A Review of the Best News of the Week on Identity Management & Web Fraud

FBI: Business Email Compromise Cost Businesses $1.7B in 2019 (Dark Reading, Feb 12 2020)
BEC attacks comprised nearly half of cybercrime losses last year, which totaled $3.5 billion overall as Internet-enabled crimes ramped up.

How Big Companies Spy on Your Emails (VICE, Feb 10 2020)
Multiple confidential documents obtained by Motherboard show the sort of companies that want to buy data derived from scraping the contents of your email inbox.

Japan’s Lost-and-Found System Is Insanely Good (CityLab, Feb 11 2020)
If you misplace your phone or wallet in Tokyo, chances are very good that you’ll get it back. Here’s why.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Unique Illinois Privacy Law Leads to $550M Facebook Deal (SecurityWeek, Feb 10 2020)
Adam Pezen, Carlo Licata and Nimesh Patel are among millions of people who have been tagged in Facebook photos at some point in the past decade, sometimes at the suggestion of an automated tagging feature powered by facial recognition technology.

BioCatch acquires AimBrain to secure market position and accelerate growth (Help Net Security, Feb 11 2020)
AimBrain’s platform combines several distinct methods to detect potential fraud, including behavioral biometrics, anomaly detection and other biometric modalities, to support various use cases in the digital identity lifecycle, including step-up user authentication to comply with KYC, AML, PSD2 and other regulatory requirements.

Avast Under Investigation by Czech Privacy Agency (Dark Reading, Feb 12 2020)
The software security maker is suspected of selling data about more than 100 million users to companies including Google, Microsoft, and Home Depot.

Great Britain at Odds over Police Use of Facial Recognition Technology (Infosecurity Magazine, Feb 12 2020)
No consensus over police use of live facial recognition technology in Great Britain

Apple Joins FIDO Alliance (SecurityWeek, Feb 12 2020)
Apple has joined the FIDO Alliance, an organization that aims to help reduce the use of passwords by providing free and open authentication standards.

This App Automatically Cancels and Sues Robocallers (VICE, Feb 12 2020)
It’s the newest offering from consumer advocacy group DoNotPay.

FBI director warns of sustained Russian disinformation threat (Naked Security – Sophos, Feb 10 2020)
Russia is still using social media in a sustained campaign to dabble in US affairs, according to FBI director Chris Wray.

Cybercrooks busted for multimillion-dollar identity fraud (Naked Security – Sophos, Feb 07 2020)
Organizations were attacked for employees’ data, including names, addresses and birthdates used to set up hundreds of bank accounts.

CCPA and GDPR: The Data Center Pitfalls of the ‘Right to be Forgotten’ (Dark Reading, Feb 07 2020)
Compliance with the new privacy rules doesn’t always fall on data center managers, but when it does, it’s more difficult than it may sound.

Facial-recognition tech questioned, defended at House committee hearing (SC Media, Feb 07 2020)
The controversy over usage of facial recognition technology took center stage last week in Washington, D.C., as the House of Representatives’ Homeland Security Committee held a two-hour hearing, as opponents in the debate decry its racial bias and federal government’s quick rollout at U.S. airports without fully testing or acknowledging proven shortcomings.

Tips for a Smarter Approach to Password Policy (SecurityWeek, Feb 10 2020)
In many cases, passwords are the primary line of defense protecting user accounts from being hijacked in an account takeover (ATO) attack. With the right policies and parameters in place to ensure strong, unique passwords, this defense can be quite effective. That being said, as we all know, passwords are highly susceptible to human fallibility.

Apple’s Tracking-Prevention Feature in Safari has a Privacy Bug (Schneier on Security, Feb 10 2020)
Last month, engineers at Google published a very curious privacy bug in Apple’s Safari web browser. Apple’s Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking. Some details: ITP detects and blocks tracking on the web. When you visit a few websites that happen to load the same third-party resource, ITP detects…

Macs See More Adware, Unwanted Apps Than PCs (Dark Reading, Feb 11 2020)
The latest data from Malwarebytes show the average Mac sees almost twice as many bad apps as Windows systems, but actual malware continues to be scarce.

The rise of human-driven fraud attacks (Help Net Security, Feb 11 2020)
There has been a major spike in human-driven attacks – which rose 90% compared to six months previously, according to Arkose Labs. Changing attack patterns were felt across geographies and industries, at a time of the year when digital commerce was at its peak. In Q4 of 2019, advanced, multi-step attacks attempting to evade fraud defenses using a blend of automated and human-driven attacks have been detected.

Credential exposure report: Poor password habits still pose a serious threat (Help Net Security, Feb 12 2020)
9,050,064,764 credentials have been recovered throughout 2019 which came from a total of 640 unique data breaches and include email addresses connected to plaintext passwords and usernames with plaintext passwords, SpyCloud reveals.