A Review of the Best News of the Week on Identity Management & Web Fraud

Apple to Tighten App Privacy, Remove Apps That Don’t Comply (SecurityWeek, Dec 08 2020)
Apple is stepping up privacy for app users, forcing developers to be more transparent about data collection and warning they could be removed if they don’t comply with a new anti-tracking measure, a company executive and regulators said Tuesday.

Food bank loses nearly $1,000,000 in Business Email Compromise scam (Graham Cluley, Dec 05 2020)
A food bank in Philadelphia has ended up out of pocket after scammers successfully tricked it out of almost one million dollars.

Feds logged website visitors in 2019, citing Patriot Act authority (Ars Technica, Dec 04 2020)
Privacy-minded lawmakers want feds to have to get warrants for web browsing data.


Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


US Officials Take Action Against 2,300 Money Mules (Dark Reading, Dec 03 2020)
Eight federal law enforcement agencies participated in the Money Mule Initiative, a global crackdown on money laundering.

Tech CEO Pleads Guilty to Investment Fraud (Infosecurity Magazine, Dec 04 2020)
CEO of US tech startup Trustify pleads guilty to multi-million-dollar investment scam

The DEA Abruptly Cut Off Its App Location Data Contract (VICE, Dec 07 2020)
The DEA cancelled its contract with Venntel, which obtains granular location data from ordinary apps and sells access to law enforcement agencies.

IRS to Make ID Protection PIN Open to All (Krebs on Security, Dec 04 2020)
“The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who’ve experienced tax refund fraud in previous years.”

Canadian Police Are Quietly Building a System to Intercept Private Messages (VICE, Dec 08 2020)
The Provincial Lawful Access Common Environment (PLACE) is set to be up and running by 2022, according to police documents.

Holiday shopping season fraud stats revealed (Help Net Security, Dec 04 2020)
There’s a 1% decrease in suspected online retail fraud worldwide during the start of the 2020 holiday shopping season compared to the same period in 2019, a 59% increase from the same period in 2018 and a 14% increase from all of 2020 so far, TransUnion research reveals. Holiday shopping season fraud stats

Bank Employee Sells Personal Data of 200,000 Clients (Infosecurity Magazine, Dec 03 2020)
South African bank says credit analyst sold personal information of clients to third parties

Achieving digital transformation by overcoming identity fatigue (Help Net Security, Dec 08 2020)
Conversations about digital transformation (DX) are so frequent and pervasive that we tend to lose track of how incomplete they can be. You might think that DX only concerns the Internet of Things (IoT), big data, and application programming interfaces (APIs). It is certainly about those things, but there is a lot more to DX.

One in Five Online Marketplace Listings Show Signs of Fraud (Infosecurity Magazine, Dec 08 2020)
19% of items listed over Black Friday and Cyber Monday showed signs of being fraudulent or dangerous

Vishing criminals let rip with two scams at once (Naked Security – Sophos, Dec 08 2020)
It would be funny if it weren’t a crime.

Beyond Identity Raises $75 Million to Expand Passwordless Identity Platform (SecurityWeek, Dec 08 2020)
Beyond Identity, a security startup on a quest to eliminate passwords, today announced a $75 million Series B funding round, bringing the total investment in the company to $105 million. 

Russian Sentenced to French Prison for Bitcoin Laundering (SecurityWeek, Dec 07 2020)
A Russian bitcoin expert at the center of a multi-country legal tussle was sentenced in Paris on Monday to five years in prison for money laundering and ordered to pay 100,000 euros (more than $120,000) in fines in a case of suspected cryptocurrency fraud.

Recruitment giant Randstad hit by ransomware, sensitive data stolen (Graham Cluley, Dec 07 2020)
One of the world’s leading recruitment agencies has found itself the victim of ransomware. In a statement published on Thursday last week

Researchers expose the stress levels of workers at different job positions (Help Net Security, Dec 09 2020)
A Unify Square survey unveils key perspectives of enterprise employees on workplace collaboration and communication in the midst of the global pandemic. Findings highlight gaps in stress levels between workers at different job levels and industries and how increased usage of collaboration and UC applications has impacted the success of internal communication at enterprises.

Unsophisticated fraud attacks increase, first-time fraudsters more prevalent (Help Net Security, Dec 09 2020)
The risk of identity fraud has increased significantly with attacks occurring more frequently since the start of the pandemic, Onfido reveals. Over the past 12 months, the average identity document (ID) fraud rate increased by 41% over the previous year as first-time fraudsters appear to be more prevalent, likely due to increased economic hardships during the pandemic. The average ID fraud rate reached 5.8% – up from 4.1% the previous year (Oct 2018-2019).

Terms of Use: User Privacy and the Algorithms Behind Social Media (SecurityWeek, Dec 09 2020)
At What Point do “Likes” and “Dislikes” Also Become Personal Information Along With the Rest of Our Digital Footprints?