KFM Word Template



MyIDMatters Contentfor Issue 39, Q1 20191. Anonymous Data Isn’t Always Anonymous (Privacy)An acquaintance recently mentioned to me that she was going to get a DNA report from one of the big DNA testing companies. Because I knew that Forbes reported that “many genetic-testing companies are actively selling user data to outside parties,” including pharmaceutical companies and others, I suggested that she should carefully read all of the privacy policies and not simply agree to the defaults in order to limit the distribution of this most personal information. Her response? “Well, they say my name won’t be associated with it, so I don’t see a problem. It’s anonymous.” But not having your name attached to data doesn’t mean that it cannot be associated with you.Investopedia defines de-anonymization?as “the technique?in data mining that re-identifies encrypted or generalized information. De-anonymization, also referred to?as data re-identification, cross-references anonymized information with other available data in order to identify a person, group, or transaction.” That means that even though a piece of data is anonymous, when combined with other available data it often can be matched to a specific person.In fact, there are so many databases containing information about us that it is relatively easy for interested parties (including marketing firms) to cross-reference data in order to de-anonymize everything from location data to credit card usage to celebrity tipping habits to, yes, DNA test results. Those DNA results can reveal genetic markers that indicate an increased risk of developing a disease, such as Alzheimer’s. That information could then be used against the person in question, perhaps to deny employment or insurance coverage or to smear a political opponent.In 1996 the Massachusetts Group Insurance Commission released anonymized data regarding hospital visits of state employees. Governor William Weld assured the public that the patients’ privacy was protected by the removal of obvious identifying data. However, researcher Latanya Sweeney was able to find Weld in the database with a few pieces of publicly available information. She made her point by sending his medical records to his office. Since that time, “big data” has only gotten bigger and has made it even easier to connect names to so-called anonymous data. Wired gives these examples: “Google, with its database of users' internet searches, could easily de-anonymize a public database of internet purchases, or zero in on searches of medical terms to de-anonymize a public health database. Merchants who maintain detailed customer and purchase information could use their data to partially de-anonymize any large search engine's data, if it were released in an anonymized form. A data broker holding databases of several companies might be able to de-anonymize most of the records in those databases.”The things you post on Facebook, your Google searches, your credit card purchases and a number of other pieces of information that are innocuous on their own can be merged to form a detailed picture of your life. Keep that in mind when you are told your data will be anonymous.2. Cardless ATM Fraud (Scams)Cardless ATMs allow customers to access bank accounts using their phones instead of a card. These transactions are not only faster than those requiring a card, they are generally more secure. They eliminate the risk of scammers getting your card data with skimmers and they use the security features of your phone (such as fingerprint scanners and facial recognition) to secure your account. However, cardless ATMs cannot control the greatest security danger of all: the user. How do cardless ATM transactions work? The customer opens the banking app on their smartphone and generates a code. After punching the code in at the ATM, scanning the code or tapping the phone against a sensor, they get their cash. It is more convenient for thecustomer because they don’t have to carry a card and remember a PIN and, because customers are not swiping their ATM cards, the risk of card data being stolen by a skimmer is eliminated. But they are not without risk. If they get your login credentials fraudsters can register a mobile phone that they own to your account, then use it to make withdrawals.In May 2018 Fifth Third Bank began hearing from customers that they were receiving text messages informing them their accounts were locked and directing them to a phishing site where they were asked to enter their account credentials. Enough bank customers complied that the scammers were able to withdraw a total of more than $100,000 from 125 accounts.Al Pascual, head of fraud and security at Javelin Strategy and Research, points out that, “When banks offer a new way to move money, it’s a clarion call for criminals to punch giant holes through it.” He recommends that there should be low limits on the amount of cash that can be withdrawn by a newly-registered phone number and that banks add more steps to verify the user’s identity when they add a mobile phone number to an account. He also suggests that when a new number is added, an alert should go out to all other devices related to that account. You can avoid cardless ATM fraud by keeping banking credentials secret and not responding to texts or emails directing you to follow a link to verify or modify your account information. Enable two-factor authentication on your banking accounts, and turn on email alerts so that you are notified about every ATM transaction.3. Are Wi-Fi Freeloaders Threatening Your Security? (Privacy)Fans of “The Big Bang Theory” may recall this exchange in an episode from a few years ago:Penny: Hey, Sheldon, did you change your Wi-Fi password again?Sheldon: Yes, it's "Penny, get your own Wi-Fi." No spaces.The sitcom played it for laughs, but is it really funny to have neighbors and even strangers using your Wi-Fi? There are many downsides to others using your network. Not only can they slow your connection speed, they may have access to your devices and files. And depending on where they go on the Internet (e.g., child porn or terrorist sites) they could get you in trouble with law enforcement. You may not be aware if someone is hijacking your Wi-Fi, but there are a few ways to find out. One way is to log in to your router and see what devices are listed as attached to your network. If you see device names you do not recognize you may have unauthorized users. Keep in mind that you may have more Internet-connected devices than you realize. In addition to computers, tablets and televisions, you may have any number of household devices such as a thermostat, security system, lights and more. Another method to see who is connected is to download and use one of the available apps.Whether or not you find someone currently using your Wi-Fi without permission, it is a good idea to lock it down securely. Here are some tips to protect your network from prying eyes.The first (and best) thing to do is what Sheldon did: Change your password. Changing the password will automatically kick all devices off the network, so you will have to reconnect them using the new password. Then, unlike Sheldon, don’t give your new password to anyone. Set up a guest network to give visitors access to your home network with limited permissions. They won’t have your password and if they download malware or connect an infected device, your devices won’t be affected. Check your router’s documentation to see if it offers this capability.Disable Wi-Fi Protected Setup (WPS). WPS makes connecting a device to your network as easy as pressing a button. Although it is slightly harder to connect if you are a hacker without access to the button, WPS is not secure and can easily be hacked.Disable File and Printer Sharing in Windows. If someone does access your network, you do not want them to discover all of your files and devices.Stop your router from broadcasting your SSID. By default, your router broadcasts its name (the SSID), such as “Smith Family Network.” Turning this off won’t stop a determined hacker from finding your network, but your neighbor looking to use someone’s Wi-Fi probably won’t find it. If you allow your router to broadcast your SSID, give it a name that doesn’t make it obvious whose network it is (e.g., James Johnson Family) or the make of your router (e.g., Netgear4750).Although nothing is completely secure, these steps will help to keep your network safe from both hackers and freeloaders.4. Social Security Scams (Scams)The caller ID says that the Social Security Administration (SSA) is calling. The number displayed matches the toll-free number of the SSA, (800) 772-1213.When you pick up the phone you hear a recorded voice telling you that your Social Security number (SSN) has been suspended because it was involved in criminal activity.Fortunately, or so it seems, the recorded caller has the solution. Just call back and he will assist you. And if you don’t call? “We will have to issue an arrest warrant under your name and haveyou arrested.”Spoiler alert: You will not be arrested if you do not call. So what happens if you do call? The scammers may attempt to get you to reveal your SSN, banking information or other personal data or they may demand that you purchase gift cards and send them the codes.In 2018 more than 35,000 people reported these scam calls to the Federal Trade Commission.Victims reported losing more than $10 million to the scammers. To avoid falling victim to these scams, follow this advice from the Federal Trade Commission:The SSA will never call and ask for your SSN. They won’t ask you to pay anything and they will not call to threaten to stop your benefits. Just hang up and ignore the scammer.Even though the caller ID may show the real number for the SSN, it is easy to spoof caller ID and make any number show up there. Never give out personal information, such as your SSN (or even the last four digits), bank account number or credit card number to anyone who contacts you to ask for it.Anyone who tells you to wire money, buy gift cards and send the PINs or send cash is a scammer. Always. Do not do what they ask.If you get one of these calls, report it to the FTC.5. Have I Been Hacked? (Crimeware)Something isn’t right. Your computer is running much slower than usual. Your browser directs you to websites you didn’t choose to go to. Pop-ups are warning you that your system is infected, or that your system is locked and you have to pay a ransom to get to your files. These are all signs that you may have been hacked.One of the most important ways to protect yourself from hackers is to keep your computer backups current. That way, if you are the target of a ransomware attack or your system is corrupted by malware, you don’t lose your data.If you are seeing signs that you may have been hacked, immediately stop using the computer to access sensitive information, such as bank accounts. The exact steps you should take next depend on the signs of infection you are seeing. This guide from Malwarebytes is a good place to start.Remove CDs, DVDs and USB drives, then shut down the computer. Restart in Safe Mode. This may stop malware from reloading.Back up your data files if you do not have current backups. Do not back up your program files, as they may be infected. You can download the programs again if a reinstall is necessary.Download and run a reliable malware scanning program. Restart your computer and run a full scan with a different malware scanning program. Different programs will often get different results. It is like getting a second opinion from a doctor.Update your operating system, browser and applications. Out-of-date software may be vulnerable to hackers and malware.Reset all of your passwords. While you were infected, bad guys may have grabbed your passwords. Change all of them to strong, secure passwords.When people talk about being hacked, they usually are thinking of their computer being invaded by malware or other malicious actions by the bad guys. The information above can help if you believe your computer has been hacked. In addition, your online accounts can be hacked. Hackers may access your accounts for Gmail, Microsoft Outlook, Yahoo, Twitter, Facebook, Instagram and other online services. These hacks may or may not be related to a hack of your computer. This article on can help to identify and repair these account hacks.6. “Seeing” Through Walls with Wi-Fi (Privacy)Forget about those x-ray specs that used to be advertised in magazines. Researchers have now found a way to “see” through walls using Wi-Fi.Although you can’t see Wi-Fi signals, researchers at the University of California, Santa Barbara have used ambient Wi-Fi signals and an ordinary smartphone to see and take photos through walls. These are not detailed photographs of people and objects, but they capture shadows, reflections and movements. They can also show the presence or absence of people, allowing users of the technology to determine if a building is occupied or not, and where in the building the people are. Researchers at the Massachusetts Institute ofTechnology (MIT) have gone even further. They are using Wi-Fi and Artificial Intelligence (AI) to track specific positions and movements. In their images, people show up as stick figures. This is still not the same as detailed photographs, but it is an improvement over the former blob-like images. To do this, researchers used AI to interpret the way radio Wi-Fi signals bounce off a person’s body and match it to the movement of 14 key points on the body, including the head, elbows and knees.Dina Katabi, a professor at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL), explains it this way: “Let’s say the police want to use such a device to see behind a wall. It’s very important to know if somebody is standing in a position that indicates they are holding a weapon, for example. All of that you can’t do with just a blob.”This technology clearly has applications in law enforcement, and it could also be used in interactive gaming. However, the researchers are focusing on healthcare applications, especially for diseases like Parkinson’s, Alzheimer’s and Multiple Sclerosis. They have been working with experts in the treatment of each of those diseases, who say that being able to monitor a patient’s daily movements and gait with precision would provide doctors much more information than they can get from a short office visit.Of course, with any technology that allows law enforcement and others to see through walls, there are concerns about privacy. This is especially true because this surveillance method does not even require the spying party to install any device in the area being watched. They can simply pick up on the Wi-Fi signals already present to observe a home or public area.Although this capability has so far been confined to the lab, the MIT team is working on a version of the technology that can be marketed commercially. Quarterly Newsletter:Apple Phone Phishing Scam (Scams)Phishing scams are becoming more sophisticated. One recent scam was so good it almost fooled the CEO of a security consulting firm. Jody Westby, the CEO of security consulting firm Global Cyber Risk, received an automated call on her iPhone telling her that multiple servers containing Apple IDs were compromisedand that she needed to call a 1-866 number immediately. The caller information on the phone displayed Apple’s logo, address and real phone number, making the call appear to be legitimate. She started to return the call using the data on her phone, but instead Westby went to the official AppleSupport website and requested a callback. “This was so convincing I’d think a lot of other people will be falling for it,” commented Westby.When Apple Support called Westby a few minutes later, the agent assured her that Apple had not contacted her, that the call was almost certainly a scam, and that Apple would never make such a call. When Westby looked at her iPhone’s recent calls list, she saw the legitimate call from Apple had been lumped together with the scam call that spoofed Apple, making the scam call appear legitimate.Security expert Brian Krebs called the 1-866 number to learn more about the scam. After pretending that he had received a call about a data breach, he was asked to hold and the call was disconnected without Krebs learning what the scammers were seeking. Krebs points out that, “it is remarkable that Apple’s own devices (or AT&T, which sold the phone) can’t tell the difference between a call from Apple and someone trying to spoof Apple.”Apple will never call customers about security issues. They say that if you receive an unsolicited call from someone claiming to be with Apple, you should hang up and contact Apple directly. Fast Facts:Five Data Security Terms You Need to KnowUnderstanding the language of data security is the first step to becoming and staying secure. Here are five terms you should know.A brute force attack is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force). The hacker uses millions of user ID and password combinations in an attempt to find one that works.A Denial of Service (DOS) attack involves hackers attempting to prevent legitimate users from accessing a website or online service. In a DoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses, thus tying up the network’s resources. The primary goal of a DoS attack is not to steal information but to slow or take down a web site. The attackers' motivations are diverse, ranging from simple fun, to financial gain and ideology (hacktivism).A firewall allows or blocks traffic into and out of a private network or computer. Firewalls are widely used to give users secure access to the Internet as well as to separate a company's public server from its internal network, and to keep internal network segments (e.g., accounting records) secure.A honeypot is a decoy computer systemthat serves as a target to lure cyber attackers. Honeypots are designed to purposely engage and deceive hackers and identify malicious activities performed over the Internet.An IP address is the "digital address" that allows a device to connect with other devices on the Internet. It is a numeric address (such as 76.77.186.155) that is assigned to every single computer, printer, switch, router or any other device that is connected to the Internet.Podcast:Accessing Data After DeathIf someone close to you has passed, you may discover that you do not have access to important files stored on their computer, tablet, phone or social media accounts. There may be financial records, personal documents and emails or treasured family photographs that will be lost forever if you cannot gain access. In this podcast we discuss how to get access to a deceased family member’s data and how to plan so this does not become a problem in the future.Expert: Leo Notenboom wants technology to work for everyone. He began working at Microsoft in 1983 and spent the next 18 years working on a wide variety of software. If you’re running Microsoft Windows, if you’ve used a Microsoft development tool or Microsoft Money, or if you’ve ever purchased a ticket through Expedia, there’s a good chance you’ve been touched by some of Leo’s work.In 2003, Leo founded , where he takes average computer users from fear and frustration to technology that “just works.” He is the author of several books on technology, including The Ask Leo! Guide to Online Privacy and TheAsk Leo! Guide to Staying Safe on the Internet. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download