US DMV Information Comes From China

Fake DMV Links to Chinese Phishing Company

By Dominic Alvieri

April 21, 2021

GEICO has just reported a data breach. Customer drivers license numbers stolen from a bug for unemployment and other nefarious end goals according to Zack Whittaker. A similar DL breach was reported last month. 

This is data theft 101. Every state has victims of identity theft.

It doesn't matter where you live your data is available online. The simple annoying scam of it all.

The stolen data often gets resold after original criminals get what they can from them.

The stolen lists often trickle down to these types of cyber criminals.

Drivers from California to New York are dealing with a variety of DMV spoofs. The Division of Motor Vehicles doesn't send out refunds or rebates.

That would be nice.

If it sounds to good to be true...

...it usually is.

The same scam group runs a myriad of Amazon, Apple, Netflix and others phishing scams run on a daily basis.

The problem is that all of these scams are coming from the same malicious group in China. Scam after scam all coming from the same building location. A phishing company. The 21st century fishermen.

Same DMV IP address

IP Geolocation

Avoiding the plebian effort goes without saying but in this case the cybersecurity ears go up.

Direct spoofs are always annoying coming from a stolen data list and resold countless times over to different scammers on the DarkWeb. 

I can pinpoint the physical address and even pick it up on satellite. Official agencies have to follow up and apprehend the guilty party. This isn't as advanced as the GEICO bug breach but those lists wind up in these spoofing hands.

The Cyber Show on Google Blogger

by Dominic Alvieri

The Masters of Spoof

 Can anyone compete with Chinese spoofs?

What makes a good spoof?

Chinese imported counterfeit goods have been around as long as time itself. Reproducing an item as close to the original as possible. Logo color and style. 

For the cyber criminal the goal is the same, just replicate and add urgency.

Amazon is a global target.

The links are difficult to replicate but they they try.

The Chinese gangs use the same MO: NameCheap registers, Alibaba hosts and anything that can be will be spoofed. Amazon, Apple, Hulu, Netflix, USPS. The online version of the knock off brand.

NameCheap often surfaces with these new short link scam domains. The Chinese aren't the only ones playing this game but with years of experience they are ahead of the pack.

Often targeting the largest companies Amazon, Apple and Netflix to name a few.

Often rerunning the same campaigns with great success.

2020 Netflix scam resurfaces again.

The devil is in the details. Examine all links with great care. Or you can just not answer any email, text or call. Warranty anyone? 

Some are easier to spot. Best Buy and spot gold.

You can always go back to a landline, otherwise examine all links and go directly to the company.

The above spoofs are all pedestrian, at best. The better spoofs have been withheld to avoid duplication.

The email spoof is still the number one entry for a cyber criminal to gain access to your system.

Stay safe online and off.

The Cyber Show

by Dominic Alvieri

Twitter, @AlvieriD

Is This The End Of Facebook?

 The FTC and States File Antitrust Lawsuits Against Facebook.

What Will Facebook Lite Look Like?

By Dominic Alvieri, @AlvieriD

December 9th, 2020.

Official law suits to split Facebook have been filed.

What will Facebook Lite be in the future?

What will Facebook be in the Future? Without Instagram? Facebook without what now?

Facebook Lite? The next MySpace?

Is this the end of Facebook as we know it?

The FTC and 48 states filed antitrust lawsuits against Facebook today in official calls to split up the social media giant. Google has long been a target as well.

The pieces may be worth more apart now with historically high IPO valuations. Prices continue to rise with the flood of new issues like DoorDash today. Probably not on the thoughts of Facebook executives today but may be on their evening to do list.

Facebook may not have a choice in the near future.

Calls to split up Facebook are now official.

This may turn out to be a historic day in retrospect.

With the calls to break up Facebook now official the company may not have a choice but to sell off units to appease the litigators. Facebook and Google have long been the targets of cybersecurity attacks and litigation. The stakes are all on the table now.

At what point is a company to large to continue to grow without harming competition?

Will splitting up Facebook change anything?

With associations in place, competition fierce and alliances made, will splitting Facebook up help or hinder competition? How big is too big?

That is a difficult question to answer and usually is settled in a court of law.

What will Facebook be in the future?

Is this the end of Facebook? Probably not. Is this the end of Facebook as we know it today?

That remains to be answered more likely now in a court of law. Time always tells.

Facebook is now officially on the clock as the net has been cast.

Once the net is cast there is usually a price to be paid. Once again, time will tell. 

Stay tuned.

Dominic Alvieri, @AlvieriD

The Cyber Show 

The CyberSecurity Show on Google Blogger and YouTube

by Dominic Alvieri, @AlvieriD

Analyst, Researcher and Tracker.

How to Slow a Social Engineer

Hacking Bitcoins by Night...

     The Port of it All. 

By Dominic Alvieri, @AlvieriD

December 4th, 2020.

Do you know Bitcoin Jack or jack about Bitcoin? 

Porting a number is easier than you think.

The test was simple. Would a representative transfer the account?

The phone rings, "hello thank you for calling (Enter Firm Name Here) how may I help you?

Reporter, hacker, er, social engineer at this stage, " Yes this is (Enter Target Name Here) I have a problem with my phone and I need you to fix it right away.

This is not a step by step how-to but rather an important alert for all and specifically to service related security teams. A live security test. Your friend can be in attendance twenty feet away and silent as the account is transferred to a new phone in the possession of another right in front of him. 

Did you have your MFA on the same device?

 Once transferred many of the apps and accounts, if not all are in control. 

Please use 2FA tokenized preferred. Use any 2FA and MFA securely. Ideally you should separate your MFA from the main device if at all possible. If your device is ported you can still maintain your second factor security on some accounts as long as the 2FA or MFA wasn't on the same device that was just ported.

The engineer could have a baby crying in the background like in this instance. There is generally background noise. Always a sense of urgency, an impulsive need for you the agent to rectify a wrong. 

The simple ploy of a baby crying in the background can create an extra sense of urgency to rush the representative into giving away access to your account. The firm in question did not use any voice recognition technology to verify the identity on the other end of the line nor did it have any satisfactory second forms of authentication or security.

Use a secure 2FA app and find out what other security measures are available from your account and app providers.

Simple security questions can be cracked.

In many cases , all you would need to access an account are the basics along with horrible security low marks of the last four of an account ID and a simple security question like your mothers maiden name. Plebian forms of security.  Very twentieth century if you will with the advent of biometrics, tokenization and other technologies to authenticate and secure accounts and access points.

Citibank, PayPal and others are implementing voice recognition and other technologies to authenticate and validate the identity of an account. Many firms do not at this time.

Porting a number is easier than you think.

The phone is broken...

A phone account breach is the most intimate type of theft. All of your life in bits and bytes there for the taking. Every account, every moment. Now even a regular phish can expose extra hidden losses of not only digital photos and memories but any address, account or even email account linked to any digital assets may be at risk.

If your accounts and apps, let alone digital wallets do not use any added security features such as 2FA, backup keywords, tokenization of any type or any cold storage options, you can lose all of your Bitcoins tonight once I gain access to your accounts and port your number. Many of your assets.

You didn't have your MFA on the same device did you?

A security eye opener for the ill informed. Separate your 2FA and MFA on another device whenever possible.

Cold store and secure digital assets.

What can you do?

Start with securing your accounts. Use tokenized 2FA over SMS. Try not to have your 2FA app or MFA on the same device. You can lose both with a porting. Use end to end encryption to communicate. Back up data. Use cold storage and secure apps and services from trusted sources. Biometrics, tokenization and new technologies are available.

Have private lines and back up emails for security. Layered defense is best. 

Is there a firewall on that line in the sand?

Digital currencies are coming. Many are already here. Central Banks around the world will be issuing their own versions of a Central Bank Digital Currency (CBDC) in the near future. JD.Com is the first to accept the Chinese digital currency today. The race is on. Many countries are in the process.

A CBDC will be different from the stablecoin of today. What will back the stablecoin?

A protocol is filing for a banking license?

Decentralized finance is sounding centralized when a protocol wants to file for a banking license.

The line in the sand is clear. There is no firewall. You have to defend that line. 

 

One call can lose it all.

One call can lose it all.

Porting or transferring of ones number and account is often done off hours in the middle of the night. In many instances the account is socially engineered, stolen and transferred overnight while you are unaware and unable to reject the unwanted intrusion.

Needless to say advanced planning must be involved in targeted campaigns and targeted defense. 

Keeping your accounts securely online or offline is the difference between a secure hot and cold account. That can be the difference between red or black ink. Bread crumbs now can lead to the whole loaf if exposed.

Biometrics, MFA, secure tokenization, cold storage...

Be careful with your cryptocurrencies.

Don't just put it on the Blockchain.

If you ever hear someone say just put it on the blockchain they don't know what they are talking about. There are several types of blockchains. There are several types of cryptocurrencies. Proof of work, proof of stake, algorithms, consensus, byzantine fault tolerances, smart contracts, wrapped Bitcoin and hacked Bitcoin.

 

Databases are available online for sale. Your data. My data, It is foolish to think that it is not already in the hands of a cyber criminal right now. Secure your accounts and use backups. 

Hyper ledgers, digital currencies, smart contracts, wrapped coins...

Call your service provider and add an extra layer of defense. In may instances your phone or financial account representative would be glad to assist you. 

 

Everything is hackable. Be skilled in defense.

Take security precautions. 

The Cyber Show on Google Blogger and YouTube.

Dominic Alvieri, @AlvieriD

The Cyber Show on Google Blogger, YouTube

The CyberSecurity Show. 

Cybersecurity Analyst Deletes Facebook Account

 

 I Deleted My Own Facebook Account on 

October 4th, 2020.

I deleted my own Facebook account on October 4th, 2020 

                                                                

The complete frustration was evident on nearly everyone online.

The constant bombardment of social and political fraudulent and fake posts, videos and Tweets with disturbing content and malicious calls to action have to be taken seriously. This is my way of getting the word out that it is time to fight back. I am continuing online, just not on Facebook until better safeguards and limitations are put in place.

Many need to be brought to justice for all types of cyber crimes online.  

2020 has been the worst year for social and cyber crimes and we have not reached Thanksgiving.

The best and brightest are working on solutions and tracking the criminals. The backlog of accounts that need to be reviewed, closed and traced just from the political chaos must be overwhelming. 

FBI Press Release Warning below of other serious crimes that the public must be aware of and must be stopped at all costs.

  

October 15th, 2020 FBI Press Release Warnings.

Social media and platforms have become exponentially weaponized.

Everyone has been distracted with the political madness and forgot about the other threats that are constantly attacking us and our children online.

Reuters recently reported that during the last two months leading up to the election, Facebook accounts and groups called for actions to "shoot or kill" 8,760 times, or 146 times a day. 

8,760 Times, or 146 Times every single day according to a Reuters report about Facebook.

Tweet after Reuters reported 8,760 incidents on Facebook.

In the week leading up to deleting my own Facebook account there were so many malicious calls to action and horrible people that it literally make me sick to my stomach. 

How can we fix it if we don't do anything about it? Move, change, act. Do something.

What was the point to wait until someone follows you all the way to your door and home in the real world? Just remember nobody wins in a fight, but sometimes you have to fight.

 It's just online, that post, message or account can't hurt you. 

There are evil people behind evil accounts. Bad people exist in the real world and they are online.

Now is the time to inform, educate and protect yourselves and your families, Right now. 

The video below is an old promo for my, "The Cyber Show" on Facebook Live. I deleted my own Facebook account in protest October 4th. The Cyber Show Live, Blog and Channel are still online.

                             The Cyber Show on Facebook Live? Make Facebook Great Again.

My own Facebook account was hacked more than once. I still have an old account on Facebook I was unable to reacquire and had to open another new Facebook account that I just deleted. A mild problem in comparison to some internal reports surfacing now. 

There have been so many issues on Facebook during the pandemic and the last two months that several internal sources had said that several Facebook employees have quit over frustration of not being able to do anything.

I just deleted my own Facebook account for the same reason. I'm tired of just pointing out the issues and accounts and not being able to do anything else about it. It does take time and we have to stay positive and actually do something about it. Not just talk about it anymore. 

Inform, educate and protect yourselves and your families now.

Dominic Alvieri, @AlvieriD

Analyst, Researcher and Tracker.

The Cyber Show Live, Blog and Channel continue after I deleted my own Facebook account above in protest to the events on Facebook and everywhere else online.

Black Lives Matter campaign at Amazon.

 Amazon Corporate Hiring Policy

Black Lives do Matter, All Lives Do, with or without a felony.

By Dominic Alvieri, @AlvieriD

Black Lives Matter campaigns have been everywhere this year.
What exactly does that mean?

Amazon ran a great Black Lives Matter campaign earlier in the year. Or so we thought.

Upon further investigation it turns out that only certain lives matter, not all when it comes to corporate hiring policies.

Amazon is not alone.

How can a campaign matter if it excludes a huge portion of the population?

The largest incarcerated population in the World also has the largest felon population outside of prison seeking gainful employment. Amazon is always touting jobs but will never hire a felon.

The Cyber Show blog on Blogger, by Google.

The campaign began showing the true colors with the announcement of the Bezos Academy for underserved children. Amazon will never hire anyone who has made a mistake in the past. All lives matter but only to a point with certain companies.

What about their children?

Can the child of a felon attend the Bezos Academy Amazon?

What about working for Amazon? That is a no. Corporate policy, sorry.

Please buy from us, we support black lives. What?

CNN Report of the new Bezos Academy.

With the largest incarcerated population in the World, The United States also has the largest population of released felons back into society. Amazon is constantly touting jobs and new warehouses, but the truth is they will not hire a Black, White or any color felon. Sorry, doesn't matter how long ago the crime was or even what happened. Amazon does not care what or when it was.

But you can still buy from us!

We have a policy.

Does having a policy make it right?

Amazon has a strict corporate policy.

There is a new Bezos Academy preschool, tuition free for underserved communities.

Can all black children attend, even if their mother or father has a felony record?

As of press time, Amazon has not returned a request for comment.

Corporate hiring policy is very clear...

Amazon will never hire a person with a felony record. Period.

Where can the largest incarcerated population work?

The jobs ordeal is continuing with politicians and wall street pushing below living wage jobs and Amazon will not even hire you. So where can they work?

The frame here is that 25 years ago you could have made a mistake and you paid your debts.

Or so you thought.

What ever happened to paying your debt to society? Amazon carries that debt forever.

Many companies and people do. 

What illegal thing have you done now? Prior felon.

What illegal things have you done in 25 years? 

Now people can do horrible things for 25 years and we elect them president.

The last three lines should make the point clear. 

Dominic Alvieri, @AlvieriD

Analyst, Researcher and Tracker.

SEO For Better Please, Not Worst.

 

 Susquehanna University maintains disturbing meme   Suckabanana University                 on search engines.

  By Dominic Alvieri @AlvieriD

                           Prestigious Susquehanna University is above this meme and bad jokes.

Nestled in heart of the Susquehanna Valley in central Pennsylvania is prestigious Susquehanna University. A diamond in the valley.

Malicious memes and jokes have hidden risks finally being realized by more than just the cybersecurity industry. CNN, The New York Times and The Washington Post have been covering the events as they unfold with social media weaponization which comes through many avenues and dark alleys of the internet.

The university is well above this modern technical association of a bad joke that is now weaponized online. It readily shows up available to associate with and link via search engines to the universities website itself and separate searches of other keywords to Kappa Delta Sorority. 

As of press time no one from the university has returned multiple requests for comments.

 

 Is it just a joke? A meme? < ?>SEO_SU</?> 

The CyberSecurity Show on Blogger

For years it has been maintained that is a joke and just a meme. Memes and jokes with undertones like this are in poor taste at the very minimum standard of decency. With modern connectivity to the internet available with nearly every device overall internet usage and abuses have been soaring during the pandemic of 2020. COVID-19, viral attacks, ransomware and social abuses online are all reaching epic proportions as we wait for final election results.

So have the dangers. 

A malicious meme or bad joke now online can reach the most innocent and at risk.

You have to break the frames and differentiate between what was shown and pushed to you and what it actually is. 

Is it a video of Alice in Milan or a manipulated image created by Bob of Alice in Minsk?

It was actually made by Trudy in Moscow and emailed to Bob in Manhattan.

That impulse reaction will engrain a lasting memory node, if you will. You will remember Alice in Milan even though it was made by Trudy in Moscow and emailed to Bob in New York City.

The CyberSecurity Show on Blogger

You will remember the context of what was intended and it may not be the reality of the situation.

It can influence the unknowing either politically or socially and abuse and entangle you. 

It has to be addressed right now in every way, shape and form.

We are literally disconnecting from reality.

Hashtags and keywords are basically how Google, Microsoft and every search engine lets people find you, your business or your university. It does not just appear. Google and Microsoft did not place this on your site for you on their own accord without technical direction and consent. It is a created association made by you, your business, your university or the person(s) or business that is in charge of your website(s).

That goes for fraternities and sororities as well.

                                         SEO for fraternities and sororities needs to improve.

What is SEO anyway?

SEO stands for Search Engine Optimization. <a>SEO_101</a>

Google and Microsoft can help you remove them if anyone is ever unsure of how to do so.

The hashtag below is displayed on GramHum which is an Instagram viewing page that displays dubious content with the following examples. The hashtags and keywords have many bad examples.

One of many found that purport this kind of activity. Is this suitable for a child? Is it suitable period? 

Susquehanna University is not involved with any of the websites, pages, hashtags or links other than the current SEO linkage to its website and domain (TLD).

This is an example of what those keywords and hashtags represent and link to.

Instagram viewer with few posts but dangerous content.

Notice the same post in the snapshot above and below. 
Was this created only for a political trolling campaign? 

Edited for disturbing content.

If a post or tweet is added and viewed by millions to disinform or misinform and then deleted, does it count? Yes it does. You distributed non verified malicious content.

My research has shown that several sites are being maintained for years with only a few posts being counted every year. One GramHum landing page only shows 24 posts dating back since the pages inception. A tactic used during the election. Distribute it and then delete it.

 I didn't know or it was only a joke or meme is the excuse.

GranHum dotcom is registered with PorkBun LLC, a registrar of domain names that has had hundreds of reported coronavirus scam websites that it has registered this year. #CyberSecurity

This viewing page group has been placing and deleting content on various sites and show only a minimal amount of posts.

                                 SEO is search engine optimization. Is this optimization acceptable?

The suckabanana keywords and hashtags lead to dangerous areas of the internet with undertones and deviance that many dare not fathom, let alone witness in any form.

Do you know the Banana Fungus? It is real, and bananas may not survive.

                                       Banana fungus is real. So are disturbing banana memes.

The keywords and hashtags have many hidden dark places on the internet that the university does not know about and is not related to, responsible for or associated to in any way, shape or form other than the keyword and hashtag placement for search engines. It is just the first layer of search engine optimization that someone is in control over and will rectify the situation. 

 Google will gladly be able to assist. You can probably Google it.

                                                                 Search results on Bing

The Federal Bureau of Investigation has been investigating the dark underworld of keyword and hashtag associations and leads for many years. Many lead to the dark web. Then the links and layers get deeper. The are becoming more topical and dangerously mainstream today.

     This is an official tweet regarding the current social media threat to children during the pandemic.

Children are our future and we need to protect them. The "suck a banana' franchise of tags and associations are being hashtagged with kid themed tags including "hard for kids" and others.

The combination of what appears to be a benign "hard for kids" hashtag that may imply a difficult math or science problem, is tagged along with deviant hashtags.

Gamers and gaming sites are another lure.  

Banana rooms and hidden areas that are clicked on may place your child in harms way with no knowledge if not monitored and aware of the dangers. 

Many memes and online distribution channels have become dangerous social weapons.

The Washington Post published an article of political memes Friday, November 6th, 2020. 

Notice the "who made this" comment. Who made it indeed. 

The internet has become weaponized, not just social media.

Dangerous memes and accounts are spreading a different kind of virus that has infected everyone who has seen any of the malicious memes, videos, posts and tweets. 

Courtesy of The Washington Post .

Several photos have shown up on both political and sexually themed sites.

Lurking with bad intent below in nefarious parts of the internet.

All three above are suckabana hashtag memes cropped for content.

The three links above are all associated with the suckabana franchise of keywords and tags that only gets worse if you follow the links and leads. Several variations of the hashtags and keywords exist and have multiplied at an alarming rate in 2020. 

The Pandemonium in the Pandemic.

 

Hidden banana rooms and different searches yield other nefarious lures.

Weaponizing social media is not only dangerous but it is destroying the very foundations of our democracy and lives and striking many down to the core. 

 

We all can do better. We all have to. All of US.

<p>

Veuillez ne pas sucer une banane sur votre site Web SEO. French.

Por favor, no chupes un platano en tu sito web SEO Spanish.

Molim vas, nemojte sisati bananu na svojoj web stranici SEO. Croatian.

Bitte saugen Sie keine banane auf lhrer Website SEO.. German.

Please don't suck a banana in your website SEO.

</p>

Dominic Alvieri, @AlvieriD

Analyst, Researcher and Tracker.

The Cybersecurity Show on Blogger