A Review of the Best News of the Week on Identity Management & Web Fraud
The spy in your wallet: Credit cards have a privacy problem (WAPO, Aug 27 2019)
In our latest privacy experiment, we bought one banana with the new Apple Card — and another with the Amazon Prime Rewards Visa from Chase. Here’s who tracked, mined and shared our data.
Inside the Black Market for Bots That Buy Designer Clothes Before They Sell Out (VICE, Aug 26 2019)
Hacker finalphoenix kept getting beaten by bots buying designer clothes. So she built her own, but stumbled into a massive ecosystem of shady resellers.
Instagram phishing scam uses fake 2FA code to appear trustworthy (SC Magazine, Aug 27 2019)
Researchers recently spotted a sneaky phishing scam that uses a phony two-factor authentication request to trick email recipients into entering their Instagram login credentials. “Someone tried to log in to your Instagram account. If this wasn’t you, please use the following code to confirm your identity,” according to the fraudulent email.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
LinkedIn Details Features of Fight Against Fakes (Dark Reading, Aug 22 2019)
A recent blog post explains how the social network is fighting to protect its users from interactions with fake accounts.
Apple Apologizes for Listening to Siri Talk, Sets New Rules (SecurityWeek, Aug 28 2019)
Apple on Wednesday apologized for its digital assistant Siri sharing some of what it heard with quality control workers as it unveiled new rules for handling data from conversations.
The Uncanny Valley of Privacy (Gartner Blog Network, Aug 27 2019)
Robots look creepy if they look too much like a real person: That “creepiness” is referred to as the “uncanny valley” in the field of robotics. It describes how people perceive humanoid robots with extreme cognitive dissonance when the robot looks too much like a person. In short, the more a robot looks like your neighbor, the more creeped out you get.
Alaska is the Most Scammed State in America (Infosecurity Magazine, Aug 22 2019)
Based on victims per capita, Alaska has been named the most scammed state in America for the second year running.
Quick thinking by Portland Public Schools stops $2.9m BEC scam (Naked Security – Sophos, Aug 22 2019)
Employees at Portland Public Schools were breathing easier this week after thwarting a business email compromise (BEC) scam that could have cost them almost $3m.
U.S. Charges 80 in Massive Online Fraud Scheme (SecurityWeek, Aug 23 2019)
The United States Department of Justice this week unsealed an indictment that charges 80 defendants, most of them Nigerians, for their roles in a massive fraud and money laundering scheme.
IRS Alerts Taxpayers to New Email Scam (Dark Reading, Aug 26 2019)
A spoofed IRS.gov link leads victims to a fraudulent Web page where they are prompted to download malware.
80 Charged in Massive BEC Operation Bust (Dark Reading, Aug 23 2019)
A group of mostly Nigerian nationals attempted to steal $46 million through business email compromise and romance scams, the FBI reports.
How to evaluate a password management solution for business (Help Net Security, Aug 26 2019)
Password managers are one of the most powerful defenses against breaches, which can cause massive damage and be incredibly expensive to mitigate. According to the Ponemon Institutes’ 2019 Password and Authentication Security Behaviors Report, 51% of respondents experienced a phishing attack in their personal life and 44% experienced a phishing attack while at work.
Over Half of Social Media Logins Are Fraudulent (Infosecurity Magazine, Aug 26 2019)
An Arkose Labs study finds that 53% of all login traffic on social media sites is fraudulent.
Google defends tracking cookies—some experts aren’t buying it (Ars Technica, Aug 26 2019)
Google’s Chrome team is feeling pressure from competitors over ad tracking. Apple has long offered industry-leading protection against tracking cookies, while Mozilla recently announced that Firefox will begin blocking tracking cookies by default. Microsoft has been experimenting with tracking protection features in Edge, too. But Google has a problem: it makes most of its money selling ads.
A look at the global network access control market (Help Net Security, Aug 26 2019)
The network access market reached a valuation of ~ $953 million in 2018, according to Fact.MR. The continuous evolution of information security parameters is likely to warrant new opportunities for companies active in the network access control market.
Court squeezes $1 million back from convicted phisher (Naked Security – Sophos, Aug 27 2019)
Prolific phishing scammer Grant West has been sentenced to 10 years, 8 months, and reimbursement for victims.
Thailand to introduce 15 million high-security e-passports (Help Net Security, Aug 27 2019)
the Ministry of Foreign Affairs (MOFA) of Thailand will provide 15 million technically-advanced, high-security e-passports to Thai citizens thanks to the DGM Consortium, which includes Gemalto, a Thales Company, Data Products Toppan Forms Ltd., and MultiCert. The Thai E-passport project is the largest passport project contracted for the Group in 2019.
Microsoft may still be violating privacy rules, says Dutch regulator (Naked Security – Sophos, Aug 29 2019)
EU data watchdogs are yet again sniffing at Windows 10.
Venmo Is Still Exposing Your Connections to Everyone You Know (VICE, Aug 28 2019)
The EFF and Mozilla published an open letter today urging Venmo parent company PayPal to fix the app’s privacy holes.