out of the use of or inability to use these pages, even if F-Secure has been advised of the possibility of such damages.


Third Party Sites

This policy only addresses our activities from our servers. This web site contains links to web sites that are not under our control. We are not responsible for the content, commentary or applications of these web sites. We are providing these links only as a convenience and the inclusion of these links does not imply endorsement by us of the linked web site.


Copyright

The contents of F-Secure World Wide Web pages are protected by international copyright laws © F-Secure 1994 – 2006. All rights reserved. Reproduction, transfer, distribution or storage of part, or all of the contents, including but not limited to pictures, design format, logo, audio clips, video clips and HTML coding, in any form without the prior written permission of F-Secure is prohibited. Any and all reproduction, total or partial, of the texts, illustrations, design format or logo by any means whatsoever, is illegal. Such reproduction requires the prior written consent of F-Secure. We protect our intellectual property rights to the full extent of the law. F-Secure” and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either trademarks or registered trademarks of F-Secure Corporation.

All other trademarks mentioned in the F-Secure World Wide Web pages are the property of their respective holders. Nokia is a registered trademark and the Nokia OK logo is a trademark of Nokia Corporation. Nokia id-codes are a00014, a00015 and a00018. Symbian and all Symbian-based marks and logos are trade marks of Symbian Limited.


Security

F-Secure is committed to ensuring the security of your information. To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use of information, we have put in place appropriate physical, electronic, and managerial procedures to s afeguard and secure the information we collect online.


Submissions

Any bulletin messages, suggestions, ideas, bulletin board postings or concepts that are submitted to F-Secure via this web site shall become, and remain the property of F-Secure. Furthermore, F-Secure is not responsible for the confidentiality of any information communicated to our web site. By communicating material to the F-Secure web site, you agree that F-Secure has the right to publish the material in products or publications for any purpose, including, but not limited to, advertising and promotional purposes. You agree not to take action against us in relation to material that you submit.


Amendments

F-Secure reserves the right to modify the pages or deny access to them at any time. Amendments to this policy will be posted at this URL and will be effective when posted. Please visit us again for updates.







Community Terms


The following legal terms (“terms”) govern your right to use and access to F-Secure blog “Safe and Savvy” (“blog”) provided by F-Secure Corporation (“F-Secure”, “we”, “our”). By using or visiting the blog you have read these terms, understand them and agree to be legally bound by them. You also agree not to use the blog against these terms and specific instructions elsewhere in the blog. If you do not agree to all of these terms, or if you are below the age of twelve (12), you are not allowed to access, visit or participate in the community


Description and Purpose

F-Secure provides this blog as a service to its users and customers, to help them exchange ideas, tips, information, and techniques related to overall security related issues and to our services. This blog is here for the enjoyment and benefit of all members and accessible to all. The community of the blog, like any community, is most valuable when everyone obeys certain basic guidelines and rules for online behavior:


Posting and Prohibited Content

Use of the blog is at your own risk. Do not post any information, especially personal information such as addresses and phone numbers, that you do not wish to make public. Any information that you post to public sections of the blog can be obtained and used by others. You are responsible for any personal information you disclose to the blog. F-Secure or WordPress.com provided by Automattic Inc. (“Platform Provider”) is not responsible for third parties’ use of information posted on the blog and to the blog community. Users of the blog agree not to upload, post, or otherwise transmit any content that includes any of the following inappropriate content:

  • Content that is: unlawful, libelous, harmful, vulgar, obscene, derogatory, pornographic, abusive, harassing, threatening, hateful, objectionable with respect to race, religion, creed, national origin or gender;
  • Any private or personal information or content that is not your own or that you do not have rights to transmit, such as: address, phone number, personal email address, social security number and copyrighted content, trade secrets or securities
  • Off-topic content not relevant to blog community purpose;
  • Spam, such as advertising, promotion or solicitation, including chain letters, class action lawsuits, charitable appeals;
  • Content or links to content that contains contaminating or destructive features that may damage someone else’s computer;
  • Duplicate or excessively repeated submissions in one or more areas;
  • Content designed to evade profanity or other filters;
  • Hyperlinks to sites that violate the terms;
  • Content used to impersonate another person;
  • Content or behavior that violates any applicable laws;
  • Content or behavior that interferes with the operation of the site or with another member’s ability to use the site;
  • Evading site controls such as bans, or otherwise disregarding the directions of the site moderators or administrators
  • Content that infringes copyrights or other intellectual property rights of third parties.


Enforcement

F-Secure may remove any information, in its sole discretion, including but not limited to personal data or data, material or content provided by any of the users, considered to violate the Terms or be inappropriate for the blog for any reason. F-Secure shall under this agreement have no obligation to monitor any of the material provided by you to F-Secure and/or to the blog community, but may do so at its discretion. F-Secure also retains the right to immediately revoke any and all of Your access rights in case Your breach of any of these Terms or suspected misuse of the blog.


To report violations, please contact the F-Secure blog team and include the blog-post/comment and the author-name in question: safeandsavvy@f-secure.com




latest posts

MB

In what color would you like your new Mercedes?

A new Mercedes. Nice. Or maybe an Audi R8? That would be cool. But hold it! Don’t sell your old car yet! Liking and sharing that giveaway campaign on Facebook will NOT give you a new car. Those prizes doesn’t even exist. They are just hoaxes. Internet and Facebook is full of crap, junk, rubbish, nonsense and gibberish. Nobody knows how many chain letters there are spreading some kind of unbelievable story. False celebrity news, bogus first-aid advice, phony charity campaigns and this kind of giveaways. We tend to think about these chain letters as hoaxes, pretty harmless jokes that doesn’t hurt us. But that’s not the full story. A hoax can be harmful, like the outright dangerous first aid advice that some people keep spreading. But a car giveaway is probably a harmless and safe prank, even if it’s false? No, not really. These chain letters are actually not traditional hoaxes, they are like-farming scams. There’s no free lunch, you don’t pay for Facebook with money but with your private data. The like-farming scams work in the same currency. You will not lose any money even if you like the page and share it. Instead you will participate in building a page with a lot of supporters, which is valuable and can be sold later. Needless to say, you will not get any of that money. Here’s how it works. Any business has a problem when starting on Facebook. An empty page without likes isn’t trustworthy. So the scammers set up a page containing anything that can go viral. A promise to get a luxury car works well. They just have to tell everyone to like the page and to share it as much as possible, to keep the chain reaction going and get even more likes. The scammers wait until there’s enough likes before they clean out the content, rename it and start looking for a buyer. The price is in “$ per k”, meaning dollars per 1000 likes. A page with 100 000 likes could sell for over $1000. So sharing the page can make quite a lot of money for the scammers if you have a lot of gullible friends, who in turn have a lot of gullible friends, and so on … The downside for you is that the likes stick even if the page is redesigned for some totally different purpose. Your face will be an evangelist for the page’s new owners and show up next to their brand. And you have no idea about what you will be promoting. I have friends who are anti-fur activists. You can probably imagine what one of them would feel when discovering that she likes a fur-coat designer! And finally some concrete advice. Review your list of old likes regularly. Remove everything except those things you truly like and want to support. When you encounter a giveaway post like this, check the involved brand’s main page in Facebook by searching for the brand name. You will in most cases notice that the giveaway is a totally different page that just is named similarly. That’s a strong scam indicator. Use common sense. From the above you get an idea about what likes in Facebook are worth. Does it make sense to give away luxury cars for this? Don’t participate in scams like this. It might feel tempting, but remember that your chance to win is exactly zero. Spread knowledge every time you see a scam of this kind. Comment with a link to this post or the appropriate description on Hoax-Slayer or Snopes.   Those sites are by the way fun and educating reading. I recommend spending some time there getting familiar with other types of hoaxes too. Read at least these two articles: Facebook car giveaway on Snopes and Facebook like-farming scams on Hoax-Slayer .   Safe surfing, Micke  

Dec 16, 2014
BY 
crime scene

Help! I lost my wallet, phone and everything! I need 1000 €!

“Sorry for the inconvenience, I'm in Limassol, Cyprus. I am here for a week and I just lost my bag containing all my important items, phone and money at the bus station. I need some help from you. Thanks” Many of you have seen these messages and some of you already know what the name of the game is. Yes, it’s another type of Internet scam, an imposter scam variant. I got this message last week from a photo club acquaintance. Or to be precise, the message was in bad Swedish from Google translate. Here’s what happened. First I got the mail. Needless to say, I never suspected that he was in trouble in Limassol. Instead I called him to check if he was aware of the scam. He was, I wasn’t the first to react. Several others had contacted him before me and some were posting warnings to his friends on Facebook. These scams start by someone breaking in to the victim’s web mail, which was Gmail in this case. This can happen because of a bad password, a phishing attack, malware in the computer or a breach in some other system. Then the scammer checks the settings and correspondence to find out what language the victim is using. The next step is to send a message like the above to all the victim’s contacts. The victim had reacted correctly and changed the Gmail password ASAP. But I wanted to verify and replied to the scam mail anyway, asking what I can do to help. One hour later I got this: “Thanks, I need to borrow about 1000 euros, will pay you back as soon as I get home. Western Union Money Transfer is the fastest option to wire funds to me. All you need to do is find the nearest Western Union shop and the money will be sent in minutes. See details needed WU transfer below. Name: (Redacted) Address: Limassol, Cyprus you must email me the reference number provided on the payment slip as soon as you make the transfer so I can receive money here. Thank you,” Now it should be obvious for everyone how this kind of scam works. Once the scammers get the reference number they just go to Western Union to cash in. Most recipients will not fall for this, but the scammers will get a nice profit if even one or two contacts send money. But wait. To pull this off, the scammers need to retain control over the mail account. They need to send the second mail and receive the reference number. How can this work if the victim had changed his password? This works by utilizing human’s inability to notice tiny details. The scammers will register a new mail account with an address that is almost identical to the victim’s. The first mail comes from the victim’s account, but directs replies to the new account. So the conversation can continue with the new account that people believe belongs to the victim. The new address may have a misspelled name or use a different separator between the first and last names. Or be in a different domain that is almost the same as the real one. The two addresses are totally different for computers, but a human need to pay close attention to notice the difference. How many of you would notice if a mail address changes from say Bill.Gates@gmail.com to BiII_Gates@mail.com? (How many differences do you notice, right answer at the end?) To be honest, I was sloppy too in this case and didn’t at first see the tiny difference. In theory it is also possible that webmail servers may leave active sessions open and let the scammers keep using the hacked account for a while after the password has been changed. I just tested this on Gmail. They close old sessions automatically pretty quickly, but it is anyway a good idea to use the security settings and manually terminate any connection the scammers may have open. I exchanged a couple of mails with this person the day after. He told that the scammers had changed the webmail user interface to Arabic, which probably is a hint about where they are from. I was just about to press send when I remembered to check the mail address. Bummer, the scammer’s address was still there so my reply would not have reached him unless I had typed the address manually. The account’s reply-to was still set to the scammer’s fake account. OK, let’s collect a checklist that helps identifying these scams. If someone asks for urgent help by mail, assume it’s a scam. These scams are a far more common than real requests for help. We are of course all ready to help friends, but are YOU really the one that the victim would contact in this situation? Are you close enough? How likely is it that you are close enough, but still had no clue he was travelling in Cyprus? Creating urgency is a very basic tool for scammers. Something must be done NOW so that people haven't got time to think or talk to others. The scammers may or may not be able to write correct English, but other languages are most likely hilarious Google-translations. Bad grammar is a strong warning sign. Requesting money using Western Union is another red flag. Wire transfer of money provides pretty much zero security for the sender, and scammers like that. Many scammers in this category try to fake an embarrassing situation and ask the recipient to not tell anyone else, to reduce the risk that someone else sees through it. These messages often state that the phone is lost to prevent the recipient from calling to check. But that is exactly what you should do anyway. Next checklist, how to deal with a situation where your account has been hijacked and used for scams. Act promptly. Change the mail account’s passwords. Check the webmail settings and especially the reply-to address. Correct any changed settings. Check for a function in the web mail that terminates open sessions from other devices. Gmail has a “Secure your account” -wizard under the account’s security settings. It’s a good idea to go through it. Inform your friends. A fast Facebook update may reach them before they see the scammer’s mail and prevent someone from falling for it. It also helps raising awareness. And finally, how to not be a victim in the first place. This is really about account security basics. Make sure you use a decent password. It’s easier to maintain good password habits with a password manager. Activate two-factor authentication on your important accounts. I think anyone’s main mail account is important enough for it. Learn to recognize phishing scams as they are a very common way to break into accounts. Maintain proper malware protection on all your devices. Spyware is a common way to steal account passwords. The last checklist is primarily about protecting your account. But that’s not the full picture. Imagine one of your friends falls for the scam and loses 1000 € when your account is hacked. It is kind of nice that someone cares that much about you, but losing money for it is not nice. Yes, the criminal scammer is naturally the primarily responsible. And yes, people who fall for the scam can to some extent blame themselves. But the one with the hacked account carries a piece of responsibility too. He or she could have avoided the whole incident with the tools described above. Caring about your account security is caring about your friends too! And last but not least. Knowledge is as usual the strongest weapon against scams. They work only as long as there are people who don’t recognize the scam pattern. Help fighting scam by spreading the word!   Safe surfing, Micke   PS. The two mail addresses above have 3 significant differences. 1. The name separator has changed from a dot to an underscore. 2. The domain name is mail.com instead of gmail.com. 3. The two lower case Ls in Bill has been replaced with capital I. Each of these changes is enough to make it a totally separate mail address.   Image by Yumi Kimura

Dec 8, 2014
BY 
F-Secure
community.f-secure.com F-Secure Facebook F-Secure Youtube F-Secure Twitter F-Secure google+
Copyright 2014 by F-Secure
Follow

Get every new post delivered to your Inbox.

Join 370 other followers