Saturday, 24 June 2017

Facebook Live Oyster Pearl Party Scams

A little off-topic but recently I've been asked so many times about the Pearl Parties live broadcasts appearing all over Facebook status walls. If you haven't heard of Pearl Parties, they are sales broadcasts where the hosts entice viewers to buy sealed oysters which are opened live on the broadcast, any pearls found inside are sent to the buyer, and there always seems to be plenty of pearls found.

So after watching a few of these broadcasts, it becomes clear why these broadcasts are appearing all over Facebook, as the party hosts constantly offer the chance to win free oyster opening to all viewers that share the broadcast. After further investigation, it becomes even clearer these Pearl Party broadcasts aren't the harmless fun the presenters insinuate but are scams.
Oysters Originate from the Far East & Individually Vacuum Packed

The oysters you see opened on the Facebook live broadcast are real enough, they are bought in wholesale by the oyster party, but the copious pearls discovered inside them aren't quite as legit, rare and valuable as you might think. I have discovered two methods behind the high number pearls found inside them.  Either the freshwater oysters have been cultured, basically hacked and farmed into growing the pearls, or the oysters had the pearls inserted within them, after which they are dropped into a chemical bath to make them snap close, killing and preserving the oyster. With either method, the oysters individually vacuum packed before being shipped off from the Far East to the party hosts in bulk.
Cheap as Chips Oysters are bought in Bulk

On the Pearl Party broadcasts I observed, it cost £30 to £50 to open a batch of 5 oysters, which is a considerable markup from the direct online price of around £1 to £2 per oyster. Often the punters don't get the chance to buy a set number of oysters to be opened in the hope of receiving any pearls found inside, as there is a random based game to be played to determine how many oysters are opened for their set payment. These games involve rolling a dice or spinning a wheel to decide the number oysters open, which in itself probably breaks gaming licensing laws in many countries. This game is part of the scam, it is used to make buyers think they have won something and disguise the fact are paying well over the odds for the low grade nearly worthless pearls they end up receiving.

Pearl Party Sales are similar to the Shopping Channels

As the party host opens each oyster on the broadcast, they blag how wonderful the pearls look, using lightening and display techniques to make each pearl look as glamorous as possible, the same techniques employed the professionals on jewellery shopping channels, but with fibs. The reality is these pearls are nothing of the quality of actual rare high-value natural pearls. Some hosts will even measure, rate the colour and shape, and conclude a value for each pearl, which is always way more the buyer has actually paid, again all part of the con. If the host really thought the pearls were worth as much as they are saying, why on earth would they bother with the broadcast and just sell them directly themselves!

The host will also offer to set your pearls in jewellery, like earrings and necklaces, all for an extra cost of course.

I also found some hosts operate on behalf of companies in a pyramid-like scheme, where they pay a set amount in, oysters are supplied to them, the more they sell the more they rise up the pyramid ranks and the more money they make.

So be warned, don't participate in promoting these scams to your friends by sharing Pearl Party Facebook Live broadcasts. You'd think Facebook would do something about these types of illicit practices on their Facebook Live service, but apparently not. Given the lawless of Facebook Live, I think we can expect further scams of this nature in the near future.

Thursday, 1 June 2017

Cyber Security Roundup for May 2017

The WannaCry ransomware outbreak within the NHS dominated the national media headlines earlier this month. Impacting 45 NHS sites in England and Scotland, the massive cyber attack led to cancelled operations and diversions of emergency medical services. The WannaCry outbreak was not just limited to the NHS, as thousands of computers were shut down at companies in almost 100 countries. After an initial infection via a phishing email and file encryption, the ransomware has the added ability to rapidly self-replicate, infecting other networked Windows computers without Microsoft’s March 2017 critical update (MS17-010) installed, this drove the swift spread of the malware within large organisations and across the world.

Debenhams had 26,000 customer personal details stolen through its flowers service website, which was operated on Debenhams behalf by a third party company. The data breach has been reported to the ICO.

With a year to ago until General Data Protection Regulation (GDPR) goes into law, there were several news reports stating UK businesses need to do more to prepare and highlighting the new data breach fines which could run into Billions for FTSE 100 companies.

If you live in Manchester, your computer is 4 times more likely to be infected with malware than elsewhere in the world according to statstics by Enigma Software Group.

Over in the United States, Brooks Brothers disclosed a major payment card breach, after an individual installed malicious software which captured credit card information within payment systems at locations across the USA and Puerto Rico for 11 months, a remind of the importance of PCI DSS compliance where businesses store, process and/or transmits credit/debit card data (cardholder data). 

Hackers stole a copy of Disney's forthcoming Pirates of the Caribbean film, and tried to hold Disney ransom, Disney didn't pay.

Interesting blog post by MacKeeper Security, on how cyber criminals are linking various stolen credential datasets to leverage access to systems.

And finally, it was another busy month of security update releases by Microsoft and Adobe, the WannaCry impact on the NHS is a stark warning to ensure all newly issued critical security updates are quickly applied