Latest Posts

  • Roku fake activation scams: How do they work?

    New Roku and other streaming device users beware. These scammers are running a large network of lookalike websites tricking into paying “activation” or “set-up” fees for something coming free of charges.

    How do these scams work? What Roku scam websites belong to the same circle of scammers? Read on to find out.

    Read more
  • Australian OSINT Public Data Sources

    I wanted to write this since I competed in the National Missing Persons Hackathon in Sydney last October. For those who are unfamiliar with the concept, the competition was the first-ever nationwide Missing Persons CTF. As the police receive more than 38,000 missing persons report each year and there are circa 2,600 long term missing persons in Australia, the noble intention was helping the authorities find missing persons by providing as many leads as possible.

    Although there are plenty of write-ups about the tools used and practices followed on these OSINT competitions, most of them are revolving around the United States.

    In the following article, I summarised the various Australian public data sources I found useful in the Missing Persons competition. The list of the data sources below is a non-comprehensive list with a heavy bias (e.g. NSW-focussed).

    Read more
  • Muni Hosting: A safe haven for phishing and credit card fraud

    Muni Hosting is a boutique bulletproof server hosting provider knee-deep in running phishing scams, SIM swapping attacks and bank fraud. My latest research takes an attempt at mapping the scale of the operation and identify the perpetrator behind these illegal acts.

    Read more
  • MEDIAAN ABS: An anatomy of an advance-fee loan scam

    This is an OSINT analysis of a lending company called MEDIAAN ABS Financial Services. Nothing on the company’s website appears to be genuine, and third-party reports confirm that the firm is likely to be linked to advance-fee scams.

    Read more
  • 99WebHelp: Unwinding a Tech Support Scam

    The latest investigation using open-source data reveals how a small web design and SEO company runs dozens of websites associated with remote support scams.

    Read more
  • Domain Services: A domain name extension scam

    I received this spam other day telling me my business’s domain name is about to expire (no it’s not!). According to the email, I urgently needed to click on this link to extend my domain name.

    So, I clicked on the link to see what happens and I managed to find a few pointers to the person presumably running this particular domain name slamming operation.

    Read more

Subscribe via RSS