A Review of the Best News of the Week on Identity Management & Web Fraud

Are You One of the 533M People Who Got Facebooked? (Krebs on Security, Apr 06 2021)
“Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Meanwhile, if you’re a Facebook product user and want to learn if your data was leaked, there are easy ways to find out.”

How Apple’s new App Tracking Transparency policy works (Ars Technica, Apr 07 2021)
Paper covers IDFA alternatives, rules for Apple’s own apps, and more.

As online fraud rises, 72% of retail brands expect to grow fraud teams (Help Net Security, Apr 04 2021)
Retailers around the world are increasing their fraud teams and budgets because of a significant rise in all types of online fraud during the pandemic, a research by Ravelin finds. 72% of retail brands around the world expect to grow fraud teams in the next year, while 76% predict their budget to tackle fraud will increase in the next 12 months — with 20% expecting a “significant” increase.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

College Students Targeted in Newest IRS Scam (Dark Reading, Mar 31 2021)
The Internal Revenue Service warns of fraudulent emails sent to .edu addresses.

The impact of the CCPA on companies’ privacy practices (Help Net Security, Apr 05 2021)
A new DataGrail report examined how millions of California consumers are exercising their privacy rights – to access their data, delete their data, and stop the sale of their data to a third-party – according to the CCPA, which went into effect on January 1, 2020.

The authentication and brand protection market to reach $3.7 billion by 2026 (Help Net Security, Apr 01 2021)
The authentication and brand protection market is projected to grow from $2.5 billion in 2021 to $3.7 billion by 2026, growing at a CAGR of 8.3%from 2021 to 2026, according to MarketsandMarkets. The key factors fueling the growth of the market include increasing focus on safeguarding product and brand integrity, and stringent anti-counterfeiting laws and regulations enforced by governments

Enterprises Remain Riddled With Overprivileged Users — and Attackers Know It (Dark Reading, Apr 01 2021)
Attackers commonly focus on finding users with too much privileged access as their ticket to network compromise. What can companies do?

Half of Global Retailers See Account Takeovers Surge (Infosecurity Magazine, Apr 01 2021)
Ravelin study finds most are increasing fraud budgets this year

Protecting employees from job offer scams can lead to awkward but important conversations (SC Media, Apr 01 2021)
Employees who are successfully phished with a job offer likely won’t report the incident to their employer, expert says.

Websites of EU Mobile Providers Fail to Properly Secure User Data: Report (SecurityWeek, Mar 31 2021)
Sensitive data pertaining to the customers of top mobile services providers in the European Union is at risk of compromise due to improperly secured websites, data security and privacy firm Tala reveals.

NFT Thefts Reveal Security Risks in Coupling Private Keys & Digital Assets (Dark Reading, Apr 06 2021)
Compromised NFT accounts highlight security concerns inherent in the design of centralized systems.

Google illegally tracking Android users, according to new complaint (Ars Technica, Apr 07 2021)
Activist alleges use of tracking identifiers without user consent breaches EU law.

Privacy Concerns Raised Over Scotland’s New #COVID19 Check-In App (Infosecurity Magazine, Apr 07 2021)
Check In Scotland uploads and stores venue check-in data to a centralized database

Cybercriminals are using Telegram bots, Google Forms to gather stolen user data (Help Net Security, Apr 08 2021)
Cybercriminals are increasingly using legitimate services such as Google Forms and Telegram to gather user data stolen on phishing websites. Alternative ways to collect data help cybercriminals keep it safe and start using the information immediately, says Group-IB. In addition, ready-to-go platforms that automate phishing and which are available on the darknet also have Telegram bots at their core

Fraudulent purchase attempts value increased 69% in 2020 (Help Net Security, Apr 08 2021)
The average value of fraudulent purchase attempts increased 69% in 2020, a recent Sift report reveals. Also, several business categories were hit by both major increases in attempted fraud rates and increases in the value of those fraudulent purchases, with lodging merchants, omnichannel retailers, digital wallets, and professional marketplace companies becoming targets for online theft amid the COVID-19 pandemic.

Stimulus Stimulates Unemployment Scams (Infosecurity Magazine, Apr 08 2021)
Suspicious unemployment-related emails up 50% in US since late February

Online Fraud in the UK Up 179% in the Last Decade (Infosecurity Magazine, Apr 08 2021)
UK has been more heavily impacted by online fraud than any other country in Europe

Belden Says Health-Related Information Exposed in Data Breach (SecurityWeek, Apr 08 2021)
Specialty networking solutions provider Belden on Wednesday shared an update on the data breach disclosed in November 2020, and said health-related information was also exposed.

$38 million worth of gift cards stolen and sold on dark web (WeLiveSecurity, Apr 07 2021)
Easy to redeem and hard to trace, gift cards remain a hot commodity in the criminal underground