Rebecca Herold

The Privacy Professor's
Tips of the

Game On!


  The frauds, scams and abusive practices just keep coming - kinda like the well-trained offensive strategies this fall's football squads will bring to the field. As fans cheer on their favorite teams, they'd be smart to also keep their own guards up and active.

Read on for the latest tips and tricks on mounting a defense against privacy abuses this fall. 

Fans and Supporters Make Ideal Victims

It's not only football season; it's also campaigning time in the U.S. And scammers are using this to their benefit.

The Better Business Bureau of Arizona recently reported on several scams designed to take advantage of unwitting supporters. Here are just two of the scams reported:

Public opinion poll scam: A recording offers a "free cruise" for participating. At the end of the call, consumers are asked for a credit card number to cover "port fees and taxes."  There is, of course, no free cruise.

President Obama paying utility bills: Consumers receive social posts, direct mail and even personal visits to their home making this and other similar claims. Scammers ask for bank routing and account numbers to make the arrangements.

Watch Your Field Position

Increasingly, social network tools are asking users for their location information. In exchange, the associated social networks promise improved usability, better connectivity to "friends" and even in some cases financial savings.

Because most of this functionality operates within a set-it-and-forget-it framework, users have a tendency to do just that - forget who they have allowed to know their exact whereabouts at any given moment. As a result, some people have accumulated dozens of social networks tracking them! Think about it; it's scary.

Two developments underscore the dangers of enabling these location-based social tools to follow you and to then publish your geographic location:

 Facedeals - This relatively new app allows strategically placed video cameras to recognize you and to auto-publish your whereabouts. Why would anyone sign up for a service like this? Because the retailers partnered with Facedeals, which now has users' photos and personal information, offers deals and other savings opportunities that users often find too good to pass up. (I would love to see a privacy impact assessment (PIA) done on the Facedeals' business practices.)

Criminal Resource - You've likely heard "Opportunity makes the thief." In today's world, that opportunity has increasingly become location-based and created through other social networking tools. Criminals no longer need to look very hard for their next victim. Often it's as easy as opening an app and seeing who's nearby. Take this incredibly disturbing incident, for example.  



I Could Fill a (Play)Book


I've been in the information security and privacy compliance profession for a long time. During that time, I've been lucky enough to build an extensive number of training and education programs designed to help companies protect themselves, their employees and their clients.

And I could fill a book with concrete examples of how training has vastly improved my clients' information security and privacy outcomes. 

At least once a year, someone argues that such programs are a waste of budget - that fraudsters will forever be one step ahead and employees will never truly understand, so why even try. I can't begin to tell you how upset this makes me - and many of my peers.

If you feel the same dismay when you read this hogwash, drop a comment on my recent blog post, which discusses the dangers of continuing to publish this nonsense.  


Hackers Have Home-Field Advantage

Don't post risqué photos online.


Many of you reading that warning may be thinking "No kidding." But, you'd be surprised how many seemingly self-aware, intelligent, should-know-better adults continue to participate in this risky behavior.

Even if you believe you are posting photos in a private or password-protected location, keep this in mind: If it's on the Internet, it's vulnerable. Hackers have been at this for years and know exactly how to get into "protected sites" to gain access to your information. Plus, the people to whom you've given access to your spicy photos can also copy and post them elsewhere for the world to see and to your embarrassment.


This is particularly evident with the emergence of a recent hacker trend called "fusking." Fuskers hack their way into secure sites with the sole intention of finding nude and other compromising images. And doing unthinkable and unsavory things with them.

Keep in mind the young people in your life may lack the common sense or the perspective necessary to understand just how vulnerable images like these can be, nor what kind of an impact their publication could have on their lives. Frequent reminders and modeling appropriate online behavior are the best ways to prevent your children and others from a potentially life-changing bad move online.
Spammers Attempt Hail-Mary Blasts

If you're anything like the majority of the population, your use of text messaging has increased dramatically in the last two years. While I'm using it mostly to communicate and stay in touch with my teenagers, many of my clients and partners have begun to use texting for business, as well.

Marketers are keenly aware of our increased texting behavior, and many are banking on that behavior to drive sales. Scammers, too, are hoping more texters equals more victims.

Enter spam texts.

At a minimum, unwanted blast text messages can be costly for a mobile phone user, who may be charged a fee by his wireless carrier for every incoming text he receives.

But the bulk messages are more than annoying and costly; they are potentially dangerous, as reported by Dayton Daily News. Some of these texts are designed to collect sensitive information, such as account and social security numbers. Armed with that information, bad guys easily migrate from spammers to identity thieves.
Your Personal Information - Intercepted!

 New technologies allow for new tricks, but the old dogs are still using some of the tried-and-true methods for scamming people out of their money. Here are two recent phone scams still plaguing society. Make the elderly friends and family you care about aware of them:
Tax Collector - Traditionally targeting the elderly, these fraudsters call in and pose as a "tax collector," threatening any number of consequences for failure to pay a tax bill. In particularly scary situations, the faux tax collector actually shows up at the victim's door to collect.

Medicare Representative - In these phishing scams, the caller poses as a Medicare employee and asks the victim for personal information in order to send out a new Medicare card. The scams typically run in conjunction with headline news about changes to Medicare, often during heavy political campaigning. 
Data-Collection Fumble Results in $9 Million Loss

As part of a proposed settlement, Netflix has agreed to change its data-retention practices. It will now separate a subscriber's viewing history from that user's identification information. They have also agreed to pay $9 million into a settlement fund.

Although the settlement has not been approved by a judge, it's an important example of the consequences that may arise from your own company or business's data collection policies.

If you are a current or former Netflix subscriber, you can find out more at videoprivacyclass.com.
Throw a Flag on Travel Scammers

Although we are on the tail end of travel season, savvy fraudsters are still praying on the rolling stones among us. If you're planning to be on the road, be on the lookout for their trick plays.

One example is a recent report coming out of Colorado. Hotel guests there received calls from the hotel management asking them to provide personal information. The caller claimed to be having technical difficulties with the hotel's system and needed to reenter the guest's information. The call was not coming from inside the hotel.

Travelers are also falling victim to hackers who set up fake wireless networks that mimic a hotel's legitimate network. As soon as a hotel guest connects, all of his or her information is visible to the crooks.

Another scary privacy abuse comes to us courtesy of Privacy Tips reader Jonathan D. Abolins, who shares an increased incidence of border patrol demands on tourists in Israel. In response, Jonathan provided the following tips:

* Even if risks are low, look at your email data and its extensions to consider how serious it would be if others got to look at the info.
* If your email access requires a token, do not take that token with you when travelling abroad.
* If you're at risk of border-patrol login, mentally and otherwise prepare for such a possibility. Understand your rights, and be sure to share your travel plans with a trusted friend or family member who can investigate if you do not arrive when expected.

Privacy Professor on the Road


Here are a few of my upcoming speaking engagements. If you are at the venue, please come up and say "Hi!"






For those of you in the healthcare industry, or business associates of healthcare covered entities, here is something else you may be interested in: I am also co-presenter for the HealthcareInfoSecurity.Com webinar: "Dept. of Health & Human Srvcs: Privacy and Security Strategies for Smaller Healthcare Entities"



This month I was honored to be named one of the most influential people and groups in online privacy by Techopedia.com. Check out the rest of the list, as there are some truly top-notch professionals included.
Anytime you or your colleagues achieve a WIN for privacy, I hope you'll drop me a line to let me know. Go team!
Rebecca Herold, CISSP, CIPP
The Privacy Professor®
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564, Business: 515.996.2199