|
|
|
Fraudsters Crank Up the Heat in the Dog Days of Summer
It's hot. It's humid. It's muggy. While some of my southern hemisphere friends are enjoying the briskness of winter, here in the Midwestern United States, we are in the throes of summer. While humans and animals alike seek shade and lots of water, criminals, hackers and scammers are as busy as ever.
Read on for some of the latest threats, tricks and traps threatening consumers and businesses this season.
|
|
Bad guys are after me
Many people are surprised to learn I intentionally engage in unwise online behavior. Purposefully making myself a target online allows me to stay current on the nastiest of phishing scams. The key is I know when to stop engaging before anything nasty happens. Check out just two of the many scam attempts I received in July.
Wells Fargo? Not so much
Here is a screen capture of a very convincing phishing attempt purportedly from Wells Fargo. The first red flag? When I hovered my mouse over the link, it displayed thebadgirlbookclub . com. Clearly not an organization associated with the bank. The second? I don't even bank with Wells Fargo! And the third red flag, it is addressed to "Recipients." A legitimate bank will not send a message to a specific customer without an actual email address in the To field. When a message of this type is addressed to "Recipients," it is most usually a phishing attempt.
Not Microsoft Either
A scammer called to say my Microsoft license had expired and my system would crash in one to two weeks if I didn't renew it through him. You can listen to the recording here. If you get a call like this, do not do what the caller says. Just hang up. He or she is attempting to access your computer to install malware, ransomware or some other nefarious software. You'll hear I played along, but again this is intentional bad behavior on my part so you could hear the kinds of things these crooks typically say.
Side note: The phone number that showed up when he called, 916-452-728, showed only 9 digits - another indicator of a scam in many parts of the world.
|
Sophisticated malware with prehistoric names
|
| |
Stella, my sweet Doberman I was blessed to find 10 years ago at the animal shelter. Loves to hunt for shed deer antlers in our woods & bring them to the house.
|
Two of-the-moment types of malware causing serious damage sound like dinosaurs to me: Stegoloader and Rombertik. Here are a few things to keep in mind as you work to avoid a run in with these nasty creatures, which very much still roam the earth:
Rombertik, which often uses apps as an infection pathway, can also trick users into installing it via attachments in phishing emails. And it's smart - if Rombertik sees it has been discovered, it will trigger evasion techniques, putting the PC into a restart loop until the operating system is reinstalled. When that happens, every file you ever had is just as good as gone (all the more reason to keep good backups!).
Although not new, Stegoloader seems to be circulating more widely and quickly than in the past especially in healthcare. It's a Trojan malware that embeds its code inside PNG or video images to keep it from being detected. Once downloaded, Stegoloader steals files, such as those containing passwords, health information and other data valuable to criminals.
For information on protecting yourself from these primitive-sounding, yet all too modern, pieces of malware, check out my post on Dell's Power More blog.
Smart online behaviors
A few recent headlines bring with them reminders of good digital habits:
Gmail's "new" unsend feature: While this feature has been around for some time, it received a lot of coverage from bloggers and other news outlets in July when Google began activity promoting it. The feature essentially allows you to change your mind after hitting send on an email. The feature is a good reminder to always double check your recipients to avoid inadvertently sending information and data to the wrong party.
Jim Carrey borrows a photo: When the actor used a photo that wasn't his to help promote an idea on Twitter, the original owner wasn't exactly star-struck. The story is a good reminder never to copy and paste or download an image from the Internet unless you have permission from the rightful owner.
Police and now teachers have body cameras: In my home state of Iowa, at least one school is getting ready to equip its teachers with wearable surveillance. It's another reminder that even your offline behavior has to be in-check, as you never know when it may find its way online. In fact, as I was drafting this Tips message, I stumbled upon this story of a comedian airing the private conversations of people in New York City.
|
|
3 organizations you should know
I'm so excited to have accepted invitations to advise the following organizations:
DFLabs: I'm thrilled to join Dario Forte and his team at DFLabs, which is based in Italy. As a member of DFLabs Board of Advisors, I will explore the many privacy issues involved in responding to cybersecurity incidents and forensic investigations.
Prevendra: A long-time friend and colleague, Christopher Burgess started his company to "protect person and property both online and off." In my role as an advisor for Prevendra, I will provide support for Prevendra's service and provide input as requested. I am happy to recommend Prevendra's service, Red Folder, as an excellent tool for getting all your digital online and offline accounts and instructions in order. And doing so in a highly secure location for your use today and tomorrow. In the event you are unavailable, your designee(s) can engage on your behalf and with your requested action in hand.
IANS: Provider of in-depth security insights and decision support, IANS
has asked me to join as a faculty member. IANS' faculty members are independent thought-leaders in the information security community. I look forward to providing IANS clients with privacy and information security insights and decision support, as well as participating in IANS education events and offerings.
|
Small businesses face big payments threat
 Take a taxi to the farmers market, buy a few items and then visit your stylist for a trim. If you used plastic to pay each of these vendors, you have just shared your credit card credentials with three different entities. Are they safe?
Increasingly, small business owners are working with emerging mobile technologies and fledgling startups to offer credit and debit card transactions to their customers. The convenience is off the charts. Everyone loves it! But how safe are we as we hand over our account information to be passed through innovative tech systems?
In this post by Prevendra's Christopher Burgess (That's him above with his faithful companions Sara & Dewey in his beautiful yard.), he discusses why some small businesses, particularly retailers, are hesitant to upgrade their payments systems. It's something to keep in mind as you transact with a variety of businesses.
|
The FBI's really bad idea
You may have heard the FBI is calling for developers of encryption to install backdoors (or keys under the doormat, as MIT has called them). The concept is to allow the government access to otherwise protected information anytime it wants. To those of us working with security technology daily, this is a terrible idea.
For starters, it sets up the U.S. to be viewed globally as producers of weak encryption. U.S.-based terrorists, I imagine, know how to shop internationally if they're looking for true encryption.
Sure "encryption on mobile devices is complicating the FBI's job," but it's also keeping our data and information safe. Backdoors designed to catch the bad eggs weakens encryption for everyone.
Believe me, the irony of the FBI director's comments on the need for weakened encryption just as the Office of Personnel Management (OPM) is hacked was not lost on me (nor, I suspect, on anyone else watching his testimony before Congress).
Earlier this year I provided compelling reasons why weakening security tools in this way is a very bad idea. I'd certainly love to hear your thoughts. Drop me a note at [email protected].
|
| Squeaky may not have been a dog, but she could
sure fetch & shake like one! |
|
Breadcrumb trail also shows where you're headed
|
| |
With my beloved Buster, a Rottweiler and Doberman mix, who lived with us for 16 years, and our adorably sweet Dotty.
|
You've heard of Big Data and the Internet of Things, but what about Pattern of Life (POL) analytics? As my friend Lisa Brownlee shares in her Forbes article, POL is a computerized data collection and analysis method used to establish past behavior, current behavior, and predict future behavior. Haven't I seen this concept in Philip K. Dick's Minority Report?The future is now.
POL is also known as profiling, and all manner of companies, organizations and government bureaus are relying on it better market, track and learn about human stakeholders (i.e. you and me).
The privacy ramifications are obviously huge. I will keep an eye out for POL news and continue to share it here in the Tips messages, as well as on LinkedIn, on Facebook and my blog.
|
Privacy Professor on the Road
I have a growing list of presentation and training events confirmed. Here is one of the public events I'm schedule to attend. Stop by and say hello if you'll be in the area.
October 20 - 22: I will be doing a variety of meetings at Dell World in Austin, Texas
November 9 - 11: I will deliver multiple sessions at the ISACA Euro CACS Conference in Copenhagen, Denmark
Privacy Professor on the Air
If you get a moment, watch my recent appearance on the Great Day KCWI morning show. We talked about how the multi-state lottery experienced the greatest of insider threats. It's juicy stuff that truly has the makings of a Hollywood blockbuster! If you happen to be looking for a great case study, the lottery incident covers many different concepts and demonstrates why layers of security are necessary.
|
Questions? Topics?
Do you have any topics you'd like to see me discuss on the Great Day KCWI morning show? Or, any you'd like for me to answer in my next monthly Privacy Professor Tips? Please let me know by sending an email. I've also just added some easy to use "?" buttons on my sites you can use! See here and here.
Need Help?
If you need any help with...
... get in touch with me; I would love to help you!
You Have My Permission to Share
I receive a lot of requests to repurpose the information contained in these Tips messages, so I wanted to drop a quick note in here to say, "Yes, I approve!" Feel free to forward this in its entirety to others. If you want to use only excerpts, then please use the following attribution so that others will know where to find me if they have additional questions about the material you pass along. **NOTE: This permission for excerpts does not extend to the images in this email. Most of the photos are my personal photos. For the others, we have gotten permission to use them or paid for their use only within this tips message. The images can be forwarded within this message, but cannot be removed and used elsewhere. If you want to use them, contact me.
|
|
|
| | Tippy, a sweet Cockerpoo, became my beloved pet the year I turned 10. |
While we may not love the dog days of summer, we love summer days with our dogs. Thanks to Christopher who allowed us to share an image of his pooches. What fun!
Please let me know of your ideas for illustrating the monthly Tips message. I'm all ears!
Hope you have a dog-gone great August! See you next month,
Rebecca
|
|
|
|
|
|
|
|
Rebecca Herold, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI
The Privacy Professor�
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564
|
|
|
|
