Posts

Highlights

Scam Alert - Blaze / E-Prospects Media / Ocapo

Image
[Updated 2nd October 2019 re: Heritage Gold Solutions]
[Updated 4th October 2019 re: Wise Advise Services]
Background I thought this one would be interesting as there's a bit more information to dig out, and that shows how these scams work a little better. Most people are already well aware but I thought this might help expose some of the nuances.

So I got a call last week which followed a familiar pattern.... "Hi this is [insert madeupname here] calling from [madeupcompany]. Yeh - I understand you've been in an accident. Is that right?". It's a recorded automaton which wants you to say "yes". If you say "No" or an answer it can't recognise it simply ends the call and tries the next number in it's list.

If you say "yes", it'll connect you to a real person and that's where the real fun can begin. Generally there's two types of purpose for this call - either they're trying to get you to disclose personal details …

Hosting Provider Due Diligence (Part 2)

Image
In part one we established our goals and principals, which now need some sorts of measurements and assessments to be defined - these will essentially help us prove we've met our goals and are delivering the correct vision.
Assessments We'd normally apply measures, goals and assessments at high, mid and low level to capture everything from strategic goals to non-functional assessments. However in this case we have a simple set of functionals, non-functionals and are focusing on strategic validation. So directly against our goals and principals then we should measure by:
Selecting a new IaaS provider (or providers?), and migrate all our existing infrastructure & servicesComplete a successful penetration test of our own infrastructureAssess the responses from our client surveys to ensure that the capabilities they will need in 2-5 years are viable & supportableMigrating all domain ownership and closing down the accounts with US-based providers for internal use only (some …

Scam Alert - Winchester Tax Boutique

Image
Updated 19th September 2019: New information regarding corporate structures Background This is an interesting one as Winchester (a.k.a bespoketaxplanning.co.uk, a.k.a winchestercontracts.co.uk) have appeared on our radar before. Whilst there wasn't sufficient direct linkage to the target of that particular investigation, we dropped a stick into the digital river and wandered to the other side of the bridge.

Some two years later that stick reappeared, having floated out from under the bridge.

We can't at this stage mention the name of the organisation who are actually the focus of this current investigation, although as soon as the situation resolves we'll open the book a little. What's interesting is that - for the sake of reference we'll call them Company A - this new investigation involves unsolicited marketing emails using specific details provided to a number of companies.


It appears that winchestercontracts.co.uk is no longer in use - originally registered in …

Hosting Provider Due Diligence (Part 1)

Updates Last year we had a look at our options regarding the IaaS position vs. politics. Once the dust had settled in Q3 2018 two things became clear:
President Trump would go on to make good use of the White House to further his own stock portfolio. Well played.US-based IaaS organisations sit between a rock and a hard place in such a privacy hostile environment, despite providing excellent capability and support It still means we offer goods and services hosted - or based on - Amazon, Google and Microsoft cloud offerings in EU & EEA data centres. We decided not to invest any further in Oracle cloud as Big Reds historical approach to its re-sellers and clients has not been positive (as well as the fact that the IaaS offering simply isn't at the same level as everyone else).
A lot of US tech companies are using tax devices which shuffle the (technical) profit away from the tax authority related to the country where the revenue was made e.g. Amazon, and it doesn't seem right…

Scam Warning - Jobsite a.k.a. TotalJobs (Update)

Image
Update May 2019: Jobsite has merged with TotalJobs
Original Article Jan 2018

Over the course of the last 1-2 years I've discovered that most spam starts from online jobs boards. Some are better than others - CWJobs.co.uk was appalling and I've stopped using it but there are still two or three that are shiny lights of privacy.

I've had a lot of support from some, such as Monster, who were able to apply their own T's and C's to unlawful acquisition of personal data. In some cases repeat offenders who had a complete disregard for the law - even after being told to stop by ICO.

However one jobs board sits on the fence, seemingly unable to go forwards or backwards, Jobsite.co.uk.
Soft Opt-In The first issue is that you cannot apply for a role on their boards without creating an account / job seeker profile. Ok, well that's no big deal I guess...however when you look deeper the default profile settings are to opt-in to newsletters, unsolicited marketing from 'care…

Scam Alert: iProfile / Vertifi / Jobzooma

Image
Background I've included two logos in reference to this article - one relating to iProfile Ltd (Australia) - who advertise "CV cleansing" services, which re-combines candidate data from other sources into the recruiters CV base; and iProfile (UK), which is / was part of the Vertifi brand house. Vertifi were also trading as "Talent Spa" and it's associated domains.

As you can see the logos are virtually identical and these companies share directors, despite the organisations protestations to me previously that they are completely unrelated. Even though they perform exactly the same operations & services (and more than likely share data to re-sell).

In essence, iProfile used to offer recruiters a platform that would "enrich their CV database", and allow them to utilise those candidate profiles more than one year old. This involved recruiters acquiring candidate (job seeker) profiles from standard sources - for example from the jobs boards on wh…