Hello and welcome to the Tuesday, February 7, 2020,

edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Of course, you probably have heard already about the tragic earthquake that hit Turkey and Syria last night.

With tragic events like this, we often have scams emerging.

So publish a couple tips how to evade some of these scams.

Probably something that you want to share with friends.

Don't think a lot of listeners necessarily to his podcast will be too susceptible to it.

But it's something that keeps coming up.

And if you see anything, please let us know.

In recent years, some of these scams have become less visible, a little bit more difficult

to track, as a lot of them are targeting individuals and groups on social media.

In particular, for example, if you have links to the region affected by the disaster, you

may, for example, see on related Facebook groups or such some of

these scams popping up. That, of course, makes them harder to track down because they reach

sort of a more targeted audience. So let us know if you see something and of course with earthquakes, there are always

these sort of unpredictable surprise results. So there is often a certain lag in some of these

scams showing up. And in a second post today, I wrote about a little trick that you may find helpful to track systems that are infect, in particular sort of IoT devices and the like.

One of the things that I see many of these bots do if they infect the device is they try to look up what is the public IP address of the device. And in order

to do so, they're typically connecting to one of a small number of APIs that return the public

IP address. So you can look for DNS lookups, for host names or for HTTP requests if you have the

visibility for these APIs in order to detect possibly infected systems.

...