Hello, welcome to the Friday, August 24th, 2018 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and the time recording from Stockholm, Germany.

Sometimes fishing really doesn't take a lot of work or resources, and Xavier came across a number of fishing scams actually that took advantage of

Formcrafts.com. Formcrafts.com is not a malicious site. It allows you to set up simple forms

that users submit and then it collects the data from it. And they even have a simple plan

for small forms with a few submissions and this

is exactly what fissures take advantage of so they cannot change the domain name here they have to

use formcrafts.com but then of course the page name they can try and find one that looks good to the victim.

And Xavier was poking a little bit around there.

And for example, found pages like Webit, IT helpdesk, IT support,

which served up login forums, collecting users, credentials, and other information in some cases.

I mentioned before that not all VPN applications are created equal. Some of them just don't work.

Others do not encrypt your traffic. And then there's always the risk that the endpoint of the VPN connection could

intercept and could inspect any traffic that you're passing through this VPN.

A special mention here deserves Onnavo.

Onavo is a product that Facebook purchased a few years back and it was often advertised as Facebook

Protect. Now on first site it's well yet another one of these VPN applications and of

course Facebook is in charge of the endpoints. But the risk here is not just that Facebook

is able to inspect all traffic that you're sending via the VPN,

even if it's not going to Facebook itself.

In addition, it will send a number of other data items to Facebook, like for example, Wi-Fi data usage.

Also, if you don't have the application turned on, so you are running the application, but you're not actually using the VPN, it will still report back any sites you're visiting back to Facebook

...