Friday, July 31, 2020

Documenting a Cyber Fraud case - The Customs Price of a Gift

I mostly have a good acumen to detect if cyber fraud is about to happen or if a person is about to fall prey to a sophisticated cyber fraud - if at all the person in question contacts me at least at the nick of the time. So when a close relative of mine staying in another state contacted me yesterday night casually saying that some of his Facebook friend from London has sent a big gift with lots of items - alarm bells rang in my head and I immediately told him that it is a fraud. However, for some reason, he seemed totally ignorant to me and said that the other person had sent the tracking details of the same. I asked him to share the same with me. This is what he sent (personal details - name and address of recipient is masked for privacy reasons).



Now anyone with some intuition of billing systems will detect obvious issues with this note - different fonts used at various places. The text on the upper right (depicting destination and origin is in white ink - which doesn't exist in real world ;)). Then there are noticeable red flags about photo-shopping: different coloured ink everywhere, that cursor magnifier in the "screen shot", which actually ought to be a photo, a delivery time even before the item is delivered - I haven't found a logistics firm that can predict the delivery to this accuracy -, the missing phone number of the sender etc. And well I haven't even seen any legit tracking site that tell you exactly all the content in the parcel you are supposed to receive - for very obvious reason.

At this point I was pretty sure this is either a fraud or a trap (that the consignment had something else than it was pretending). Next I googled "Air Courier Diplomatic", the "Diplomatic" thing rang another bell - due to recent scandal involving diplomatic courier lines.  That threw this up:



Now that link looked legitimate, so I went to their site and entered the tracking ID. That gave an error - saying "Invalid tracking number". Another red flag. So I called up my clueless relative and asked if he actually checked the tracking number - he said yes, and it is real! I asked him to share the tracking URL and he sent me this: http://aircourierexpservice.com 
Another red flag - "http"!
But then visiting that resulted in the moving to an "https" site of which the certificate looked ok. The site also looked eerily similar to the above result that Google throwed up. I checked the Contact Us page on both these and they looked to give similar addresses to somewhere in UK. Then I checked the tracking number in this second site. And well enough, it showed up there. Even so, I was quite sure that there is something fishy about this whole thing. One thing struck me was that I have never heard of both of these courier companies. And I have had no idea that these worked so efficiently in the days of Pandemic (red flag!). It was late at night so I simply told my relative that it better to just reject the delivery, I also casually mentioned that these people will ask customs money to be paid under the guise of delivery. He was very firm in telling me that this is a real thing and refused to believe my advice. I didn't really spend time in analysing the tracking websites further (more of this in Post Analysis). 

Today morning, my relative again called up asking how to do an NEFT to another Bank. Now that was a super red alert to me. I asked him why he needed to do this - then he said the courier person called and asked to transfer customs charges to an account. I asked him to share this detail and asked him strictly to not to speak to this courier person and not to transfer money. Then he told that since banks are closed today (due to Id), he couldn't go to the bank to do the transfer and that is why he called me! I said thank God, and looked at the back account shared by this "helpful" courier person:


Many red flags here:
- this is a personal account
- this branch is from Patna, Bihar and my relative is from Kerala (super red flag)
- why the heck I need PAN number of the receiver (confidence building measure of the con?)
So I again called up my relative and asked him - in what language did this so called courier person speak - he said Hindi!! LOL. At this point did my relative realise that this is indeed a fraud - no person in Kerala will locally speak Hindi - no matter what. Of course people in Kerala will know Hindi but will never speak it locally. That question to my relative nailed it - but I found it very strange that I had to ask that question - he didn't realise till I asked. 

Post Analysis (sill continuing):
Were the tracking domains not legit?
They are not (most probably). They are only setup for fraud and nothing else. They don't deliver any goods and most likely their customer care number is invalid. For both the sites, the primary contact address seems to be UK - but both these sites seem to have same content but different backend (not yet analysed what is there in backend). A whois lookup on the domains point to registrations in Panama Islands (that itself is a mega red flag). I found another con domain with similar suspicious registrations - rextonexpc.com
How exactly these sites operate and who is behind them will be interesting to dig into. 

A word of advice:
- Never share your personal information with any one on social network of any kind. 
- If you want to share any personal information with the people you already know - use other more secure channels (email or encrypted chat) 
- Nothing in this world is free, earn it, but be good to others who are needy. If you can earn it, you are not needy. 
 

Friday, June 05, 2020

Airtel, eSIM, loosing connectivity and moving to Android

It was the 3rd day of the lockdown. I had to walk down to my office late in the evening as a server had broken down, and there was no other option than for me to walk in there and fix the thing so that rest of my colleagues can still connect to work. After I came back home, I went to take a bath and then suddenly realised that there was no signal on my iPhone. I had no clue what was the reason. So I did the usual trouble shooting and then restarted the phone. Still no signal. Next I put the sim in my second phone with no SIM - Google Pixel 3a. Still nothing. I had actually got this phone for my uncle, but he somehow didn't like it so it came back to me.

After a lot of trial an error I reached my service provider - Airtel on Twitter. They are usually fast to respond. Over the DM I described the issue, and they took an alternative number to call me back. Thankfully wife's number was available - I am a single number person, but today I suddenly realised the importance of having more than one SIM, or atleast 2.

The Airtel techical person called back and after a bit of trouble shooting - gave this assessment- that my SIM card is damaged and needs to be replaced! But since currently all the offices are closed I will have to wait. Sigh.

I waited for 2 days for this to sink in and in the mean time asked every one of my colleague to either call me on Slack or Skype. Luckily I had added a Airtel Data SIM to my plan just over a week ago. So that I could put that into my iPad and my father could use it for his usual bit of news and article reading.

Even though I didn't have a phone connection at this moment, I didn't feel disconnected or unable to go about my normal work from home routine. All this, until I had to pay my credit card bill. My bank had recently changed their interface, which now forced one to enter an OTP sent to your registered mobile number to complete a transaction. Bummer. Panicked I called up my colleagues to ask if they would be ok to pay my bills if I am not able to pay my bills because of this uniquely strange situation I was in. At the same time I tried to check if I could use the BHIM app installed on my phone to pay the credit card bills, but it didn't work - because my phone didn't have active SIM. But luckily there was Paytm, that was also linked to UPI, which I could use to pay my credit card bills. All this made me a bit worried on how I would pay for other things that will require me to provide the OTP. Soon there was a due date for property tax upcoming. Something clicked, and I again DMed Airtel customer care, to ask if they could provide me an eSIM. They said it will not work on my current phone, I knew that, it was an iPhone X. But I said I have an alternate phone with me Google Pixel 3a, which according to your site does support eSIM. But then they said that there is currently no procedure in place to give me a SIM like this. I again requested them and explained that without this I am totally locked out of my bank and unable to do any transaction. They said they will get back and also asked to send an email to their customer care (which are usually unanswered anyways). I tweeted about this issue and tagged Airtel and DoT ministry to issue a guideline for issueing eSIM in such a scenario.

I have been using iOS device since 2014. Before that I used Windows Phone - the Lumia 800. I had very briefly used Samsung Galaxy 5 as a daily driver, which ran on Android. Had a not great experience with Android, and thus shifted to using Windows Phone - that amazing Lumia 800. So when I was looking at shifting back to Android as my daily driver I was not so sure. But here I was, the Pixel was the only way, if Airtel agreed, to avoid me keep calling my friends to help me with paying my bills. 

After a bit of following up with Airtel executive, they approved my request and said that the eSIM will be sent to my registered e-mail in a few hours. After a bit of waiting, I actually got this email, and I activated using my Google Pixel 3a. Ever since, I have been using Android on daily basis, and it has grown on me. There was one more advantage of using Pixel 3a - a finger print reader to unlock the phone, instead of Face ID at the times when you have to cover up your face. Just in time.

Looking back, conncting the dots is a fun exercise - if my uncle didn't give me back the Pixel, I would be still disconnected as far as communication with the phone is concerned. And I would be desparately calling my friends to help me with my bills.

For now, I am on Android, and liking the flexibility it offers after using iOS for about 7 years. Crazy times, crazy experience.

The summer

The last 3 months have been crazy work wise:
1) We made some interesting scale computation on Linode dedicted CPU node for the first time.
2) Wrote lots of scripts, revisited C++ after almost 7 years! Was fun. Did a lot of performance optimization in a large simulation code written in C++, which is still continuing. Performance optimization is hard.
3) Helped re-architect background syncing code for a POS system running on Android.
4) Learned a lot of new things - lastly a bit of Flutter from AppBrewey.
6) Did some community work at our housing complex
7) Fixed a Windows XP machine after may be 8 years!
8) And learned a few life lessons from my dear wife.

Saturday, April 11, 2020

Testing times

It is an absolutely depressing time to be alive. The world is run over by a pandemic and whenever that ends, the world won't be same again. We are in the twentieth year of this century, but feels like this is going to set us back by atleast 5-10 years in the progress curve. 
In the end though, there is a great hope that the human race will prevail over this and build a better tomorrow. Hopefully, see all of you on the other end. We gotta make it.