Singapore raid uncovers fake software sold as the genuine article in Asia Pacific

A fake COA featuring the product name printed on the label with no anti-copy security features.

Microsoft has revealed that the case of a reseller in Australia caught for possessing counterfeit Certificates of Authenticity (COAs) and other counterfeit software and components has been traced back to a supplier in Singapore. 

COAs are stickers or labels that are usually attached to the retail packaging of products such as Windows, Office or Windows Server to certify the software’s authenticity. While COAs have no commercial value and cannot be sold independently, they give the impression that the pirated software is licensed and legitimate when it is not.

A genuine COA features the product name printed on the label and also contains anti-copy security features such as: an interwoven security thread – this is built into the paper and random paper fibres are visible when the thread appears at the surface – and colour shifting ink, which changes from green to magenta when viewed from different angles. 

Earlier this month, the Intellectual Property Rights Branch (IPRB) of the Singapore Police Force raided the reseller’s retail premises at Sim Lim Square, where over 1,000 pieces of counterfeit Windows 8.1 COAs and another 1,000 counterfeit software and counterfeit components, worth an estimated S$167,000, were seized. This marked the largest counterfeit COA seizure in Southeast Asia to date, and the biggest cross-border counterfeit COA case involving Singapore.

Detailed investigations over the past few months has yielded evidence that the reseller has been distributing large quantities of counterfeit COAs to new and refurbished computer resellers located in Singapore and overseas. These resellers would then mislead consumers into believing that the pirated software installed in their devices are genuine. 

In this case, Microsoft was alerted by its team in Australia who had been investigating the case of a reseller selling over 500 pieces of fake COAs. The team subsequently traced this back to the the perpetuator in Sim Lim Square in Singapore.

Following the raid, Microsoft has issued an advisory to remind consumers and small businesses to be wary of hugely-discounted software offered by resellers, and to purchase software only from authorised retailers to avoid the unintentional purchase and use of counterfeit software. This advisory is also especially timely for consumers as Windows 10 will be available as a free consumer upgrade to qualified new and existing devices running genuine Windows 7, Windows 8.1 and Windows Phone 8.1.

Genuine software typically carry COAs featuring the product name printed on the label and containing anti-copy security features such as interwoven security thread and colour-shifting ink edge. 


"COAs deploy numerous security features that are usually hard to replicate but if the consumer does not pay attention, they may not realise what they had purchased is counterfeit and would have paid good money for fake software. As such, consumers must be extra vigilant when making their computer purchases. We strongly encourage consumers to make their purchases from a reputable computer dealer and insist on only genuine software in order to avoid any potential issues in the future,” said Jonathan Selvasegaram, Corporate Attorney, Digital Crimes Unit, Microsoft Asia.

“Software piracy has evolved and we are now seeing cross-border cases such as this where the fake COAs were found in Australia before tracing it back to the source in Singapore. While the motivation factor for purchasing counterfeit software in emerging markets boils down to cost, the situation in developed markets such as Singapore are different as we are seeing consumers being duped in believing that the software they are purchasing are genuine. Software piracy remains a major concern for everyone, because of the damage it could cause for unsuspecting users. Such software could expose computers to spyware, malware and viruses that can lead to identity theft, loss of personal data, and unexpected system failures. The risk is also very real for businesses as operational disruptions caused by malware and viruses could potentially lead to heavy financial losses for them.” 

According to data collated by the Microsoft Cybercrime Satellite Centre in Singapore, which serves as the Asia Pacific hub for Microsoft’s Digital Crimes Unit to undertake cybercrime and cybersecurity initiatives in the region, more than 4.1 million malware pings have already been detected from 8,400 Singapore IP addresses in this week alone. These pings indicate attempts by malicious botnets installed in these computers to contact the cybercriminals that are controlling them, presenting imminent threats to consumers and businesses located here. 

Additional analysis of the data revealed that the current top threat in Singapore and Southeast Asia is posed by the Bladabindi/Jenxcus (B106) botnet – a malware family that has the ability to steal sensitive information from users. If the malware is not being actively disrupted, unsuspecting consumers and businesses could face the potential loss of important information that might fall into the hands of malicious cybercriminals.

Separately, a joint study conducted by International Data Corporation (IDC) and the National University of Singapore (NUS), titled 
The Link Between Pirated Software and Cybersecurity Breaches, released in March last year, found that enterprises in Asia Pacific (APAC) are expected to spend nearly US$230 billion to deal with issues caused by malware deliberately loaded onto pirated software. The majority of the cost (US$170 billion) will go into dealing with data breaches, while the remainder will be utilised to deal with security issues. In addition, the study revealed that 65% of APAC consumers survey said their greatest fear from infected software is the loss of data, files or personal information, followed by unauthorised Internet transactions (48%) and potential identity theft (47%).

”The majority of businesses in the Asia-Pacific region do not have a full understanding about the security and malware risks that counterfeit and unlicensed software brings, and that needs to change with urgency. According to our BSA Global Software Survey conducted last year, a striking 62% of software installed on computers in this region in 2013 were not properly licensed – this represents a 2% increase over the same figure in 2011. While Singapore has one of the lowest rates of unlicensed software use in the Asia-Pacific region, it is still important for both consumers and businesses to be vigilant in face of the rising security threats and increasing sophistication of cybercrime across the world,” said Tarun Sawney, Senior Director – Asia-Pacific, BSA | The Software Alliance.

Singapore has one of the most stringent copyright laws where offenders, if found guilty in the court of law for the manufacture for sale, sale of infringing copies and possession or importation of infringing copies, are liable to a fine not exceeding S$10,000 for each infringing copy, up to a total of S$100,000 per charge, or imprisonment for up to five years. Offenders may also be liable to both a fine and imprisonment if found guilty.

Interested?

Verify the origin of Microsoft products at the Microsoft website.

Read the WorkSmart Asia blog post about a Microsoft raid in 2014.

Read the TechTrade Asia blog post on IDC-NUS study about the cost of malware in pirated software.

Xaxis Prime combats digital ad fraud

Xaxis, one of the world's largest programmatic* advertising platforms, is addressing ad fraud what it says is the ad industry’s first fully programmatic product to guarantee human viewership for advertisers’ digital brand campaigns. 

Xaxis Prime extends beyond pre-bid analysis** and post-campaign blacklisting to dynamically identify and block robot traffic and suspicious sites, the company said. Existing fraud prevention safeguards have been combined with new technologies including a proprietary human verification tool based on internal and partner technology from Adara, Solve Media and Moat.

Types of fraud Xaxis Prime protects against include botnets, ad insertion or redirection, CMS/OS hacking, robots designed to behave like humans and robot retargeting. In addition to helping advertisers, the new product introduces several powerful new tools for Xaxis’ publisher partners to ensure only humans are viewing their inventory. These include proprietary, internal detection processes and integrated third party verification tools. These tools enable Xaxis to provide feedback to publishers on the inventory posing the most risk, allowing them to identify the cause and eradicate it prior to selling to Xaxis or other buyers. 

One way that Xaxis Prime guards against fraud is through tracking genuine visitors through answered captchas, completed transactions or specific human behaviours such as creative engagement and social sharing. These verified visitors are then cross-referenced in the Xaxis data management platform (DMP) against pre-bid impression evaluations and post-bid analysis of traffic metrics to provide an assurance that the traffic is indeed human.

At rollout, Xaxis Prime delivers a no-fraud guarantee across the Xaxis Marketplace. In addition to the proprietary human verification tool, Xaxis Prime guarantees 90% viewability, 95% brand safety and includes ongoing audits of all inventory, pre-bid impression evaluation, post-campaign reporting to validate inventory and audience that was acquired.

“Xaxis Prime represents the next step in our ongoing efforts and investment to combat digital ad fraud and ensure our clients achieve the highest possible real performance,” said Larry Allen, SVP of Business Development at Xaxis. 

“Ad fraud is an international problem impacting both advertisers and publishers. With Xaxis Prime, brands get a simple and powerful guarantee for their digital brand advertising across the top premium publishers.” 

*Programmatic technology allows advertisers to bid for the privilege to display an ad based on various rules, such as the types of viewers or the type of content displayed on a page. 

  

**Data can be pre-qualified before a bid is placed so that bids on fraudulent inventory are avoided or minimised.

That bargain cellphone you just bought could be fake

Black-market sales of counterfeit and substandard cellphones are a US$6 billion a year problem worldwide, according to a new report from the Mobile Manufacturers Forum (MMF). The global analysis of counterfeit and substandard cell phones, titled Counterfeit/Substandard Mobile Phones - A Resource Guide for Governments, covers all major cellphone brands.

"Research estimates sales of around 148 million counterfeit or substandard cellphones in 2013 through visible retail sites, with many more expected via unofficial retail outlets, online auction websites and local black markets," MMF Secretary General Michael Milligan said. 

Your phone might not be genuine.

In India alone counterfeits make up more than 20% of the cellphone market, causing US$1.5 billion annually in lost sales, US$85 million direct tax losses and US$460 million indirect tax losses.

"Counterfeit phones are made with cheap sub-standard materials and have been shown to contain dangerous levels of metals and chemicals like lead," Milligan said.

People often unknowingly purchase fake cellphone products on the internet when trying to find a cheaper price. The website http://www.spotafakephone.com helps identify and avoid potentially dangerous fake cellphones, batteries and chargers.

Some of the telltale signs of fake cellphones are:
 
IMEI Number. Genuine cellphones have unique serial numbers to register to a carrier network. Counterfeits often have duplicated or invalid IMEI numbers.
 
Price. If it sounds too good to be true, then it probably is.
 
Poor quality. Look for inaccurate printing, misspelled words, crooked label placement, signs of defective workmanship.