A Review of the Best News of the Week on Identity Management & Web Fraud

Facebook Privacy Overhaul Following Fine (Infosecurity Magazine, Jul 25 2019)
In a blog post on Wednesday, general counsel Colin Stretch outlined the steps Facebook is taking to build a security and privacy-by-design culture “on a different scale than anything we’ve done in the past” – with transparency and accountability front-and-center.

Worried About Insider Threats? Here’s How You Build an Effective Insider Threat Program (PingTalk, Jul 24 2019)
Here are the top 5 things you need to know when developing your own insider threat program.

Stock Trading Firm Robinhood Stored User Passwords in Plaintext (SecurityWeek, Jul 25 2019)
Robinhood, a California-based financial services company that provides a popular commission-free stock trading app, informed some users that their passwords were stored in plaintext.

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Nigerian scammers slide into DMs, so Ars trolls them (Ars Technica, Jul 18 2019)
Romance scams persist, somehow, by preying on the gullible; Twitter is fertile ground.

Mobile ID schemes lead over digital identity cards (Help Net Security, Jul 19 2019)
Governments typically provided such cards, which many people in more developed countries have previously rejected. Juniper Research anticipates that markets across Europe and North America will be led by the financial services sector and digital driving licences, rather than formal government identification.

BEC Scams Cost US Firms $300m Each Month (Infosecurity Magazine, Jul 18 2019)
US government stats reveal soaring number of victims

Firefox to pile on more native privacy features (Naked Security – Sophos, Jul 19 2019)
Mozilla is integrating its Lockwise password manager directly into the browser and expanding its support for the Have I Been Pwned website.

Identity Theft on the Job Market (Schneier on Security, Jul 18 2019)
Identity theft is getting more subtle: “My job application was withdrawn by someone pretending to be me”

Stop facial recognition trials now, warns UK committee (Naked Security – Sophos, Jul 22 2019)
The UK government should suspend trials of automatic facial recognition systems until it can meet regulators’ concerns about the technology, according to a report released Friday.

Business Email Compromise: Thinking Beyond Wire Transfers (Dark Reading, Jul 23 2019)
As BEC continues to drive record-high losses, cybercriminals devise new tactics for swindling corporate targets out of millions.

Russia Attempted to De-Anonymize Tor Browser: Report (Dark Reading, Jul 23 2019)
An attempt to crack Tor was one of many projects hackers discovered when they broke into Russian intelligence contractor SyTech.

SharePoint Online scam – sadly, phishing’s not dead (Naked Security – Sophos, Jul 23 2019)
Not all phishes contain easily spotted errors or obviously dodgy web links – here’s how to stay safe…

BEC Scammers Turn to Aging Reports in New Twist (Infosecurity Magazine, Jul 24 2019)
Fraudsters obtain list of customers who owe money, says Agari

What Call Center Fraud Can Teach Us about Insider Threats (Infosec Island, Jul 22 2019)
Detecting and preventing call center fraud embodies many of the same challenges associated with fighting insider threats.

You can probably be identified from your anonymized data (Naked Security – Sophos, Jul 25 2019)
The idea of de-identifying data has been around for a while. However, a study published this week asserts that it’s even easier to re-identify information than we first thought.

Biometrics: Dismantling the Myths Surrounding Facial Recognition (SecurityWeek, Jul 18 2019)
Biometric Authentication is No Longer Just the Stuff of Spy Movies or Reserved for Military-Grade Installations

Scams use false alerts to target Office 365 users, admins (SC Magazine, Jul 23 2019)
Malicious actors have recently been targeting Microsoft Office 365 users in two separate scams – one that distributes the TrickBot information-stealing trojan via a fake website and a phishing campaign that sends fake alerts with the intent to take over the accounts of email domain administrators.

Every minute, $2.9 million is lost to cybercrime (Help Net Security, Jul 25 2019)
$1,930: the cost of hacks on cryptocurrency exchanges every minute
$17,700: lost from phishing attacks per minute
$22,184: the projected by-the-minute cost of global ransomware events in 2019
8,100: identifier records compromised every minute
7: malicious redirectors detected each minute
2.4: phish traversing the internet per minute
0.32: blacklisted apps by-the-minute
0.21: Magecart attacks detected every minute

New York City moves to protect citizens’ location data (Naked Security – Sophos, Jul 25 2019)
New York City is considering a law that could stop cellphone carriers and smartphone app vendors from selling their location data.

Why Federation Is Your Secret Weapon for Enterprise (Auth0 Blog, Jul 18 2019)
Enable your upmarket strategy with the right technical infrastructure