Something Phishy’s Going On

New Phishing Attack Targeting Gmail Users – What to look for & How to avoid it.

Our Gmail accounts have become a sort of internet passport, allowing us to access numerous invaluable services from a single account, which means that nearly every other ‘account’ we have is linked to it. Our entire online identity is tied to our Google account and if anyone were to gain unrestricted, unauthorized access to it, we are all at risk of potentially irreversible damage. Scarily, this is exactly what’s happening right now. Hackers are peddling a brand new, skilfully crafted phishing attack that can dupe even advanced users. If you don’t know what phishing is, see here.

Hackers are targeting Gmail users indiscriminately, using cunningly crafted emails to obtain the user’s account login credentials. When you receive them, the phishing emails contain innocent looking attachments and may make reference to emails you have recently sent to or received from those contacts. Basically, it’ll look like someone you know is sending you something you expect to receive or are likely to receive from them.

The innocent looking attachment will open in a new browser tab, which takes you to a page that looks identical to the Google Sign-In page. Users are tricked into entering their Google account login credentials under the guise of re-logging into their accounts for security reasons or simply as a formality.

If you do enter your credentials and attempt to sign-in, the hackers will have full access to your Google account and they’ll waste no time taking control of it and your information. You’ll lose control of everything including Gmail, Drive, YouTube and all of Google’s other services and potentially allow hackers full access to your Android phone, if you use one. If that isn’t enough, your account will be used to send phishing emails to all of your contacts exposing them to the attack.

So how do you avoid it? First of all, be aware of this scam and treat anything that opens a new tab with some suspicion. Gmail will rarely require you to randomly sign-in and when it does so, it’ll usually do so in the active tab.

Here are other important things to look out for:

Check the address bar on your web browser and always look for the Green Padlock and for indication that the connection is secure and trusted.

In the case of the Gmail Phishing Scam the genuine URL should look something like this:

The malicious URL may be very long and look like this:


Finally, if you haven’t already enabled two-factor authentication for your Google account, you should do so immediately.

Today it’s become an oddity to find someone who doesn’t have a Gmail account. Android is, by far, the most popular mobile OS and that makes a lot of people very vulnerable. But you shouldn’t be. By simply being aware, you are ahead of everyone else. Spread the awareness and stay safe online.

Check out our previous post about online security for more information about how to stay safe online.

Have you been attacked or do you know someone who’s been attacked? Tell us in the comments.

It’s a bird, a jet… No! It’s a Three-Wheeler!

The Three Wheeler Age may be at an end.

The rise of the three-wheeler or tuk-tuk is a perfect example of the market economy at play. Not everyone can afford a private car, even fewer can afford the hassle of parking those cars and for the middle class in Sri Lanka taxis are often a tad too expensive and buses not entirely convenient. This creates a ripe demand for quick, efficient and above all, cheap transportation. It’s this ripe demand that three wheelers supply.

Despite their notoriety three-wheelers provide a crucial service in Sri Lanka with its limited road space and appalling mass transit system. Economically, they support a large portion of the population directly and indirectly as there are now over 1,000,000 tuk-tuks in Sri Lanka. With a population of a little over 20 million people, that means there’s a tuk-tuk for about every 20 of us.

But now that we have seen the glorious rise of the tuk-tuk, are we about to witness the end of the tuk-tuk era. Why? Well, essentially two reasons: increased regulation and decreased economic incentive.

The first tuk-tuks to install fare meters came up against the full force of the Three-Wheeler Mafia, the loose band of warring groups of tuk-tuk drivers that played by their own rules. Still, driven by the market, meters prevailed as travellers preferred metered tuk-tuks over the ‘open outcry’ variety. Slowly but surely most tuk-tuks installed meters but a handful still remain unmetered and ready to rip unsuspecting travellers off.

The government has recently introduced legislation (*standing ovation*) that will make meters mandatory along with basic safety precautions. This will make operating a three wheeler less than savoury for the unsavoury, non-metered tuk-tuks in the business, possibly encouraging them to leave altogether. Taxes on three wheelers have also risen in the recent past and it’s only reasonable to expect more increases in the future, aimed at curbing the number of active three-wheelers, which is now, putting it lightly, a bit problematic. 😉

Competition in the form of a limitless supply of three wheelers, ‘nano cabs’, and ride hailing apps like Uber make operating three wheelers less economically attractive than in the wild days of outright highway robbery :-P, encouraging less productive operators to close shop. The advent of these other forms of on-demand hired transportation has also made it abundantly clear that travellers have been taken for a good ride by three-wheelers because it’s now possible to get a ‘nano cab’ with air-conditioning, an enclosed cabin, seating for four people, increased comfort and better safety for the same per-km price of a roadside three-wheeler.

While we’re certain that we won’t see tuk-tuks vanish any time soon, with increased regulation, decreased economic incentive and supply now beginning to outstrip demand, it’s inevitable that we will see a period of decline for the three-wheeler at least in the near term. But what we really hope will happen, is that the pressures currently faced by the market for three-wheel hires will turn it into a diamond of sorts, launching a three-wheeler revolution, if you will, resulting in economy, safety, decency and ethics.

Whether the age of the three-wheeler is entering its twilight years or not may be up for debate but what isn’t up for debate is that their cowboy, wild-west days are at an end, as far as fares are concerned at least.

What do you think? Are three-wheelers on the way out or just out of control? Let us know in the comments. ☺

Going Pro With Cyber Security

Sri Lanka’s First Cyber Security Degree Programme Launches

It’s very reasonable to suggest that you’re more likely to get hacked than smacked these days. In 2016 we saw massive increases in cyber security breaches affecting everyone from major governments, companies and the ordinary fellow on the street. In this heightened environment of ‘Cyber Tension’ the CICRA Campus, Sri Lanka’s pioneering information security training and consultancy provider, has taken the very prudent step to introduce, for the first time in Sri Lanka, a Bachelor’s Degree Programme in Cyber Security. The Degree programme is offered and conducted by CICRA in partnership with Deakin University in Australia.

Cyber Security as a profession is growing rapidly in Sri Lanka and around the world. A report published by Cisco indicates that there are currently more than 1 million job opportunities for Cyber Security Specialists and Forbes magazine has projected that by 2019 there will be more than 6 million openings for qualified experts in the field.

The Bachelor’s Degree in Cyber Security offered by CICRA, in partnership with Deakin University, will focus on this critical area and provide extensive, in-depth knowledge and training. CICRA says that the program will provide students with a solid foundation in Cyber Security Literacy and all of the technical skills required of a Cyber Security Professional by the industry, allowing graduates to stand out in the job market. To complete the programme a minimum of 100 hours in an internship position is mandatory, which only adds to the student’s experience and employability.

What we really like about the programme is that it’s flexible. CICRA has obtained a special license to offer the complete three-year degree programme right here in Colombo, allowing students to affordably complete their studies without leaving the country. The programme is also ideal for students interested in studying abroad or even migrating, allowing for the first year of study to be completed in Colombo and the remaining two years to be completed at Deakin University in Australia where, according to the Centre for Strategic and International Studies (a US Think Tank), there is plenty of opportunity, with Australia leading the world in the shortage of Cyber Security Experts.

Cyber Security has been an issue ever since the advent of the internet. Still, it has largely remained a niche area of interest until events like the Snowden Revelations showed us the extent to which technology can be misused and abused. That and the advent of high profile Hackings and groups of Hackers like Anonymous have firmly thrust Cyber Security into the spotlight. Given that the world is only becoming more connected and therefore more vulnerable, we feel that choosing a career in Cyber Security is an admirable way to serve one’s country and society at large. In this age of ‘Cyber Psychos’, kudos to CICRA for taking the initiative to provide Sri Lankans with the means to fight the battle right here at home.


If you are interested, check out the Degree Programme in detail here.

Coding Our Future

ICTA Launches the ‘All Children Coding Initiative’

Little is being done in Sri Lanka aimed at equipping students to take advantage of the opportunities available within the IT Industry, here and abroad. In this environment, it’s refreshing to hear about the ‘All Children Coding Initiative’ announced by the Information and Communication Technology Agency of Sri Lanka (ICTA), advocating the inclusion of Coding in the school curriculum.

Little known to most people, Sri Lanka has a vibrant, innovative software development, engineering and servicing industry. Sri Lankan IT companies have even developed the software that runs some of the world’s largest stock exchanges. Foreign earnings from Sri Lanka’s IT sector were expected to surpass USD 1 Billion last year, making it hugely profitable and creating abundant opportunities for computer programmers.

The ‘All Children Coding Initiative’ will begin with the development of a comprehensive Coding Curriculum, covering both primary and secondary schools. The initiative will start with a relatively small group of schools, teachers and students, with the goal of training 200 teachers and reaching at least 7,000 students within the first year. The project also hopes to reduce the gender gap that currently exists within Sri Lanka’s IT Sector, with women comprising less than 30% of the workforce. According to the ICTA, engaging and exposing children to coding at a young age is expected to result in more equitable gender participation rates within the sector, in the future.

Learning to code will serve you well, whether you’re a kid in school or somewhere further along in life. The modern world that we live in is driven by computers and computers are driven by code. So, if we want to change the world, we must be able to change what drives it. Think of Facebook, Google or Uber; they’ve all changed the world for the better.

Coding can be used to build anything, so it encourages creativity and makes us better at solving problems. It’s essentially what coding is, taking a problem, creatively solving it and mapping out the process of solving the problem in a logical, methodical way. Being able to solve your own problems or having the ability to help others solve their problems gives you a great sense of confidence and confidence makes you better and better at everything you do.

The ‘All Children Coding Initiative’ will surely have an uphill battle to fight, going against the (can we say, ‘archaic’?) Education System in Sri Lanka, but we feel that this is a great and essential step on the road to a knowledge-based economy and an increasingly digital world. We hope that the ‘All Children Coding Initiative’ will be a resounding success.

This YouTube Video provides an inspiring take on why coding is so important. Do check it out.

Tell us what you think about the ‘All Children Coding Initiative’ and if and how coding has impacted your life. Share your thoughts in the comments below.

Huawei’s New ‘Non-Exploding’ Phone

The New Mate 9

On November the 3rd, in Munich, Germany Huawei unveiled the ‘Mate 9’ smartphone. With a 5.9 inch 1920×1080 display it’s actually a ‘phablet’, a form factor we love. At the launch, Huawei took a jab at the unmitigated disaster that is Samsung’s Exploding Galaxy Note 7, unveiling the new Mate 9 as a ‘non-exploding’ phone 😛 The device is clearly targeted at the high end of the market and is intended as competition for the iPhone 7 and Galaxy S7.  

Did you know that many of the world’s mobile telecommunications networks are powered by Huawei technology and many people in Sri Lanka use Huawei products without even realizing it? If you use an internet dongle, odds are it’s Huawei. Google’s Nexus phones are also made by Huawei.

They are the world’s largest telecommunications equipment manufacturer and still, to many consumer’s, Huawei seems like an obscure mobile phone brand. That’s because they’re quite new to consumer mobile phones. It’s also possibly because they focus on creating great, beautiful looking, reliable technology and not on blowing their trumpets. Did you know that Huawei introduced dual cameras almost a year before the ‘revolutionary’ iPhone 7? Yep.

The Mate 9 boasts a 4000mAh battery, dual-SIM functionality, Octa-Core Kirin 960 processor with 4 cores at 2.4GHz and four cores at 1.8GHz, dedicated GPU, 4GB of RAM, 64GB internal storage, micro SD expandability up to 256GB, 20MP second-generation dual camera, 8MP front camera and all the other stuff you normally get with a great smartphone. All of this runs on Android 7.0. Phew! We’re blown away.

According to Huawei, the new Kirin 960 Chip is their fastest to date, so speed and smoothness will never be an issue. The 4000mAh battery is likely to be more than plenty and Huawei has finally included its own fast charging system, called Super Charge, which takes your battery from 0 to 60% in 30 minutes, full charge in 90.

By Huawei’s own admission, the new Mate 9 is designed for use by productivity fiends, business-types and young entrepreneurs. So its design is likely to appeal more to suits and ties and less to skinny jeans, hipsters beware. Still, we’re absolutely sure that when buying phones people look more at performance and what’s inside and less at what’s outside, possibly why the iPhone is so popular 😛

All in all, for us, the new Mate 9 is just about great across the board, except in one area. The screen resolution at 1080p is a bit of a let down on such a large and high end device but there was no visible impact when compared to its competitors. Everything still looks great.

Also, while it doesn’t bother us one bit, in fact we love it, some users might find the sheer size of the device to be somewhat logistically challenging and its plain, clear cut looks to be less than enthusing. Still, we feel the Mate 9 may turn out to be one of 2016’s best and it’s definitely the competition Apple and Samsung need and deserve.

Common-Sense – The Best Anti-Virus

How to Protect Yourself and Your Devices Online

Did you know that nearly all malicious attacks require the user’s authorization for them to be successful?

‘Really?’ you ask, ‘But then, how do so many people get affected?’ Well, because they don’t think before they click. To be more specific, they don’t read, spare a thought for the plausibility of the situation or exercise any common-sense before they click.

People are generally ‘clicker-happy junkies’. There’s no blame in this, though, because it’s common human behaviour and the ruthless, vile scum who perpetrate malicious attacks prey on common human tendencies. For example, most would click the ‘click to see Miley Cyrus naked’ button without hesitation, though we think such links have lost some of their potency in the post-twerking age. But that has not changed the common human curiosity to see other people, especially famous people, in saucy states of undress.

So how do you protect yourself? We can’t go into great detail because we don’t want this post to read like a dossier, but we will give you a general idea that you can expand on with some research, putting your clicker-happiness to some positive use. Attacks fall into two broad categories:

  1. Malware (includes Viruses)
  2. Phishing & Spam

Malware, short for malicious software, includes a broad range of evil, viruses amongst them. They commonly arrive via email attachments/downloads from the web and must be executed by the user for a successful attack.

Protect yourself by reading emails carefully before opening attachments. Verify that the email is from a trusted source. Be very cautious of generic subject lines like, ‘CHECK THIS OUT!!!’, ‘YOU WON’T BELIEVE THIS’ and the like. Ask yourself whether, in your experience, the sender would use such language. Always remember, WHEN IN DOUBT DO NOT CLICK. Be especially weary of executable files and office files. Always check that the email address of the sender is correct.

Phishing is a malicious attempt, by a third-party, to obtain sensitive information from you by masquerading as a legitimate organization. A typical scenario might go something like this; you receive an email from what appears to be Facebook Support asking you to verify your password and phone number. You are to click a link and follow the instructions and graphically, everything will appear to be legitimate.

Here’s what to look for, though. First always ask yourself, how likely is it for Facebook, or whatever the organization may be, to ask me for this? Next, check the email address and the URLs. If it is a button, hovering over it will show you the URL. This applies to pop-ups too.

Do the URL and email address make sense? In the Facebook example above:

A legitimate request might have a link like this:

But never:

Or there could be subdomain used, like this:

But never:

Always make sure the domain that the URL is pointing you to is the same as the domain used by the legitimate service. This is important when verifying email addresses too. Here’s an example:

Legitimate Email Address: “”

Malicious Email Address: “”

Spam is more irritating than harmful, but it can lead to malware infections and you exchanging hard earned money for copious quantities of snake oil. No, those penile enlargement pills don’t work, you won’t find the solution to your financial problems in your inbox and no, you cannot win the lottery or anything for that matter without having actually bought the lottery or entered the draw.

We are not in any way suggesting that Antivirus software isn’t essential, but being aware of what you’re doing, reading, paying attention and thinking before you click, “SITUATIONAL AWARENESS” is the best first line of defense.

Common-sense is a method of prevention and antivirus a method of cure and as the cliché goes, prevention is better than cure.


Tablets May Have To Swallow the Pill Soon

The Age of the Hybrid is Upon Us.

The tablet computer was a revolutionary leap in terms of personal computing at its inception. Enough computing horsepower for the average user was packed into one, often sleek device. They are excellent for web browsing, reading, photos, videos, light gaming and even some light word processing or spread sheets (if you have the patience :-P). No peripherals meant complete freedom. But tablets always lacked a certain ‘je ne sais quoi’.

With the arrival of hybrid devices like the Microsoft Surface Book and others like ASUS’s line of ‘Transformers’, the traditional tablet has been given a dose of steroids and has mutated into something that could and, in fact, already is turning out to be a dream come true. Hybrids retain all that is best about the tablet form factor that we all love, but then, plug it into its base and it’s like Popeye had some spinach.

Let’s just look at the Microsoft Surface Book for a second. While it is a very high end device it’s certainly a dream come true for many. Packing excellent features such as Core i7 Processors and dedicated Nvidia graphics and a gorgeous touch screen display, it’s quite the charm. Unplug it from its base, which consists of the keyboard, track pad and extra battery power and the Surface Book becomes a tablet with which you can do tablet stuff, like reading in bed or watching a movie on the couch. Plug it back in and you do actually, finally have a powerful laptop or even a desktop replacement. While the price is steep, buying a hybrid means you don’t need to have a desktop, laptop and a tablet so, really, it’s good value.

The move to hybrids has been made possible largely due to the windows platform. Since Windows 8, Microsoft has offered a seamless, cross platform operating system. With the exception of nearly all mobile phones, the Windows OS is able to run in both mobile and full desktop modes. This has seen a huge drop in the sales of tablets powered solely by a mobile OS like Android.

Just to put all of this into perspective in qualitative terms, consider these figures. In the last quarter of this year, 43 million tablets were shipped. This number is down 14.7% when compared to the same period last year. All the major manufacturers like Apple, Samsung and Lenovo posted declines in tablet sales. The only segment of tablets to see a rise was the very, very low end. Hybrids on the other hand, surged.

But we suppose that this is just the normal course of things. Tablets always lacked a certain something and when hybrids originally came out, they were awkward and a bit of a disaster. But they’ve come of age now and with beauties like the Surface Book, Transformers and others, well, we’d be unlikely to consider buying a traditional tablet ever again.