Google

Google's Phone App Is Getting the Power To Send Spam Calls Straight To Voicemail (9to5google.com) 85

According to 9to5Google, Google's dialer app for Pixel, Nexus, and Android One devices is being upgraded with the ability to send spam calls straight to voicemail. "In 2016, the app began alerting users to potential spam callers by flashing the incoming call screen bright red, with another 'Suspected spam caller' alert just underneath the phone number," reports 9to5Google. The new spam filtering feature goes a step further. From the report: [U]sers will not receive a missed call or voicemail notification, though filtered calls will appear in call history and any voicemails left will still show up in that respective tab. This feature is rolling out worldwide over the next few weeks, but those who join the new beta will have initial access to it. Like its other programs, Google notes that the test allows you to use experimental features before they're released. Google warns that features will still be in-development, might be unstable, and have "a few problems." Meanwhile, users will have the ability to submit in-app feedback throughout the process. Head to the Google Play listing for the Phone app and scroll down to "Become a tester" in order to join.
Businesses

How Much VR User Data Is Oculus Giving To Facebook? (theverge.com) 60

Facebook owns many other apps and services, including the Oculus virtual-reality platform, which collects incredibly detailed information about where users are looking and how they're moving. Since most of the discussion about how Facebook handles user information is focused on the social network itself, The Verge's Adi Robertson looks into the link between Facebook and Oculus: A VR platform like Oculus offers lots of data points that could be turned into a detailed user profile. Facebook already records a "heatmap" of viewer data for 360-degree videos, for instance, flagging which parts of a video people find most interesting. If it decided to track VR users at a more detailed level, it could do something like track overall movement patterns with hand controllers, then guess whether someone is sick or tired on a particular day. Oculus imagines people using its headsets the way they use phones and computers today, which would let it track all kinds of private communications. The Oculus privacy policy has a blanket clause that lets it share and receive information from Facebook and Facebook-owned services. So far, the company claims that it exercises this option in very limited ways, and none of them involve giving data to Facebook advertisers. "Oculus does not share people's data with Facebook for third-party advertising," a spokesperson tells The Verge.

Oculus says there are some types of data it either doesn't share or doesn't retain at all. The platform collects physical information like height to calibrate VR experiences, but apparently, it doesn't share any of it with Facebook. It stores posts that are made on the Oculus forums, but not voice communications between users in VR, although it may retain records of connections between them. The company also offers a few examples of when it would share data with Facebook or vice versa. Most obviously, if you're using a Facebook-created VR app like Spaces, Facebook gets information about what you're doing there, much in the same way that any third-party app developer would. You can optionally link your Facebook account to your Oculus ID, in which case, Oculus will use your Facebook interests to suggest specific apps or games. If you've linked the accounts, any friend you add on Facebook will also become your friend on Oculus, if they're on the platform.
Oculus does, however, share data between the two services to fight certain kinds of banned activity. "If we find someone using their account to send spam on one service, we can disable all of their accounts," an Oculus spokesperson says. "Similarly, if there's 'strange activity' on a specific Oculus account, they can share the IP address it's coming from with Facebook," writes Robertson. "The biggest problem is that there's nothing stopping Facebook and Oculus from choosing to share more data in the future."
Facebook

Steve Wozniak Drops Facebook: 'The Profits Are All Based On the User's Info' (arstechnica.com) 246

Apple cofounder Steve Wozniak has formally deactivated his Facebook account. In an email interview with USA Today, Wozniak wrote that he was no longer satisfied with Facebook, knowing that it makes money off of user data. "The profits are all based on the user's info, but the users get none of the profits back," he wrote. "Apple makes its money off of good products, not off of you. As they say, with Facebook, you are the product." Ars Technica reports: His Sunday announcement to his Facebook followers came just ahead of Facebook CEO Mark Zuckerberg's scheduled testimony before Congress on Tuesday. The CEO is also reportedly set to meet with members of Congress privately on Monday. Wozniak wrote that Facebook had "brought me more negatives than positives." Still, when Wozniak tried to change some of his privacy settings in the aftermath of Cambridge Analytica, he said he was "surprised" to find out how many categories for ads he had to remove. "I did not feel that this is what people want done to them," added Wozniak. "Ads and spam are bad things these days and there are no controls over them. Or transparency."
Youtube

YouTube Shooter 'Nasim Aghdam' Reportedly Had Website With Manifesto That Targeted YouTube For Censorship, Demonetization (abc7news.com) 722

The woman who entered the YouTube headquarters in San Bruno, California, this morning and started shooting has been identified as Nasim Aghdam. According to ABC7 News, "the YouTube shooter was a user of the platform" and had "a website with an alleged manifesto that targeted YouTube for censorship and demonetization of her video content. According to her website, a possible motivation for the shooting could have been tied to her many YouTube accounts, which she says have seen a decline in viewership over the past few months."
Youtube

Update: Possible Active Shooter Reported at YouTube HQ (theverge.com) 788

Police have responded to multiple 911 calls at YouTube headquarters in San Bruno, California. From a report: Vadim Lavrusik, a product manager at the company, tweeted that there is an active shooter on campus. The San Bruno Police Department instructed people to stay away from 901 Cherry Avenue, where the company is located. Multiple 911 calls have been received from inside the building, according to a report from local news station KRON. In a Twitter thread, YouTube product manager Todd Sherman said that employees first thought there had been an earthquake. People began running out of their meetings, he said, but before reaching the exit, they got word that someone had a gun. Sherman said he saw blood on the floor and the stairs. He also said the shooter may have committed suicide. Vadim Lavrusik, who works at YouTube's products team, tweeted, "Active shooter at YouTube HQ. Heard shots and saw people running while at my desk. Now barricaded inside a room with coworkers."

Update 20:30 GMT: Google has issued the following statement, "we are coordinating with authorities and will provide official information here from Google and YouTube as it becomes available." San Bruno Police said it was "responding to an active shooter. Please stay away from Cherry Ave & Bay Hill Drive."

Update 20:40 GMT: CBS San Francisco reports: KPIX 5 reporter Andria Borba said at least two Homeland Security units were responding. Police radio transmissions describe casualties being taken to local hospitals. San Francisco General Hospital spokesman Brent Andrew said the hospital received patients from the incident but could not confirm a number. Update 21:20 GMT: ABC News is reporting that the suspected shooter is a white adult female, and that this is "leaning towards a workplace violence situation."

Update 21:30 GMT: Law enforcement has confirmed that the shooter was a white female dressed in a headscarf. The woman reportedly shot her boyfriend then herself. It's unclear exactly how many people have been injured, but early reports estimate at least 9-10 victims. There is no word on their conditions.

Update 03:10 GMT: ABC7 News is reporting that the shooter has been identified as Nasim Aghdam. She reportedly had a website with an alleged manifesto that targeted YouTube for censorship and demonetization of her video content. Contrary to previous reports, she is said to have no relationship with anyone in the YouTube facility.

UPDATE 03:40 GMT: Aghdam's website can be found here.

Update 04:15 GMT: The shooter is believed to have known at least one of the victims, two law enforcement officials told CNN. Other sources suggest the shooter drove up from San Diego. YouTube says her YouTube channel "has been terminated due to multiple or severe violations of YouTube's policy against spam, deceptive practices, and misleading content or other Terms of Service violations."
Facebook

Steve Jobs Tried To Warn Mark Zuckerberg About Privacy In 2010 (qz.com) 109

An anonymous reader quotes a report from Quartz: Zuckerberg should have heeded what he heard from the late Steve Jobs eight years ago. Then, when the social network had a measly half-billion users, Jobs spoke at The Wall Street Journal's AllThingsD conference, where Zuckerberg was in the audience, waiting to be interviewed himself, and described what privacy meant. Journalist Walt Mossberg asked Jobs his thoughts on recent privacy issues around Facebook (which at the time was revamping its privacy controls after criticism it was forcing people to share data) and Google (which was literally recording private wifi information), and whether Silicon Valley looks at privacy differently than the rest of the world.

"Silicon Valley is not monolithic," Jobs responded, "We've always had a very different view of privacy than some of our colleagues in the Valley." Apple, for instance, does not leave it up to developers to decide whether to be dutiful about warning users that their apps are tracking their location data, instead forcing pop-ups on users to alert them that an app is tracking them, and to turn off that ability if they don't want. "We do a lot of things like that, to ensure that people know what these apps are doing," he added. It's a stance his successor, Tim Cook, still holds. Mossberg then asked Jobs if that applied to Apple's own apps in the cloud. Here's what Jobs said: "Privacy means people know what they're signing up for, in plain English, and repeatedly. I'm an optimist; I believe people are smart, and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you're going to do with their data." If the company had been more forthright about how developers could take data shared with them by Facebook users and sold to third parties, it may not have been in the mess it's in today.
Additionally, TechCrunch reports that Zuckerberg was warned about app permissions in 2011 by European privacy campaigner and lawyer Max Schrems. "In August 2011, Schrems filed a complaint with the Irish Data Protection Commission exactly flagging the app permissions data sinkhole (Ireland being the focal point for the complaint because that's where Facebook's European HQ is based)."

"[T]his means that not the data subject but 'friends' of the data subject are consenting to the use of personal data," wrote Schrems in the 2011 complaint, fleshing out consent concerns with Facebook's friends' data API. "Since an average facebook user has 130 friends, it is very likely that only one of the user's friends is installing some kind of spam or phishing application and is consenting to the use of all data of the data subject. There are many applications that do not need to access the users' friends personal data (e.g. games, quizzes, apps that only post things on the user's page) but Facebook Ireland does not offer a more limited level of access than 'all the basic information of all friends.'" [...] "The data subject is not given an unambiguous consent to the processing of personal data by applications (no opt-in). Even if a data subject is aware of this entire process, the data subject cannot foresee which application of which developer will be using which personal data in the future. Any form of consent can therefore never be specific," he added. It took Facebook from September 2012 until May 2014 and May 2015 to implement changes and tighten app permissions.
Twitter

Twitter Suspends Numerous Popular Accounts That Are Known For Stealing Tweets (buzzfeed.com) 52

An anonymous reader shares a report: Continuing its battle against the "tweetdeckers," Twitter suspended on Friday several popular accounts known for stealing tweets or mass-retweeting tweets into manufactured virality. @Dory, @GirlPosts, @SoDamnTrue, Girl Code/@reiatabie, Common White Girl/@commonwhitegiri, @teenagernotes, @finah, @holyfag, and @memeprovider were among the accounts that got swept up in the purge. Many of these accounts were hugely popular, with hundreds of thousands or even millions of followers. In addition to stealing people's tweets without credit, some of these accounts are known as "tweetdeckers" due to their practice of teaming up in exclusive Tweetdeck groups and mass-retweeting one another's -- and paying customers' -- tweets into forced virality. A Twitter spokesperson declined to comment on individual accounts, but BuzzFeed News understands the accounts were suspended for violating Twitter's spam policy.
Programming

GitHub Drops Support for Weak Cryptographies, Adds Emojis for Labels (github.com) 50

An anonymous reader writes: GitHub has quietly made a few changes this month. Labels for issues and pull requests will now also support emojis and on-hover descriptions. And they're also deprecating the anonymous creation of "gist" code snippets on March 19th, since "as the only way to create anonymous content on GitHub, they also see a large volume of spam." Current anonymous gists will remain accessible.

But the biggest change involves permanently removing support for three weak cryptographic standards, both on github.com and api.github.com.

The three weak cryptography standards that are no longer supported are:
  • TLSv1/TLSv1.1. "This applies to all HTTPS connections, including web, API, and Git connections to https://github.com and https://api.github.com."
  • diffie-hellman-group1-sha1. "This applies to all SSH connections to github.com."
  • diffie-hellman-group14-sha1. "This applies to all SSH connections to github.com."

Twitter

Twitter Updates Developer Rules in the Wake of Bot Crackdown (mashable.com) 67

Twitter is getting serious about its bot problem. From a report: Hours after a massive bot purge that prompted the #TwitterLockOut hashtag to trend, the company is announcing new rules for developers meant to prevent bots from using third-party apps to spread spam. According to the new rules, developers that use Twitter's API will no longer be able to let users: Simultaneously post identical or substantially similar content to multiple accounts. Simultaneously perform actions such as Likes, Retweets, or follows from multiple accounts Use of any form of automation (including scheduling) to post identical or substantially similar content, or to perform actions such as Likes or Retweets, across many accounts that have authorized your app (whether or not you created or directly control those accounts) is not permitted.
Facebook

Facebook Is Spamming Users Via Their 2FA Phone Numbers (mashable.com) 119

According to Mashable, Facebook account holder Gabriel Lewis tweeted that Facebook texted "spam" to the phone number he submitted for the purposes of 2-factor authentication. Lewis insists that he did not have mobile notifications turned on, and when he replied "stop" and "DO NOT TEXT ME," he says those messages showed up on his Facebook wall. From the report: Lewis explained his version of the story to Mashable via Twitter direct message. "[Recently] I decided to sign up for 2FA on all of my accounts including FaceBook, shortly afterwards they started sending me notifications from the same phone number. I never signed up for it and I don't even have the FB app on my phone." Lewis further explained that he can go "for months" without signing into Facebook, which suggests the possibility that Mark Zuckerberg's creation was feeling a little neglected and trying to get him back. According to Lewis, he signed up for 2FA on Dec. 17 and the alleged spamming began on Jan. 5. Importantly, Lewis isn't the only person who claims this happened to him. One Facebook user says he accidentally told "friends and family to go [to] hell" when he "replied to the spam."
Security

New Zero-Day Vulnerability Found In Adobe Flash Player (gbhackers.com) 87

GBHackers On Cyber Security and an anonymous Slashdot reader have shared a story about a new zero-day vulnerability found in Adobe's Flash Player. Bleeping Computer reports: South Korean authorities have issued a warning regarding a brand new Flash zero-day deployed in the wild. According to a security alert issued by the South Korean Computer Emergency Response Team (KR-CERT), the zero-day affects Flash Player installs 28.0.0.137 and earlier. Flash 28.0.0.137 is the current Flash version number.

"An attacker can persuade users to open Microsoft Office documents, web pages, spam e-mails, etc. that contain Flash files that distribute the malicious [Flash] code," KR-CERT said. The malicious code is believed to be a Flash SWF file embedded in MS Word documents. Simon Choi, a security researcher with Hauri Inc., a South Korean security firm, says the zero-day has been made and deployed by North Korean threat actors and used since mid-November 2017. Choi says attackers are trying to infect South Koreans researching North Korea.
Adobe said it plans to patch this zero-day on Monday, February 5.
Cellphones

Text Message Scammer Gets Five Years in Prison (reuters.com) 69

36-year-old Fraser Thompson is going to prison, according to Reuters, after receiving a five-year sentence for "defrauding" cellphone customers out of millions of dollars. An anonymous reader quotes Reuters: Prosecutors said Thompson engaged in a scheme to sign up hundreds of thousands of cellphone customers for paid text messaging services without their consent. The customers were subsequently forced to pay more than $100 million for unsolicited text messages that included trivia, horoscopes and celebrity gossip, according to the prosecutors. They said the scheme was headed by Darcy Wedd, Mobile Messenger's former chief executive, who was found guilty by a jury in December but has not yet been sentenced. "They ripped off everyday cellphone users, $10 a month, netting over $100 million in illegal profits, of which Thompson personally received over $1.5 million," Manhattan U.S. Attorney Geoffrey S. Berman said in a statement.
Thompson was ordered to forfeit $1.5 million in "fraud proceeds," according to the article, and was convicted of conspiracy, wire fraud, identity theft and money laundering.

Seven other people also pleaded guilty to participating in the scam -- and one has already been sentenced to 33 months in prison.
Programming

Erroneous 'Spam' Flag Affected 102 npm Packages (npmjs.org) 84

There was some trouble last weekend at the world's largest package repository. An anonymous reader quotes the official npm blog: On Saturday, January 6, 2018, we incorrectly removed the user floatdrop and blocked the discovery and download of all 102 of their packages on the public npm Registry. Some of those packages were highly depended on, such as require-from-string, and removal disrupted many users' installations... Within 60 seconds, it became clear that floatdrop was not a spammer -- and that their packages were in heavy use in the npm ecosystem. The staffer notified colleagues and we re-activated the user and began restoring the packages to circulation immediately. Most of the packages were restored quickly, because the restoration was a matter of unsetting the deleted tombstones in our database, while also restoring package data tarballs and package metadata documents. However, during the time between discovery and restoration, other npm users published a number of new packages that used the names of deleted packages. We locked this down once we discovered it, but cleaning up the overpublished packages and inspecting their contents took additional time...

In cases where the npm staff accepts a user's request to delete a package, we publish a replacement package by the same name -- a security placeholder. This both alerts those who had depended on it that the original package is no longer available and prevents others from publishing new code using that package name. At the time of Saturday's incident, however, we did not have a policy to publish placeholders for packages that were deleted if they were spam. This made it possible for other users to publish new versions of eleven of the removed packages. After a thorough examination of the replacement packages' contents, we have confirmed that none was malicious or harmful. Ten were exact replacements of the code that had just been removed, while the eleventh contained strings of text from the Bible -- and its publisher immediately contacted npm to advise us of its publication.

They're now implementing a 24-hour cooldown on republication of any deleted package names -- and are also updating their review process. "As a general rule, the npm Registry is and ought to be immutable, just like other package registries such as RubyGems and crates.io... However, there are legitimate cases for removing a package once it has been published. In a typical week, most of the npm support team's work is devoted to handling user requests for package deletion, which is more common than you might expect. Many people publish test packages then ask to have them deprecated or deleted. There also is a steady flow of requests to remove packages that contain contain private code that users have published inadvertently or inappropriately."
Crime

Louisana Police Bust an Infamous Nigerian Email Spam Scammer (hothardware.com) 66

MojoKid writes: You have probably at some point been contacted via email spam by someone claiming you are the beneficiary in a will of a Nigerian prince. As the scam goes, all you have to do is submit your personal information and Western Union some funds to process the necessary paperwork, and in return you will receive millions of dollars. One of the people behind the popular scam, Michael Neu, has been arrested by police in Slidell, Louisiana.

This may come as a shocker, but Neu is not a prince, nor is he Nigerian. He is a 67-year-old male possibly of German descent (based on his last name) who is facing 269 counts of wire fraud and money laundering for his alleged role as a middle man in the scheme. According to Slidell police, some of the money obtained by Neu was wired to co-conspirators who do actually live in Nigera.

Businesses

How Hotmail Changed Microsoft (and Email) Forever (arstechnica.com) 84

An anonymous reader quotes a report from Ars Technica: Twenty years ago this week, on December 29, 1997, Bill Gates bought Microsoft a $450 million late Christmas present: a Sunnyvale-based outfit called Hotmail. With the buy -- the largest all-cash Internet startup purchase of its day -- Microsoft plunged into the nascent world of Web-based email. Originally launched in 1996 by Jack Smith and Sabeer Bhatia as "HoTMaiL" (referencing HTML, the language of the World Wide Web), Hotmail was initially folded into Microsoft's MSN online service. Mistakes were made. Many dollars were spent. Branding was changed. Spam became legion. Many, many horrendous email signatures were spawned. But over the years that followed, Hotmail would set the course for all the Web-based email offerings that followed, launching the era of mass-consumer free email services. Along the way, Hotmail drove changes in Windows itself (particularly in what would become Windows Server) that would lay the groundwork for the operating system to make its push into the data center. And the email service would be Microsoft's first step toward what is now the Azure cloud.

Former Microsoft executive Marco DeMello, now CEO of mobile security firm PSafe Technology, was handed the job of managing the integration of Hotmail as the lead program manager for MSN -- Microsoft's own answer to America Online. In an interview with Ars, DeMello -- who would go on to be director of Windows security and product manager for Exchange before leaving Microsoft in 2006 -- recounted how, right after he was hired in October of 1996 to manage MSN, he was summoned to Redmond for a meeting with Bill Gates. "He gave me and my team the mission of basically finding or creating a system for free Web-based email for the whole world that Microsoft would offer," DeMello said.

AI

Researchers Fooled a Google AI Into Thinking a Rifle Was a Helicopter (wired.com) 160

An anonymous reader shares a Wired report: Algorithms, unlike humans, are susceptible to a specific type of problem called an "adversarial example." These are specially designed optical illusions that fool computers into doing things like mistake a picture of a panda for one of a gibbon. They can be images, sounds, or paragraphs of text. Think of them as hallucinations for algorithms. While a panda-gibbon mix-up may seem low stakes, an adversarial example could thwart the AI system that controls a self-driving car, for instance, causing it to mistake a stop sign for a speed limit one. They've already been used to beat other kinds of algorithms, like spam filters. Those adversarial examples are also much easier to create than was previously understood, according to research released Wednesday from MIT's Computer Science and Artificial Intelligence Laboratory. And not just under controlled conditions; the team reliably fooled Google's Cloud Vision API, a machine learning algorithm used in the real world today. For example, in November another team at MIT (with many of the same researchers) published a study demonstrating how Google's InceptionV3 image classifier could be duped into thinking that a 3-D-printed turtle was a rifle. In fact, researchers could manipulate the AI into thinking the turtle was any object they wanted.
Facebook

Facebook To Demote Posts That Ask For 'Likes' Or Shares (recode.net) 85

Facebook is cracking down on a new type of clickbait: Posts that ask people to "Like" or share or comment to goose engagement numbers, what Facebook is calling "engagement bait." Their solution? Demote the posts considered to be "engagement bait." Recode reports: Facebook has decided it doesn't like publishers gaming the system this way, and claims users don't like it either."People have told us that they dislike spammy posts on Facebook that goad them into interacting with likes, shares, comments, and other actions," the company wrote on its blog. So starting Monday, posts that Facebook considers to be engagement bait will be pushed down in News Feed. Beginning in a few weeks, publishers and Pages that continue to utilize this tactic will see their reach diminished for all of their posts.
Microsoft

Microsoft Disables Word DDE Feature To Prevent Further Malware Attacks (bleepingcomputer.com) 103

An anonymous reader writes: As part of the December 2017 Patch Tuesday, Microsoft has shipped an Office update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware. DDE stands for Dynamic Data Exchange, and this is an Office feature that allows an Office application to load data from other Office applications. For example, a Word file can update a table by pulling data from an Excel file every time the Word file is opened. DDE is an old feature, which Microsoft has superseded via the newer Object Linking and Embedding (OLE) toolkit, but DDE is still supported by Office applications.

The December Patch Tuesday disables DDE only in Word, but not Excel or Outlook. The reason is that several cybercrime and spam groups have jumped on this technique, which is much more effective at running malicious code when compared to macros or OLE objects, as it requires minimal interaction with a UI popup that many users do not associate with malware. For Outlook and Excel, Microsoft has published instructions on how users can disable DDE on their own, if they don't want this feature enabled.

Google

Google Reveals the Most-Trending Searches of 2017 (google.com) 49

"Google's annual list of the most popular searches is here, offering a peek into what people are really thinking about," writes CNN. An anonymous reader quotes their report: This year, you wanted to know more about one of the most powerful storms on record, the devastating Hurricane Irma. But you were also curious about [hip hop artist] Cardi B. and Unicorn Frappuccinos... Like 2017 itself, this year's top searches skew a little darker than usual, but are punctuated with some whimsy and positive moments. The top trending searches in the U.S. were Irma, Matt Lauer, Tom Petty, the Super Bowl and the Las Vegas shooting.

To determine the most popular trending searches, Google looked at its trillions of queries, filtered out spam and repeats, and identified searches that had the highest uptick in traffic compared with the previous year. It breaks them into categories like news, memes, and recipes (beef stroganoff was a hit).

Surprisingly there were more searches for 'iPhone 8" than for 'iPhone X," though those were the top two most-searched consumer technology products. (Followed by Nintendo Switch, Samsung Galaxy S8, and Xbox One X.) Other top searches this year included "What is net neutrality?" as well as questions about what bitcoin is, how to buy it, and the latest bitcoin prices. And one of the 10 most-searched phrases of the year was "fidget spinner."

Google uploaded an inspiring video to YouTube stating "This year more than ever we asked how." To dramatic music, the examples it gives include "How to calm a dog during a storm," "How to help Puerto Rico," "How to make a protest sign" -- and "How to move forward."
IT

Tech Support Scammers Invade Spotify Forums To Rank in Search Engines (bleepingcomputer.com) 33

Tech support scammers have been aggressively posting on Spotify forums to inject their phone numbers in a bid to vastly improve their odds of showing up on Google and Bing search results, a new report claims. And that bet seems to be working. From the report: They do this by submitting a constant stream of spam posts to the Spotify forums, whose pages tend to rank well in Google. While this behavior causes the Spotify forums to become harder to use for those who have valid questions, the bigger problem is that it allows tech support scammers to rank extremely well and trick unknowing callers into purchasing unnecessary services and software. BleepingComputer was alerted to this problem by security researcher Cody Johnston who started to see an alarming amount of tech support scam phone numbers being listed in Google search results through indexed Spotify forum posts. The tech support scams being posted to Spotify include Tinder, Linksys, AOL, Turbotax, Coinbase, Amazon, Apple, Microsoft, Norton, McAfee and more.

Slashdot Top Deals