A Review of the Best News of the Week on Identity Management & Web Fraud

Feeling Safe in the Surveillance State (The New York Times, Apr 13 2019)
In China, where facial recognition cameras are celebrated as a national triumph, many citizens convince themselves that everywhere else is filled with danger.

‘Land Lordz’ Service Powers Airbnb Scams (Krebs on Security, Apr 14 2019)
“Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “Land Lordz,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings.”

How password-less security benefits helpdesks (Help Net Security, Apr 12 2019)
Ask any helpdesk team lead about the most frequent requests from employees, and password resets will rank highest. Forrester Research determined that large organizations spend up to $1 million per year on staffing and infrastructure to handle password resets alone.


Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.


Tax Hacks: How Seasonal Scams Cause Yearlong Problems (Dark Reading, Apr 11 2019)
Tax season is marked with malware campaigns, tax fraud, and identity theft, with money and data flowing through an underground economy.

Big Tech Lobbying Gutted a Bill That Would Ban Recording You Without Consent (Motherboard, Apr 12 2019)
The Illinois Keep Internet Devices Safe Act would have empowered average people to sue big companies for recording them without consent, but industry association lobbying defanged it.

Massive SIM swap fraud leaves traditional 2FA users at risk (SC Magazine, Apr 11 2019)
There are a few ways to combat this threat as researchers pointed out that in Mozambique where mobile operators made a platform available to the banks on a private API that flags up if there was a SIM swap involving a specific mobile number associated with a bank account over a predefined period in which the bank decides how to act on the alert.

Bayrob malware gang convicted of infecting over 400,000 computers worldwide, stealing millions through online auction fraud (Graham Cluley, Apr 12 2019)
A US court has convicted two Romanian hackers belonging to the Bayrob malware gang after they infected over 400,000 computers around the world, and stole millions of dollars.

A quarter of phishing emails bypass Office 365 security (Help Net Security, Apr 12 2019)
30.3% of phishing emails sent to organizations using Office 365 Exchange Online Protection (EOP) were delivered to the inbox.

Who are the biggest targets of credential stuffing attacks? (Help Net Security, Apr 12 2019)
Media organizations, gaming companies, and the entertainment industry are among the biggest targets of credential stuffing attacks, in which malicious actors tap automated tools to use stolen login information to attempt to gain access to user accounts on other online sites, on the assumption that consumers use the same login and password for multiple services.

Pregnancy Club Fined £400K After Illegally Sharing Data on Millions (Infosecurity Magazine, Apr 15 2019)
UK firm Bounty lucky to escape with pre-GDPR penalty

‘Nasty List’ Phishing Scam Targets Instagram Users (Infosecurity Magazine, Apr 15 2019)
Direct messages are spammed out from hijacked accounts

How To Make Your Amazon Echo and Google Home as Private as Possible (Wired, Apr 11 2019)
With news that Amazon lets human employees listen to Alexa recordings, you might want to tighten up your smart assistant ship.

Benefiting from Data Privacy Investments (Dark Reading, Apr 16 2019)
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.

TSB Offers to Cover APP Fraud Losses (Infosecurity Magazine, Apr 16 2019)
Lender hopes to blaze a trail as authorized push payment scams increase

Google’s location history data shared routinely with police (Naked Security – Sophos, Apr 16 2019)
Law enforcement officials in the US have been routinely mining Google’s location history data for criminal investigations.

Blue Cross of Idaho Hacked, Some Member Information Accessed (SecurityWeek, Apr 16 2019)
One of Idaho’s largest insurance companies said Friday that someone hacked its website and obtained access to the personal information of about 5,600 customers, including their names, claim payment information and codes indicating medical procedures they may have undergone.

Simplifying identity and access management of your employees, partners, and customers (Google Cloud Blog, Apr 10 2019)
“…we’re announcing five new ways to help you adopt the BeyondCorp security model and improve IT, developer, and end-user efficiency:
– Context-aware access enhancements, including the launch of BeyondCorp Alliance.
– Security key built into your Android phone—one of the strongest defenses against phishing now available through the convenience of your phone.
– -Cloud Identity enhancements, including single sign-on to thousands of additional apps and integration with human resource management systems (HRMS).
– General availability of Identity Platform, which you can use to add identity management functionality to your own apps and services.
– Availability of Managed Service for Microsoft Active Directory for select customers.”

The California Consumer Privacy Act: Consumer Privacy Ripple Effect? (IT Pro, Apr 16 2019)
The California Consumer Privacy Act appears to be inspiring other states and instilling trepidation in tech firms.