The UK is now a smartphone-orientated society. People use their mobile phones for everything from messaging their friends, checking their email to managing their banking. To some, their lives are held on this small device – their personal and professional lives easily accessible at all times, and these devices are secured with a PIN, a password or a fingerprint to prevent this data falling into the wrong hands if the device is stolen. Physically stolen, that is. What most people do not realise  is that despite their best efforts to secure their devices, they are still leaving themselves wide open to having the very data they are trying to secure stolen.

People use Wifi all the time – Wireless internet at home or in the office, in cafés and coffee shops, hotels and bars. The majority of wireless networks at home or in the office are secured – encrypted  with a password, however, ‘free’ internet, which is available in shops and other public locations more often than not are ‘open’ – no password, no encryption, and therefore insecure, or the wireless password is available to everyone, free for the taking. With a little patience, someone can set up a laptop or tablet to pretend to be this free internet, waiting for unsuspecting customers to connect, and then sit back and record everything that they send and receive online.

Screen Shot 2016-07-30 at 17.46.30

An example or a request that has been ‘sniffed’ from a wireless network

 

So that’s scary. But wait – what about SSL? My bank says its secured with SSL, so is Facebook, and Twitter and everything else, so surely they can’t read my private data?

Sorry, but they can. Whilst SSL does offer a greater level of protection there are ways around this too- the same software packages used to create these fake wireless hotspots also has the software which can get around the security that SSL offers. This is something called a Man-In-The-Middle Attack.

Imagine there are two people – Bob and Peter. Bob wants to get a message to Peter, so he sends Peter a letter through the post. A Man-In-The-Middle attack is the equivalent to someone getting hold of the letter before it gets to Peter – in this example it could be someone who breaks into the post box, takes the letter, copies it, and puts a new copy back in the post. Peter will get the letter none the wiser, and the attacker would also have a copy too. As with these kind of attacks, Peter could see that it was not the original letter if he were to look at the letter and envelope closely, but if he tore the letter open, threw away the envelope, and skimmed through the letter, he wouldn’t know.

That’s a basic example of how people can still steal your information even if it is encrypted with SSL, by pretending to be both the victim and the website at the same time.

Who could do this? Some kind of master hacker? Scarily no. Nowadays the software is freely available for download. Anyone with a couple of hours’ spare can set their laptop up with the software, and then sit in a coffee shop with their laptop, and as they drink their coffee, their laptop is storing a copy of all the traffic coming from the unsuspecting customers.

The big question now is ‘How do I protect myself from this?’. Thankfully this is incredibly easy and does not cost much at all, and it is called a VPN (Virtual Private Network) connection.

A word of warning though to anyone who looks into this – there are free services which offer a secure ‘tunnel’ to the internet, however, there is no such thing as free – many of these services will sell your browsing history, log the sites you visit and may also actively inspect your internet traffic – the very thing you are trying to avoid!

A VPN connection is a super secure tunnel from a device to a server in which all internet traffic gets sent through. Unlike SSL, a VPN connection cannot be attacked with a Man-In-The-Middle attack, since both sides have enough information to make it impossible for anyone to pretend to be the VPN server.

IMG_0578This may sound complicated, but thankfully not. I use a company called Private Internet Access (www.privateinternetaccess.com), who provide a mobile app on iPhone and Android that has just a simple on/off switch. Simple as that. Goldenfrog’s VyperVPN offer a similar service too.

As a general rule, my mobile phone has a VPN connection on all the time – whether I am connected to my home network, through my mobile data connection, or any other wireless network. I’m happy that I know all my data is safe and secure.

Another added benefit to using a VPN service is that with a couple of clicks, your device could be connected to a different country – from Sweden, America, Switzerland to India, Japan, Brazil to name but a few.

So how much would you think this would cost? A lot of money you might say? Not at all. For me, it costs just under $40 a year, so around £30. Putting it simply, around £2.50 a month depending on exchange rates, so less than the cost of one coffee per month.

Is it worth it? Yes. If you want to protect yourself, you need more than just a password on your device, you need to make sure your connection to the internet is completely secure. You don’t know who could be watching your internet access.

IMG_1202

As you can see, Mr. KP51 RZM feels that parking on double yellow lines on a roundabout (of sorts), blocking a lowered curb to get a sandwich is more important than giving a disabled man on a wheelchair access to the pavement after crossing the road.

This poor chap had to travel in the road in the wrong direction to find a spot where he could safely mount the pavement again. At the same time as well, looking after two small children.

After posting this picture on Facebook, it has grown a large number of abusive comments towards this driver rightfully given to him.

So, if you are reading this, Mr KP51 RZM, I personally hope you choked on your sandwich, and what you did eat gives you such chronic gastroenteritis that the sheer force of the ablution causes your rectum to prolapse. Your laziness endangered a disabled person and two small children.

 

A key safe is by no means safe. With a simple manipulation of the mechanics inside, you can get access to their contents within a couple of minutes.

IMG_1357IMG_6397

 

 

 

 

 

 

The key safe outside my flat is a very popular make based on a generic design from some Chinese company. By applying pressure to the release button and cycling through the keys, the correct buttons will either make a loud click when you press them, or you will feel resistance half way as you push down on it. The incorrect buttons will either not move at all, or will push down all the way without a click or any resistance half way down.

Once you have got all the numbers, click the clear switch, and then type them in. Due to the design of these safes, you dont need to enter them in any particular order. Once entered, you should be able to open it..!

 

So I sent off my email to the ‘bank’ and have had a reply back:

 Personal BankingSmall BusinessCorporate BankingHelpContact UsInline image 1
Attn: Andrew James Elliot Dixon
Address: Floor 13, 1001 Sauchiehall Street,Glasgow G3 7TZ,United Kingdom
Tel:
SUBJECT:OFFICIAL QUESTIONNAIRE
 
Kindly view the attached file for Official Questionnaire fill and return


We therefore anticipate your co-operation 

 
 
 
 Yours faithfully,

Mrs.  Angela Bhadmus,

For : Dr.Serge Nguessan ,
Director of Operations.
Boad  – Lome TOGO
Fax: + (228) 22 33 93 19 

Tele:+228 97902347

———————————————————————————————————————————————————————–
Banque Ouest Africaine de Développement (BOAD) TOGO. Place du petit mache , Rue Koumore Togo. This e-mail is intended only for the above addressee. It may contain privileged information. If you are not the addressee you must not copy,  distribute, disclose or use any of the information in it. If you have received it in error please delete it and immediately notify the sender. Banque Ouest Africaine de Développement (BOAD)is authorized and regulated by the Financial Services Authority and represent only the Togo Widows and Bank Of Togo Marketing Group for life assurance, pensions and investment business. Signatories to the Banking Code

With the obviously over stamped form:
QUESTIONNAIRE
Wow, its been ‘dispatched’!!
Time to do some creative artwork

I got a reply! Woo!

 

Thanks very much for you reply. I’m very happy that I gotten someone that will carry out the wishes of my late husband. Please I want you to reassure me that you will carry out the task.

Secondly you need to send to me the below details.

1. Your full names and address.
2. Telephone numbers

Finally I need a little explanation or plan on how you would handle the fund once it is released to you. Once I get your reply I shall send to you all documents involved. Please pray for me always.
Once again thanks for your reply. God bless you.

Yours in Christ,
Mrs.Judith Jones

 

Wait, what? She has changed her name! Okay, this could be a test, so lets play dumb. As much as it makes my bile rise, I will pretend to be a Christian, and to keep it consistent, I am still greedy with names, and I am still deaf.

Blessed be in the day of our lord,

My full name is Andrew James Elliot Dixon, I do not have a telephone number since god blessed me with deafness. My daily challenge will go rewarded in heaven where I will finally be able to hear music for the first time.
With regards to any monies due to me, I would offer it in good Christian Charity to my local church where it will be used to repair the roof and the bells to shelter and signal time for our worship OUR ONE LORD JESUS CHRIST.
Godspeed, Judith.
Yours in Christ,
A