Tag Archives: Scams

Traffic light – ‘easy’ to hack whole city’s systems

The most famous traffic light ‘hack’ in history is in the classic film, The Italian Job (1969), a caper movie where the heist involves paralyzing Turin via its traffic control system. The plan’s author, played by Michael Caine, says, “It’s a very difficult job and the only way to get through it is we all work together as a team. And that means you do everything I say.”

The reality, it turns out, is much easier – at least according to researchers at the University of Michigan, who say that networked traffic systems are left vulnerable by unencrypted radio signals and factory-default passwords, and that access to individual lights – or even a city-wide attack, as in the film, is possible, according to Time’s report.

“This paper shows that these types of systems often have safety in mind but may forget the importance of security,” the researchers write. Technology Review points out that Michigan’s system, which networks 100 lights, is far from unique. Similar systems are used in 40 states.

An attacker focused, like the film’s ‘crew’ on robbery could control a series of lights to give himself passage through intersections, and then turn them red to slow emergency vehicles in pursuit, according to the BBC’s report.

Traffic light: Blow the bloody doors off

“Once the network is accessed at a single point, the attacker can send commands to any intersection on the network,” the researchers write.

“This means an adversary need only attack the weakest link in the system. The wireless connections are unencrypted and the radios use factory default user-names and passwords.”

Traffic light controllers also have known vulnerabilities, and attacks could paralyze cities: a traffic DDOS could, the researchers suggest, turn all lights to red, and cause “confusion” across a city.

Lights ‘go green automatically’ as thief escapes

“An attacker can also control lights for personal gain. Traffic lights could be changed to be green along the route the attacker is driving,” the researchers write.

“Since these attacks are remote, this could even be done automatically as she drove, with the traffic lights being reset to normal functionality after she passes through the intersection.”

“More maliciously, lights could be changed to red in coordination with another attack in order to cause traffic congestion and slow emergency vehicle response,” they write.They also suggest measures including encrypted signals and firewalls which could improve current systems.

Perhaps a film reboot is in order: after all, the 1969 version ends with Caine saying, “Hang on, lads; I’ve got a great idea.”

The post Traffic light – ‘easy’ to hack whole city’s systems appeared first on We Live Security.

Gamescom: How gaming grew up into a target for crime

With over double the attendance of San Diego’s Comic-Con (340,000 attendees last year, compared to Comic-Con’s 130,000), gamescom highlights not just how pervasive video games have become in our lives, but also how video games have gone since the late 1970s and early 1980s from being a small offshoot of the “traditional” computing industry to becoming a full-fledged multi-billion dollar industry in themselves. Today, companies like Microsoft, Nintendo and SONY generate billions of dollars from sales of games and gaming consoles; and there is a burgeoning market for dedicated gaming hardware for PCs ranging from specialized graphics processors from companies like AMD (formerly ATI) and Nvidia to exotic cooling solutions using liquid nitrogen and metalized thermal interface materials; to the creation of AAA games such as Electronic Arts‘ fifteen year old (and still going strong) The Sims franchise, and Blizzard‘s World of Warcraft, which redefined MMORPG gaming.

Gaming by the numbers

To get an idea of just how pervasive computer gaming is, let’s look at these successful games and consoles, and match them up with some other real-world numbers:

ITEM
NUMBER
EQUIVALENT TO
The Sims 175 000 000
(copies sold over 15 years)
Combined population of Austria, Belgium, Denmark, Germany, Liechtenstein, Luxembourg, Netherlands, Poland, Slovakia and Switzerland
World of Warcraft 7 600 000
(avg. # players over
last 4 quarters)
Cost of 2014 upgrades (in
USD) to Kensington Palace,
United Kingdom
8th generation console units 18 680 000
(PS4+Wii+XBONE units shipped/sold)
Average number of viewers per
episode of Big Bang Theory
during its 2012-2013 season

Computer gaming is a huge and a wildly successful market, and as in any system that works at scale, there are going to be so-called businessmen or entrepreneurs who “seek to optimize their return on investment through whatever means possible” or, to put it more succinctly, criminals who abuse the ecosystem.  But in virtual worlds, can real crimes occur?

Game Crime

gamescom

As gaming has moved online, as with next-gen consoles such as Xbox One, crime has moved in

As it actually turns out, there’s actually quite a bit of undesirable activity that can occur online, such as trolling or griefing, which have occurred for as long as people have been playing games online.  The exact nature of these activities varies between games, as do their consequences, but while some online behavior is horrifying, it is not always clear whether an actual crime, prosecutable outside of cyberspace, has occurred and, if so, in what jurisdictions.  Likewise, cheating, while unsportsmanlike, may be a violation of a game’s acceptable-use policy, but not a criminal offense.

Doing time, online

Computer game companies police their virtual worlds to various degrees, as unwanted or objectionable in-game behavior could cause paying customers to leave en masse, with a corresponding drop in revenue.  If warnings are not sufficient, the usual sentence for abusive users is to ban them from playing the game for a fixed amount of time.  Repeat offenders, or those who may have done something especially offensive, may find themselves permanently banned from the game and their accounts closed.

Real thieves in a virtual world

The sale of virtual goods (including virtual currencies) is an important part of in-game economies, but also presents criminals with some unique opportunities as well:

Theft of Goods

The longer you play a MMORPG, the more likely you are to get items which are rare, limited edition, unique or otherwise contain powerful buffs for your character.  Game companies create these kinds of items and adjust their scarcity because it helps encourage gamers to pay real money, either for the items themselves, or for in-game currency.  Or the developer may charge a subscription fee to play the game.  And that use of real money is what makes some games lucrative targets for thieves.

In some games’ player-versus-player (PvP) combat, the losers of fights may drop items that they were using in their inventory or currency, upon their in-game death.  In some games, this has led to the creation of gangs or “mafias” who often target new players, either to “loot their corpses” or merely to threaten them with looting in order to obtain their items or currency.

In the real world, gamers are regularly targeted by criminal gangs with phishing emails, as well as password stealing software, in order to gain access to their account credentials.  From there, it is a simple matter for the criminals to empty out the gamer’s account, akin to taking the jewels out of some kind of high-tech safe deposit box.

While some game companies employ sophisticated geolocation tracking and even two-factor authentication systems identical to those employed by banks, others do not, and this makes those game accounts not only vulnerable to being emptied out, but to being stolen themselves.  It can take years of grinding away at some games to reach the upper levels.  For some unsporting game players, that represents an almost irresistible target.

Counterfeiting items

The amount of virtual items (including virtual currencies) is usually carefully calculated by gaming companies, even to the point of employing economists, to help ensure the stability of their virtual economy.  Unfortunately, as in the real world, some virtual worlds are subject to counterfeiting, where in-game items or currency is duped (“duplicated”) over and over again by criminal gangs by exploiting vulnerabilities or bugs in the game, network connection or timing issues, and so forth.

If an in-game item can be duped ad nauseam, it can generate a lot of money, especially if it is the in-game currency that is being copied, and not some scarce or unique item.  While item duping may not be enough to disrupt the in-game economy if the item is not being sold, it does disrupt game play and fairness when characters become seriously overbalanced.

Regardless of why it is being done, counterfeiting can be difficult to deal with, especially if the recipient of a duped item is not aware of its provenance.  This may not stop game admins from removing counterfeit items or currency from a gamer’s account, or even banning the gamer, though.

Gold farming

Although in-game currency is not always golden coins, gold farming is the generic term used to describe players who do nothing but play a game in order to generate in-game currency, which they sell online for real-world currency.  This is particularly problematic in China, where there have been reports that prisoners are used as slave labor to generate revenue for prison authorities.

As with item duping, gold farming is disruptive to gaming economies because it leads to inflation.  Aside from that, it also leads to other problems, both in-game and in the real world, with being spammed with advertisements for gold.  And, as with selling counterfeit or stolen goods, one runs the risk of having the items removed by the game admins or even being banned for having received counterfeit or stolen virtual property.

Companies under assault

Of course, computer criminals don’t just target gamers:  Gaming companies themselves can be targeted as well.  Probably the most well-known example of this is the April 2011 breach of the SONY PlayStation Network gaming and Qriocity music streaming service, which resulted in the compromise of the names, addresses and credit card details of 77 million user accounts.

ESET provided extensive coverage of the SONY data breach in our blog, starting from the initial report of the breach in April 2011 all the way up to the proposed settlement of a week ago.  As a result, I am not going to discuss the details of the SONY breach in this article.  Readers should be aware that this sort of problem is not unique to SONY, either.  Almost exactly, two years ago, Blizzard Entertainment suffered a data breach themselves, although they responded in a different and—this author thinks—more responsible fashion.

The point here is that that computer game companies and their associated services face real threats from criminals:  If they charge customers for online play, the purchase of in-game items, or otherwise contain customer billing data in their computers, then those computers systems are targets for financial crime.  But even if they don’t charge customers, their systems might still be targeted by criminals seeking access to accounts for the reasons mentioned in the preceding section.  Game companies recognize this, of course, and as a result their security practices have improved greatly over the past couple of years.

Final thoughts

For the most part, computer gaming poses no additional risks beyond any other activities you might perform on the Internet.  You may, however, wish to take a few extra precautions, as outlined in the previous two articles from We Live Security:

I would also suggest reading our Comic-Con 2014: Eight super-powered digital safety tips article.  While Comic-Con is not exactly the same type of conference as gamescom, going to any type of conference with your computer, tablet, smartphone and various digital devices poses similar risks these days, and you may find some helpful information in that article.

Thanks to my colleagues Bruce P. Burrell, David Harley and Righard Zwienenberg for their assistance with this article.

Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher, ESET

 

Selected Bibliography

For further reading, here is a fairly complete compendium of gaming-related articles from We Live Security:

The post Gamescom: How gaming grew up into a target for crime appeared first on We Live Security.

Week in security: Blackphone unmasked, RATs vs Androids, and browsers kill cars

It’s still high season for security news, with the last days of DEF CON 22 luring out the best in the business – and causing controversy (as, of course, it should).

The biggest draw was a hack which knocked out the “ultra-private” encrypted Blackphone in just five minutes – although there was much discussion of the techniques used. Silent Circle, creators of the PGP encryption standard, took a secure, dignified response.

They patched – fast – and admitted their errors, saying, “No hard feelings — things get fixed by being found.”

Android versus RAT: Rodent wins

Android users in Russia were offered a bundle of free apps – with one catch. Each had been tweaked to hide malware – a RAT built to steal information. Remote Access Trojans (found on both PCs and Adroid devices) allows an attacker access to data – in the case of Android/Spy.Krysanec, GPS location, contacts lists, web history, contacts lists and more.

This backdoor trojan, which ESET detects as Android/Spy.Krysanec, was found as a malicious modification of MobileBank (a mobile banking app for Russian Sberbank), 3G Traffic Guard (an app for monitoring data usage) and a few others, including our own ESET Mobile Security. Naturally, it was shared through third-party app stores and social sites – not Google Play.

The malware was found to be distributed through several channels, including a typical filesharing (think Warez) site or a Russian social network.

ESET’s Robert Lipovsky says: “users should download not only our ESET Mobile Security but any application only from trustworthy sources, such as the official Google Play store. And even there, exercise caution by carefully examining the permissions requested by the app.”

Wi-Fi: The skies are safe once more

The good news – your aeroplane will not plunge from the skies thanks to hackers armed with iPads – and the idea of hacking planes via Wi-Fi is silly. The bad news: things ARE getting worse.

Black Hat is no stranger to world-changing hacks – but Ruben Santamarta’s talk was described by CNET as “the hacking presentation that will get the most attention”, claiming that plane security could be hacked wirelessly, by Wi-Fi or even SMS.

The debunking didn’t take long. Dr Phil Polstra of Bloomsburg University has the credentials – he holds 12 aviation ratings, all current, including aircraft mechanic and avionics technician, thousands of hours of flight time, and has worked on on the development of avionics found in modern airliners. He also recruited an even more qualified but anonymous pilot to help.

Short answer: planes cannot be hacked wirelessly – any model ever built. Strict rules prevent avionics systems from being accessible via wireless – except in Boeing aircrafts, which use a system “harder to hack” he says.

Several companies have already said wireless hacks were “impossible”, and that access to wired systems restricted: “In the aviation and maritime markets we serve, there are strict requirements restricting such access to authorized personnel only,” said one.

Polstra warned, however, that “increasing automation” may lead to problems in the future.

Security news: Your router is a time bomb

No wonder cybercrime gangs target routers – yet another “live fire” test against the devices proved they were packed with vulnerabilities. More than a dozen were found in the challenge at DEF CON – and one router-hunter found 11 on his own.

PC World described the devices – the portal into most home networks – as “insecure as ever” as hackers romped through challenges against big-brand devices from Linksys, Netgear, D-Link, Belkin and others.

Once again, the routers proved weak foes – and a second challenge, to extract information from the devices, proved equally easy for the contestants.

Cyberjacking: It’s a word, and it’s happening (soon)

Two researchers who have previously demonstrated hacks against cars declared a new threat this week – in-car web browsers.

In an exhaustive analysis of top car brands, the researchers found that while it WAS possible to compromise systems, the results were limited. A BlueTooth hack, for instance, would not compromise the vehicle – but allow attackers to ‘pair’ devices.

Charlie Miller and Chris Valasek in their paper A Survey of Remote Automotive Attack Surfaces conclude that the danger of “hackable” cars is expanding – but is about to grow rapidly, as web browsers are added to cars.

“Once you add a web browser to a car, it’s open. I may not be able to write a Bluetooth exploit, but I know I can exploit web browsers.” The recent reported hack against the Tesla Model S relied on its connected control panel.

A SlashDot user claims to have found a hidden port on the Tesla Model S, and used it to prove the car ran a modified version of Firefox.

 

Two-factor security: We want it now!

Millions of Americans were directly affected by the breach at Target – and as cybercriminals increasingly take aim at POS terminals, similar tragedies look likely in future.

But American banks and card companies have been slow to reassure customers with measures such as two-factor security systems.

A report found that two-factor security was STILL not on offer at major banks such as Citibank, Capital One and for AmEx cards, when it came to online banking. Many other banks require customers to opt in.

The reason, the NYT claims, is economy – for the banks, “Companies have gone back and forth about whether to even allow their customers to sign up for that second factor and require the company to generate a one-time code to be entered in addition to a username and password.”

“While such precautions add to the consumer’s security, they can also increase the company’s tech support needs.”

An ESET video explains what two-factor is, and why it works, here.

One of the more disquieting aspects of the NYT report was that 2FA protection was offered only to some customers – and banks were not clear as to why.

 

The post Week in security: Blackphone unmasked, RATs vs Androids, and browsers kill cars appeared first on We Live Security.

Robin Williams’ last phone call? Sick Facebook video scam exploits celebrity suicide

Be on your guard against yet another Facebook scam, this time exploiting the tragic death of comic actor Robin Williams.

The scam, which you may see shared by your Facebook friends oblivious to the fact that they are helping fraudsters earn money, claims to be a ghoulish video of Robin Williams making his last phone call before committing suicide earlier this week.

Of course, you might be fooled into believing it is genuine. After all, you have seen one of your Facebook friends share it on their wall.

But the truth is that they have been duped into sharing it by a simple social engineering trick, and you would be wise not to fall into the same trap.

The first thing you see is a post made by one of your Facebook friends:

Robin Williams Facebook scam

<blockquote style=”margin: 15px;padding: 15px 15px 5px;border-left: 5px solid #ccc;font-size: 13px;
font-style: normal;font-family: ‘Helvetica Neue’, Helvetica, sans-serif;line-height: 19px;”>

ROBIN WILLIAMS SAYS GOODBYE WITH HIS PHONE VIDEO BEFORE SUICIDE

If you click on the link you are taken to a third-party website, which claims to have a phone video made by the award-winning comedian in the minutes before his death:

Robin Williams Facebook scam

<blockquote style=”margin: 15px;padding: 15px 15px 5px;border-left: 5px solid #ccc;font-size: 13px;
font-style: normal;font-family: ‘Helvetica Neue’, Helvetica, sans-serif;line-height: 19px;”>

EXCLUSIVE VIDEO: ROBIN WILLIAMS SAYS GOODBYE WITH HIS CELL PHONE BEFORE HANGING HIMSELF WITH A BELT AND CUTTING HIMSELF WITH A POCKET KNIFE. HE CAN STILL MAKE EVERYONE LAUGH WITH THIS VIDEO BUT IT WILL MAKE EVERYONE CRY A RIVER AT THE END.

You would have to be pretty ghoulish to proceed any further, but the truth is that the internet has deadened our sensitivities and made many of us all too willing to watch unpleasant things on our computer screens.

However, the truth is also that no such video is known to exist, and if you click to watch it you will be told that you have to share the link on your Facebook wall – encouraging your friends and family to go through the same process that you have – and ordered to complete an online survey before you may watch the footage.

Robin Williams Facebook scam

And that’s the point of the scam.

By tricking thousands of people into taking a survey, in the misbelief that they will watch the final moments of a comedy legend whose life ended tragically, the scammers aim to make affiliate cash.

Because every survey that is taken earns them some cents – and the more people they can drive towards the survey (even if they use the bait of a celebrity death video), the more money will end up in their pockets. In other cases, scammers have used such tricks to install malware or sign users up for expensive premium rate mobile phone services.

The scammers have no qualms about exploiting the death of a famous actor and comedian to earn their cash, and give no thought whatsoever to the distressed family he must have left behind.

Always be extremely wary about what links you click on on social networks, and never Share or Like something before you have seen it for yourself, and decided whether it warrants sharing with your online friends.

Because you might not just be putting yourself at risk, you could also be endangering your friends and family.

The post Robin Williams’ last phone call? Sick Facebook video scam exploits celebrity suicide appeared first on We Live Security.

Gamescom 2014: World of Malware?

The gaming industry keeps growing in terms of popularity, and the large population of gamers, and the crowds at Cologne’s Gamescom 2014, represents an opportunity for miscreants to make money. In this blog post, we will explore various attacks specifically tailored to gamers, by starting with trojanized legitimate games, then by exploring some malicious software and targeted attacks against the video games industry. Finally, we will describe some recent exploits found in video games.

Gamescom 2014: Bitcoin Miners

Recent years have seen the introduction of Bitcoin, Dogecoin and other trendy and trending cryptographic currencies. These currencies are created by solving computationally-intensive cryptographic challenges, which require a lot of processing power. As gaming rigs are built with powerful processors and cutting-edge video cards, they can be considered one of the most efficient environments in which to “mine” these digital currencies, with the advantage of being widely spread among the Internet-using population.

In 2013, an employee of the ESEA Counter-Strike league silently introduced a Bitcoin miner into their anti-cheating software, which every member of the league had to install in order to participate. Fortunately the stratagem was uncovered rather quickly, and less than $4,000 worth of bitcoins were ‘earned’ by the malicious employee. More recently, a pirate version of the game ‘WatchDogs’ included a bitcoin mining Trojan which made a profit for the torrent’s author.

Keyloggers and Information Stealers

As the size of the gamer population has increased, some in-game goods have acquired some real monetary value. High-level/high-value characters, in-game currency, legendary items or even hats can be purchased with real money. But when something is worth money, it also means that for some people, it is worth stealing. Consequently, some malicious software focuses on stealing video games credentials. These information stealers are usually distributed under false pretenses, hiding behind so-called “game experience enhancers” or disguised as legitimate tools.

Keyloggers are the most prevalent type of malware in the gaming world, identified as Win32/PSW.OnLineGames by ESET. These programs can be pretty simple but have proven to be very effective at stealing players’ credentials, in order to resell items and characters. So many accounts are compromised that games editors are used to it and have implemented an FAQ and process to handle this situation.

To counter this type of malware, some MMORPG creators, such as Blizzard (who publish World Of Warcraft), have introduced two-factor authentication – and new titles introduced at Gamescom 2014 will do the same. This two-factor authentication takes the form of an electronic device (or a smartphone application) delivering unique six-digit codes that are active and valid only for a limited time before a new code has to be generated.

At the beginning of this year, malicious software named Disker was able to bypass this double-authentication mechanism. Disker appears to be as complex as malicious software that focuses on stealing banking information and it has the ability to steal both the victim’s account credentials and his or her authenticating six-digit passcode.

But as the passcode remains valid only for a short period of time, the attacker has to be behind his keyboard when the information is exfiltrated so as to be able to use it. So Disker implements a way to circumvent this problem: as it leaks the 6-digit passcode to the attacker, it will actually send a wrong passcode to the World Of Warcraft server, preventing the user from logging in. At this point, the victim will almost certainly disable the two-factor authentication in order to enjoy his game. Once this is done, the attacker is no longer restricted to operating within a short period of time.

Targeted Attacks

Players are not the only target in the gaming ecosystem, games companies can also be specifically attacked. For example Kaspersky discovered last year a malware targeting no less than 30 MMORPG game companies. In this case the attack was intended to:

  1. Deploy malware on gamers’ computers by using the MMORPG update server
  2. Manipulate in-game currencies
  3. Steal digital-certificate to create signed-malware, making the malware easier to propagate
  4. Steal the MMORPG source code to deploy it on rogue servers

Exploits

MMORPGs are not the only targeted type of games, other kinds of multiplayer games are also potential targets. Recently, security researchers Luigi Auriemma and Donato Ferrante have been looking for vulnerabilities in games and game engines.

The results are impressive: they found vulnerabilities in the Source Engine, making any game based on this engine vulnerable, such as the famous Counter-Strike Source, Team Fortress 2 and Left 4 Dead. Those vulnerabilities could be used to execute code on a player’s computer without their knowledge and consent, potentially leading to installation of malware without requiring any action from the user other than his usual gaming activity.

Today, no known malware spreads using vulnerabilities in games but the rising value of in-game goods could motivate malicious people enough to use this kind of attack to spread game-targeted malware.

Conclusion

The emergence of such malware shows that the high value of in-game goods is appealing to bad guys – and the titles shown at Gamescom 2014 will be high-value targets.

The complexity of these types of malware, and the implementation by Blizzard of protective measures similar to those used by banks, indicate that we are at the beginning of an arms race between criminals and the gaming world. In this race, everyone has a role to play, editors by securing players’ accounts adequately, and players by educating themselves about the dangers, the existing solutions, and how to behave in order to enjoy safer gaming.

The post Gamescom 2014: World of Malware? appeared first on We Live Security.

Phone scams: card fraud with that steak, Sir?

A new telephone scam has been targeting upscale restaurants in London, with “convincing” scammers calling restaurant staff and tricking them into believing there’s a problem with their payment system – according to a report issued by Financial Fraud Action. The scammers have targeted restaurants in affluent areas such as the West End and Twickenham.

The fraudsters give staff a phone line to call for customers to make payments, the Telegraph reports. Transactions are then funneled through the fraudulent phone line – restaurant owners have been warned to phone banks on a number known to be legitimate to check before changing payment methods. Katy Worobec, Director of Financial Fraud Action UK, said “It’s important that restaurant owners are alert.  Fraudsters can sound very professional – don’t be fooled.”

Phone scam: ‘Classic social engineering’

To customers, Financial Fraud Action said, “If you receive any calls from your bank claiming there’s a problem with payments, make sure you phone them on an established number to confirm the request is genuine. In addition, always wait five minutes to ensure the line is clear, as fraudsters will sometimes try to stay on the phone line and pretend to be your bank.” The tactics used are variations of those in many current phone scams. In the common ‘courier scam’ used to obtain cards and PINs, the caller waits on the phone and pretends to be a new connection after the caller dials.

Phone scams: Old tricks

ESET senior researcher David Harley says, “The ‘staying on the phone line’ gambit is worth mentioning: it’s certainly been used a lot in the context of other scams.” The tactic works simply because few users take measures to ensure the caller is not waiting – and when they dial, they are still connected. All that happens is the fraudster hears a series of beeps. Harley suggests ‘interrupting’ the call by hanging up and dialing another number – or calling on a different phone.

Action Fraud said,”When the restaurant calls the phone number, the fraudster asks to speak with the paying customer and then goes through their security questions. Once sufficient security details have been obtained from the customer, the fraudster will instruct the restaurant to put the transaction through.” The fraudster then subsequently calls the customer’s bank – usually within five minutes – and attempts to transfer funds, the Daily Mail said.

The scam is not new – and several elements are “classic social engineering” says ESET Senior Research Fellow David Harley – but it has spiked in the past six weeks, “Certainly there’s a problem with the concept of answering security questions over the phone unless the bank or other caller has already authenticated themselves to you,” Harley says.

Harley says the key to avoiding such scams is not to place trust in unknown callers. If unsure, hang up, and call back on a known number. “In this case, a restaurant that falls for this has clearly failed to verify the credentials of the ‘bank’ and a customer who goes along with it has put too much trust in the restaurant. The ‘security questions’ must persuade the customer to give quite a lot of information away if they have any hope of persuading the bank to make the fraudulent transaction over the phone. One would hope…”

The post Phone scams: card fraud with that steak, Sir? appeared first on We Live Security.