A Review of the Best News of the Week on Identity Management & Web Fraud

Black Mirror episode with the social ratings? It’s live in China. (Sophos, Nov 26 2018)
Not picking up after your dog will cost you 10 points, for example, in China’s Black Mirror-esque plan to socially score citizens.

Microsoft’s multi-factor authentication service goes down for second week in a row (ZDNet, Nov 28 2018)
Another Microsoft’s Azure Active Directory multi-factor authentication service outage is causing problems for a number of Office 365 users.

FBI Takes Down a Massive Advertising Fraud Ring (Schneier on Security, Nov 29 2018)
“The FBI announced that it dismantled a large Internet advertising fraud network, and arrested eight people…It looks like an impressive piece of police work. Details of the forensics that led to the arrests.”

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Alleged Insurance Fraudster Arrested After Faking Death (Infosecurity Magazine, Nov 23 2018)
The alleged scam was busted when Alkon [the son of the guy who was supposed to be dead] was stopped by customs in Detroit on returning from a trip to Moldova. On his laptop, agents discovered photos of his father taken in April and May 2013, alive and well.

How Surveillance Inhibits Freedom of Expression (Schneier on Security, Nov 26 2018)
“…the value of privacy. I talk about how it is essential for political liberty and justice, and for commercial fairness and equality. I talk about how it increases personal freedom and individual autonomy, and how the lack of it makes us all less secure. But this is probably the most important argument as to why society as a whole must protect privacy: it allows society to progress.”

Social media scraping app Predictim banned by Facebook and Twitter (Naked Security – Sophos, Nov 28 2018)
Predictim analyzes Facebook, Instagram, and Twitter accounts to assign a “risk rating” from a scale of 1 to 5, offering to predict whether babysitters or dogwalkers might be bad influences or even dangerous.

The passwordless web explained (Naked Security – Sophos, Nov 22 2018)
On 20 November 2018, Microsoft announced that its 800 million Microsoft account holders could now log in to services like Outlook, Office, Skype and Xbox Live without using a password.

Half of all Phishing Sites Now Have the Padlock (Krebs on Security, Nov 26 2018)
“Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.”

Facial recognition traffic camera mistakes bus for famous woman (Naked Security – Sophos, Nov 29 2018)
China’s air conditioning business queen Dong Mingzhu was recently outed as a jaywalker – thanks to an ad on the side of a bus.

Losses from online payment fraud to reach $48 billion annually (Help Net Security, Nov 23 2018)
A new study from Juniper Research has found that annual online payment fraud losses from eCommerce, airline ticketing, money transfer and banking services, will reach $48 billion by 2023; up from the $22 billion in losses projected for 2018.

Facebook Privacy Documents Seized by Parliament (Infosecurity Magazine, Nov 26 2018)
Parliament invokes a rare legal mechanism to obtain internal Facebook documents.

EU Takes Down 33,600 Counterfeit Sites (Infosecurity Magazine, Nov 26 2018)
Joint efforts of global law enforcement result in seizure of sites selling fake products.

When the FBI rather than the fraudsters make the fake FedEx website (Graham Cluley, Nov 27 2018)
Fraudsters beware! The Feds are prepared to use your own tricks against you.

How to Find a Privacy Job That You’ll Love (& Why) (Dark Reading, Nov 27 2018)
Advice from a millennial woman who has done it: Find your niche and master your craft. You will be amazed at how significant your work will be.

Key reasons holding back MFA adoption by mainframe customers (Help Net Security, Nov 27 2018)
While 64 per cent of mainframers are aware that multi-factor authentication (MFA) is now available to control access to mainframe applications, only 20 per cent acknowledge their organization is already using it or plans to do so…

School district fails to reclaim $120,000 wired by bank to scammer (Graham Cluley, Nov 28 2018)
A school district in Indiana which had $120,000 transferred from its bank account after its email account was hacked, has failed in an attempt to reclaim the cash.

DriveSavers introduces the Passcode Lockout Data Recovery service for consumers (Help Net Security, Nov 28 2018)
The service is being offered to consumers who have forgotten device passwords, been locked out after too many incorrect attempts, and for those who need access to data stored on the device of a deceased family member.

Google’s “deceitful” location tracking is against the law, say 7 EU groups (Naked Security – Sophos, Nov 29 2018)
Seven European consumer organizations are planning to submit a complaint about Google’s location tracking activities to their data protection authorities.

Indian Police Break Up International Computer Virus Scam (SecurityWeek, Nov 29 2018)
Indian police said Thursday they have arrested nearly two dozen people on suspicion of defrauding people around the world by sending fake pop-up messages warning them that their computers were infected with a virus and offering to fix the problem at a price.

Dell Resets User Passwords Following Data Breach (SecurityWeek, Nov 29 2018)
Dell informed customers on Wednesday that the passwords for their Dell.com accounts have been reset after the company recently discovered unauthorized access on its network.