Posts

Highlights

Changes in Platforms

Image
Over the course of 2018 I've been too busy with consultations to publish any investigative findings. However it's given the data markets a chance to settle a little bit after the changes in data protection legislation.

It appears to have created a polarised landscape of either continuation practises of some data idiots ("Didiots"?), or the adherence to consent practises. What's slightly ironic is that some of the latter camp seem to have overlooked the requirements for consent prior to May 25th 2018.

Never mind - as long as we're largely heading in the right direction, that's all that really matters.

Despite all of this we still have Didiots such as Jobzooma and Firebrand - more to come on the latter in a later publication. As I wind down the consultancy work I'll have more time to delve into this, but I thought I'd note some interesting re-brands.

Jobsite.co.uk is now TotalJobs.co.uk - I was updating my resume and was creating a new profile on J…

Scam Warning - Jobsite a.k.a. TotalJobs (Update)

Image
Update May 2019: Jobsite has merged with TotalJobs
Original Article Jan 2018

Over the course of the last 1-2 years I've discovered that most spam starts from online jobs boards. Some are better than others - CWJobs.co.uk was appalling and I've stopped using it but there are still two or three that are shiny lights of privacy.

I've had a lot of support from some, such as Monster, who were able to apply their own T's and C's to unlawful acquisition of personal data. In some cases repeat offenders who had a complete disregard for the law - even after being told to stop by ICO.

However one jobs board sits on the fence, seemingly unable to go forwards or backwards, Jobsite.co.uk.
Soft Opt-In The first issue is that you cannot apply for a role on their boards without creating an account / job seeker profile. Ok, well that's no big deal I guess...however when you look deeper the default profile settings are to opt-in to newsletters, unsolicited marketing from 'care…

Scam Alert: iProfile / Vertifi / Jobzooma

Image
Background I've included two logos in reference to this article - one relating to iProfile Ltd (Australia) - who advertise "CV cleansing" services, which re-combines candidate data from other sources into the recruiters CV base; and iProfile (UK), which is / was part of the Vertifi brand house. Vertifi were also trading as "Talent Spa" and it's associated domains.

As you can see the logos are virtually identical and these companies share directors, despite the organisations protestations to me previously that they are completely unrelated. Even though they perform exactly the same operations & services (and more than likely share data to re-sell).

In essence, iProfile used to offer recruiters a platform that would "enrich their CV database", and allow them to utilise those candidate profiles more than one year old. This involved recruiters acquiring candidate (job seeker) profiles from standard sources - for example from the jobs boards on wh…

Phishing Scam Warning: The Law Pages (Updated)

Image
Background I noticed a rather unusual phishing scam in the RingoDingo trap (part of a security product in development) and decided to take a look into it.

It's constructed in a way which has an impact - it would probably make most people panic a little... it claims to be from a porn site called "passionateseniors.com"!

This is a "If you don't pay us we'll tell everyone" type scam, containing a bitcoin wallet address and demanding payment - incidentally it is not only illegal to blackmail someone like this in the UK, it's also illegal to participate in blackmail from the side of the target of said blackmail.

I've obscured details which may be useful to malicious actors but you can click-to-enlarge (not in the same way as some of the content on that website I hope) the screenshot below: 


I don't even want to look at the alleged senders website tbh :) will assume based on domain name that the content matches the name. It's a good example…

Phishing Scam Warning: Companies House / Late Rooms

Background I get so much spam and attempted infiltrations that I rarely feel the need to share, but this one might affect more people than usual. One of our honeypot servers has been detecting a significant uplift in port scans over the last week or so which may be in concert with some of these phishing attempts.

It's also possible that recent port scan activity had highlighted weak points in online platforms, which are now being exploited in this way. 

Regardless of whom is initiating it's something we should be aware of.
Details After noting an email through on an email address only ever provided to LateRooms.com, it appears that a spammer is attempting to craft phishing emails using the "cpgov.uk" domain - a type-squatting domain meant to sound like ".gov.uk". I think I used the recipient email address in question for one specific booking back in either 2016 or 2017, but I'm not 100% sure of the date.

The emails appear to be sent from suspicious …

Data, Data, Data (Updated)

Image
(Updated Weds 25th April)

With the lead up to the inauguration date for GDPR on the 25th of May I've noticed a massive uptick in last-minute consultation requests. Regardless of some opinion this is better late than never; however, I can't help but feel that a lot of the momentum is equally applicable to the instruments of law in effect today.

Although GDPR stresses specifics and enhances position it also lays out the fabric with which enterprises use to wrap their customer data.

Unfortunately the media seems to have largely forgotten the momentous impact Max Schrems and team have had on the appalling political attempt to bridge privacy and data protection across the Atlantic. I'm referring both to the Safe Harbor [sic] agreement as well as the equally as useless Privacy Shield agreement. Max appears to have had about enough of PS as well and is awaiting the 25th of May to lodge similar objections.

I can't stress how important it is to have people like Max doing what t…

Scam Alert: Vanquis Bank

Image
You may - or may not - have seen a recent financial update relating to sub-prime lenders Provident Financial Plc. Their recent forecast for a full-year loss lead to a 90% slump in share prices, along with the revelation that their credit card division - Vanquis - was under investigation by the FCA.

Share prices dropped from the £30-mark to just 426p precipitating the removal of the CEO, Peter Crook, and the calls from investors that the investigation should have been disclosed sooner.

Background
A few years ago I'd applied for a credit card whilst trying to identify the cause of an issue on my own credit file; it turned out that another bank had made a serious error and 'marked' my credit file. They've since resolved the error.

I don't remember whether my Vanquis application was completed or not but last year - two years after my original application - and after no further contact from Vanquis, I started receiving spam through the post.

After a SAR in which they …