Fool me once, shame on you...
... fool me twice, shame on me. It's one of my favorite expressions because it reminds me who is best suited to protect us - ourselves! And our most powerful weapons are knowledge and information.

On April 1, consider celebrating April Fool's Day by sharing just one tid-bit from this newsletter with a family member, friend or co-worker to help build up that all-important awareness of the risks to our privacy and security.

Encourage friends, family and colleagues to do the same. No fools in this group!

I hope you enjoy the images in this month's Tips message, many of which come from my recent trip to Alaska. 
If They Want In, They'll Find a Way
Big news in the Apple vs. FBI legall battle over enrcyption backdoors
The U.S. Department of Justice and Federal Bureau of Investigation have dropped their lawsuit against Apple. Had they won, Apple would have been forced to build a new system that allowed the government backdoor access to its encrypted iPhones. Aside from the stateside concerns such a request caused the technology community, there are international business concerns, which I recently discussed with Redmond Magazine

Why did they give up? Because they found another way in - an unnamed hacker or hackers to get them the information they needed from their suspect's device.

As I shared with Tech Target, the DOJ and FBI's move wasn't entirely unexpected, but it may actually help Apple. At least they can more easily resist similar demands in the future by pointing back to this case.

Is it good for the average Apple user? Jury's still out on that one. If you are among the iPhone faithful, just know if law enforcement or investigators want in badly enough, they'll find a way. (Of course that's true for more than just Apple devices.)
Big Data Leads to Big Assumptions
What your data footprint says about you
People make decisions that impact your life every day - from HR directors to doctors. On what data are they basing those decisions? Big Data.

The author of this article shares a series of eye-opening data mining strategies executed by everyday decision makers.

Out of context, the data could lead someone to assume you are...

... homeless. New York City's Department of Homelessness Services is mining apartment eviction filings to see if they can understand who is at risk of becoming homeless and intervene early.

... prone to violence. Agencies are exploring statistical models identify children at risk of entering the criminal justice system.

... sickly. Hospitals are using data mining to predict which patients are more likely to be readmitted within 90 days.

... a bad student. Colleges have developed statistical programs to pick students who the model says are most likely to graduate, based on things like behavior on social media.

Smartly, the article's author asks: What happens when the data underlying a prediction made about you is wrong and you can't do anything about it? 

Credit Card Skimmers Ramp Up Efforts
With U.S. converting to chip cards, time is running out
Credit card skimming is not new, but the criminals executing the fraud seem to be getting bolder. Check out this dynamic duo, for instance, caught on camera installing their skimming equipment right under the nose of a gas station cashier. (Thanks to  Gal Shpantzer and George V. Hulme for the pointer!)

Worse yet, a growing number of these scammers are even working their skimming magic on the job; the problem has increased since this 2014 video.

Perhaps the crooks are feeling the pressure to steal vulnerable card data while they still can. As the U.S. payments system migrates away from plastic cards with magnetic stripes to plastic cards with chips and other systems, such as tokenized digital transactions, they may be getting a bit nervous. After all, the U.S. has been a gold mine for this kind of crime because it's one of the last developed nations to adopt the chip card standard, sometimes referred to as EMV.

Here again, avoiding the trap is up to us. Pay careful attention to where you swipe or insert your credit and debit cards. If something looks fishy, report it and move on to the next available terminal. Learn more about this threat in this round up of security and privacy threats I put together in advance of the holiday season. 

Your ISP Knows More Than You May Think
FCC wants to make changes
Did you know your Internet Service Provider can (and likely is) tracking the following:
A new proposal by the Federal Communications Commission would require ISPs get their customers' permission, not to track, but to share some of that information.

My personal kudos to the FCC director for his comment on the proposal: "All we're trying to do is to say let the person whose information it is reassert control that's been taken away by technology."
Tax Day and Other Scams Round Up 
Don't be fooled by these clever trick and traps
Accounts and controllers are sent emails that appear to come from the CEO, who is requesting copies of employees W-2 forms.

Caller pretends to be from the IRS and tells the victim IRS agents have already been to his home and his assets are frozen. Demands payment to avoid tax evasion charges.

Phishing emails lead taxpayers to fake web pages that look like the IRS website but are actually built to grab personal information that can lead to identity theft.

Crooks steal your discarded airline boarding pass to get at your home address, banking info, email address and phone number. (I had to remind my son of this very real vulnerability on our recent flight to Alaska!)

Crooks call senior citizens with a frightening message: that a grandchild is in jail and needs bail money to get out. (This is a tried and true method. It's old, but apparently circulating again, says the FBI.  
Privacy Professor On the Road & On the Air

A volcano southwest of Anchorage erupted earlier this week. The one we flew over (pictured here) last erupted in 2009 and was steaming. Could be the same one!
On the road again 

One of my favorite things to do is visit with leaders in different industries - healthcare to energy and beyond. Below is a schedule of where I'll be over the next few months.
April 12
April 14:
(Live & Recorded Webinar) Help Clients Handle Data Breaches
April 30 - May 1: 
(Live Presentation) 2-day workshop, "Creating a Privacy Program using ISACA's Privacy Principles," ISACA, New Orleans
May 2: 
(Live Presentation) PIA: Highway to Hell or Stairway to Heaven? ISACA, New Orleans

July 28: (Live Presentation) Internet of Medical Things conference, Princeton, New Jersey

Taking to the air waves

CWIowa LIve (formerly KCWI 23 Great Day morning show) regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes. I will be visiting in-studio again sometime in April. 

Fresh from the Privacy Professor Blog

Questions? Topics?

Have a topic I should discuss on the CWIowa Live morning show? Or, a question I can answer in my next monthly Tips? Let me know!

As April Fool's Day approaches, keep those you trust close. Take steps to educate yourself and them on the risks to your privacy and security. After all, information is our greatest weapon!. 

If you get a chance, spend some time in the natural world this spring. It's a great reminder of our place in the world. This trip to Alaska was amazing, and not only because of the majestic views... but mostly because I got to share it with my son!

Have a great April! 
Rebecca Herold
The Privacy Professor
Need Help?

Permission to Share

Want to repurpose the information contained in this Tips? Yes, please forward in its entirety. 

If you prefer to use only excerpts, please use this attribution:

Source: Rebecca Herold, Founder, The Privacy Professor®,,,, 

NOTE: Permission for excerpts does not extend to images, which are my own personal photos. If you want to use them, contact me.