A Review of the Best News of the Week on Identity Management & Web Fraud

When Bank Communication is Indistinguishable from Phishing (Troy Hunt, Nov 19 2019)
There’s a supremely simple way of banks handling this situation and it was demonstrated by AMEX shortly after the St George incident when they called to verify an unusual credit card transaction. We did the “we want to verify you”, “no I want to verify you” dance after which they simply said, “turn over your card and call us on the number on the back”. How easy is that?!

Out of Season IRS Phishing Campaigns (Akamai, Nov 21 2019)
According to Akamai’s research, this campaign used at least 289 different domains and 832 URLs over 47 days. The same fake IRS login page was used in each instance. Moreover, according to Akamai’s visibility into global network traffic, the campaign targeted over 100,000 victims worldwide.

Most Americans feel powerless to prevent data collection, online tracking (Help Net Security, Nov 18 2019)
Most U.S. adults say that the potential risks they face because of data collection by companies (81%) and the government (66%) outweigh the benefits, but most (>80%) feel that they have little or no control over how these entities use their personal information, a recent Pew Research Center study on USA digital privacy attitudes has revealed.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Activists in Jumpsuits Are Scanning the Faces of DC Residents With Amazon Tech (VICE, Nov 14 2019)
“The action will show that facial recognition surveillance is dangerous both when algorithms work and when they don’t.”

Ticketmaster’s Anti-Scalping Technology Actually Helps Scalpers, Not Fans (VICE, Nov 18 2019)
Buying tickets on Ticketmaster continues to be a complete disaster for everyone who doesn’t make a living buying tickets.

Thousands of hacked Disney+ accounts are already for sale on hacking forums (ZDNet, Nov 18 2019)
Hackers began hijacking accounts hours after Disney+ launched earlier this week.

Google Restricts Data-Sharing for Ads Under Privacy Pressure (IT Pro, Nov 14 2019)
Google will no longer divulge information to participants in its ad auction about the type of content on a website or page where an ad could appear, the Alphabet Inc. company said in a blog post Thursday.

Ho Ho OUCH! There are 4x more fake retailer sites than real ones (Naked Security – Sophos, Nov 19 2019)
Beware, holiday shoppers! The phishers hiding under typosquatting domains are waiting for your keyboard fumbles.

It’s the user’s fault if a Ring camera violates your privacy, Amazon says (Ars Technica, Nov 20 2019)
The company’s answers to congressional questioning only earned it more questions

Anatomy of a BEC Scam (Dark Reading, Nov 21 2019)
A look at the characteristics of real-world business email compromise attacks – and what makes them tick.

Employee Privacy in a Mobile Workplace (Dark Reading, Nov 20 2019)
Why businesses need guidelines for managing their employees’ personal information — without compromising on security.