Scam Alert - Winchester Tax Boutique

Updated 19th September 2019: New information regarding corporate structures Background This is an interesting one as Winchester (a.k.a, a.k.a have appeared on our radar before. Whilst there wasn't sufficient direct linkage to the target of that particular investigation, we dropped a stick into the digital river and wandered to the other side of the bridge.

Some two years later that stick reappeared, having floated out from under the bridge.

We can't at this stage mention the name of the organisation who are actually the focus of this current investigation, although as soon as the situation resolves we'll open the book a little. What's interesting is that - for the sake of reference we'll call them Company A - this new investigation involves unsolicited marketing emails using specific details provided to a number of companies.

It appears that is no longer in use - originally registered in …

Hosting Provider Due Diligence (Part 1)

Updates Last year we had a look at our options regarding the IaaS position vs. politics. Once the dust had settled in Q3 2018 two things became clear:
President Trump would go on to make good use of the White House to further his own stock portfolio. Well played.US-based IaaS organisations sit between a rock and a hard place in such a privacy hostile environment, despite providing excellent capability and support It still means we offer goods and services hosted - or based on - Amazon, Google and Microsoft cloud offerings in EU & EEA data centres. We decided not to invest any further in Oracle cloud as Big Reds historical approach to its re-sellers and clients has not been positive (as well as the fact that the IaaS offering simply isn't at the same level as everyone else).
A lot of US tech companies are using tax devices which shuffle the (technical) profit away from the tax authority related to the country where the revenue was made e.g. Amazon, and it doesn't seem right…

Changes in Platforms

Over the course of 2018 I've been too busy with consultations to publish any investigative findings. However it's given the data markets a chance to settle a little bit after the changes in data protection legislation.

It appears to have created a polarised landscape of either continuation practises of some data idiots ("Didiots"?), or the adherence to consent practises. What's slightly ironic is that some of the latter camp seem to have overlooked the requirements for consent prior to May 25th 2018.

Never mind - as long as we're largely heading in the right direction, that's all that really matters.

Despite all of this we still have Didiots such as Jobzooma and Firebrand - more to come on the latter in a later publication. As I wind down the consultancy work I'll have more time to delve into this, but I thought I'd note some interesting re-brands. is now - I was updating my resume and was creating a new profile on J…

Scam Warning - Jobsite a.k.a. TotalJobs (Update)

Update May 2019: Jobsite has merged with TotalJobs
Original Article Jan 2018

Over the course of the last 1-2 years I've discovered that most spam starts from online jobs boards. Some are better than others - was appalling and I've stopped using it but there are still two or three that are shiny lights of privacy.

I've had a lot of support from some, such as Monster, who were able to apply their own T's and C's to unlawful acquisition of personal data. In some cases repeat offenders who had a complete disregard for the law - even after being told to stop by ICO.

However one jobs board sits on the fence, seemingly unable to go forwards or backwards,
Soft Opt-In The first issue is that you cannot apply for a role on their boards without creating an account / job seeker profile. Ok, well that's no big deal I guess...however when you look deeper the default profile settings are to opt-in to newsletters, unsolicited marketing from 'care…

Scam Alert: iProfile / Vertifi / Jobzooma

Background I've included two logos in reference to this article - one relating to iProfile Ltd (Australia) - who advertise "CV cleansing" services, which re-combines candidate data from other sources into the recruiters CV base; and iProfile (UK), which is / was part of the Vertifi brand house. Vertifi were also trading as "Talent Spa" and it's associated domains.

As you can see the logos are virtually identical and these companies share directors, despite the organisations protestations to me previously that they are completely unrelated. Even though they perform exactly the same operations & services (and more than likely share data to re-sell).

In essence, iProfile used to offer recruiters a platform that would "enrich their CV database", and allow them to utilise those candidate profiles more than one year old. This involved recruiters acquiring candidate (job seeker) profiles from standard sources - for example from the jobs boards on wh…

Phishing Scam Warning: The Law Pages (Updated)

Background I noticed a rather unusual phishing scam in the RingoDingo trap (part of a security product in development) and decided to take a look into it.

It's constructed in a way which has an impact - it would probably make most people panic a little... it claims to be from a porn site called ""!

This is a "If you don't pay us we'll tell everyone" type scam, containing a bitcoin wallet address and demanding payment - incidentally it is not only illegal to blackmail someone like this in the UK, it's also illegal to participate in blackmail from the side of the target of said blackmail.

I've obscured details which may be useful to malicious actors but you can click-to-enlarge (not in the same way as some of the content on that website I hope) the screenshot below: 

I don't even want to look at the alleged senders website tbh :) will assume based on domain name that the content matches the name. It's a good example…

Phishing Scam Warning: Companies House / Late Rooms

Background I get so much spam and attempted infiltrations that I rarely feel the need to share, but this one might affect more people than usual. One of our honeypot servers has been detecting a significant uplift in port scans over the last week or so which may be in concert with some of these phishing attempts.

It's also possible that recent port scan activity had highlighted weak points in online platforms, which are now being exploited in this way. 

Regardless of whom is initiating it's something we should be aware of.
Details After noting an email through on an email address only ever provided to, it appears that a spammer is attempting to craft phishing emails using the "" domain - a type-squatting domain meant to sound like "". I think I used the recipient email address in question for one specific booking back in either 2016 or 2017, but I'm not 100% sure of the date.

The emails appear to be sent from suspicious …