A Review of the Best News of the Week on Identity Management & Web Fraud

Lemonade Bragged It Uses AI to Detect Fraud. It Didn’t Go Well (VICE, May 26 2021)
Lemonade backtracked after suggesting it uses “non-verbal cues” like eye movements to reject claims. Its response raises more questions than answers.

USPS Reportedly Uses Clearview AI to Spy on Americans (Infosecurity Magazine, May 20 2021)
US Postal Service reportedly uses facial recognition tech to identify unknown targets in investigations

Millions of People’s Location Data Revealed a ‘Universal’ Pattern In Study (VICE, May 26 2021)
A team modeled recurring visits to various city locations using billions of mobile phone datapoints across four continents.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Facial Recognition Is Racist. Why Aren’t More Cities Banning It? (VICE, May 25 2021)
Pockets of cities and states around the United States have banned police use of facial recognition, but progress is slow.

Google Chrome Makes It Easier to Update Compromised Passwords (Dark Reading, May 19 2021)
A new capability will use Google’s Duplex technology to alert people when their passwords are compromised and help change them.

Can zero trust kill our need to talk about locations? (Help Net Security, May 24 2021)
As security professionals, we have acknowledged for over a decade that our data resides outside our network. Yet, we still talk about strategies for protecting the enterprise vs cloud infrastructure, or access management for branch offices vs remote workers. We need to stop talking about places and start focusing on a goal like location-agnostic access. Cybercriminals are focused on achieving access via compromised accounts. The 2020 Data Breach Investigations Report (DBIR) showed that over 80%…

Returning to the office? Time to reassess privileged access permissions (Help Net Security, May 24 2021)
As more of the population becomes vaccinated against COVID-19, organizations are preparing to return to the office. In the emerging hybrid environment, where employees can login from anywhere at any time, cybercriminals have an expanded attack surface and a variety of new vulnerabilities that they can exploit.

How data manipulation could be used to trick fraud detection algorithms on e-commerce sites (Help Net Security, May 24 2021)
As the marketing of almost every advanced cybersecurity product will tell you, artificial intelligence is already being used in many products and services that secure computing infrastructure. But you probably haven’t heard much about the need to secure the machine learning applications that are becoming increasingly widespread in the services you use day-to-day. Whether we recognize it or not, AI applications are already shaping our consciousness.

Michigan Man Admits Selling UPMC Employee Data (Infosecurity Magazine, May 24 2021)
A hacker from Michigan has admitted to stealing the sensitive data of more than 65,000 University of Pittsburgh Medical Center (UPMC) employees and selling it online.

#RSAC: The Lasting Impact of the COVID Pandemic on Privacy (Infosecurity Magazine, May 19 2021)
A year of lockdown, remote work and remote learning could well be the spark that helps to define a new era of user privacy, according to a panel of experts at the RSA Conference

Insider threat fundamentals and mitigation techniques (SC Media, May 21 2021)
The famous insider case where two General Electric employees were convicted and sent to prison for stealing trade secrets serves as a reminder of what can happen. Today’s columnist, David Balaban of Privacy-PC, offers insights on how to spot potential insider threats.

Ongoing Bitcoin Scams Demonstrate Power of Social Engineering Triggers (SecurityWeek, May 24 2021)
Bitcoin scams have soared over the last seven months. The surge started around October 2020, and the scams are continuing today.

How to Tell a Job Offer from an ID Theft Trap (Krebs on Security, May 21 2021)
One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true.

Bose Says Personal Information Compromised in Ransomware Attack (SecurityWeek, May 25 2021)
Bose Corporation last week started sending out breach notification letters to inform some individuals of personal data being compromised in a cyberattack identified on March 7.

Messaging Apps: The Latest Hotbed in the Fraud Ecosystem (Dark Reading, May 26 2021)
Telegram and other secure messaging apps have become a haven for professional criminals to wreak havoc and turn a profit.

Four proactive steps to make identity governance a business priority (Help Net Security, May 26 2021)
Securing digital identities is crucial to business success today, but far too often, it’s an afterthought. As such, identity governance shouldn’t be celebrated as a singular component of security, but rather a capability that should be woven into the data governance fabric of every organization. With the ability to safeguard information, facilitate compliance, and streamline work processes, it’s hard to believe identity governance is not a typical business priority.

Cyber-criminal Gang Targets Texas Unemployment System (Infosecurity Magazine, May 26 2021)
Scattered Canary shares 13-page tutorial on how to commit fraud via Texas Workforce Commission website

22 Americans Indicted Over Card-Skimming Scam (Infosecurity Magazine, May 26 2021)
Nearly two dozen individuals charged with purchasing and using payment cards stolen from national retail chain

Europe’s Top Human Rights Court Rules UK Mass Surveillance Illegal (Infosecurity Magazine, May 26 2021)
Case could pave way for challenges to Snooper’s Charter

EU Privacy Groups Set Sights on Facial Recognition Firm (SecurityWeek, May 27 2021)
Privacy organisations on Thursday complained to regulators in five European countries over the practices of Clearview AI, a company that has built a powerful facial recognition database using images “scraped” from the web.