KFM Word Template



MyIDMatters Contentfor Issue 43, Q1 20201. Phishing Scheme Gives Bad Guys Access to Your Cloud Data (Crimeware)As online users become more sophisticated, hackers are becoming more sophisticated as well. Early phishing attacks relied on users clicking links without paying attention to where the links took them. For example, a hacker would create a page that looked just like the PayPal login page, but it was actually a fake page used by the bad guys to capture log in information from people who believed they were signing into their PayPal accounts.Today, there are new twists to the old phishing scams. The usual tipoff in a phishing scam is that the user is sent to a domain impersonating the real one. It might be paypal.log- instead of , for example. In one recent scam, however, users who clicked on a malicious link to login. were taken to Microsoft’s actual login page. The catch is that there is code appended to the link that tells Microsoft to forward an authentication token to officesuited[.]com, a site controlled by the hackers. The user is then sent to a page that grants permissions to access the user’s email, contacts, files, mailboxes, and more. This same approach could be used with other cloud providers. In fact, Gmail was targeted by a similar tactic in 2017.Why would users grant these permissions? If they do not know there is a malicious actor involved, users may not be concerned. We have been conditioned to click and agree when presented with options. According to Michael Tyler of , “We can look at the reason phishing is still around and it’s because people are making decisions they shouldn’t be making or shouldn’t be able to make. Even employees who are trained on security are trained to make sure it’s a legitimate site before entering their credentials. Well, in this attack the site?is legitimate and at that point their guard is down. I look at this and think, would I be more likely to type my password into a box or more likely to click a button that says ‘okay’?”Because the login happens at Microsoft’s website, two-factor authentication would not protect users. And once access has been given to this malicious app, even changing the password would not prohibit the hackers’ access.Microsoft provides instructions for rescinding illicit consent grants, but the best way for users to avoid this issue is to carefully review the entire URL when installing apps and granting permissions. Look for links to unfamiliar sites and odd URLs. System administrators can block users from installing any apps or limit them to apps from the official Microsoft store.2. SEQ CHAPTER \h \r 1What Does Google Know About You? (Privacy) How much does Google know about you? Probably a lot more than you realize. According to the founder of search engine DuckDuckGo, even if you do not directly use Google products, their trackers are found on 75% of the top million websites. “(Google isn’t) really a search company anymore – they’re a tracking company.” And they follow you wherever you go online.If you also use Google products, they know a lot more about you than just what websites you visit. Google knows who you are, where you have been, who your friends are, what you like and dislike, your future plans, and your online life. This infographic details some of the way Google accumulates data about you, including through Google searches, Chrome browsing history, Gmail, ads clicked, YouTube searches, videos watched and uploaded, Google Fit, and more.These links will show you some of what Google knows about you:Your advertising profile at determines what ads they will show you.Android mobile devices send location data to Google. You can view your location history at can view every Google search you have ever made at a monthly report of the Google services you are using? Request it at Account activity page lists all of the apps that have access to your data. You can view the permissions granted and make changes at can export all of your data from Google here: all of the YouTube searches you have done here: do they do with all this information? According to Gabriel Weinberg of DuckDuckGo, “The result of all that tracking is that Google uses your personal profile to sell ads, not only on their search engine, but also on over three million other websites and apps. Every time you visit one of these sites or apps, Google is following you around with hyper-targeted ads, trying to influence your behavior.” But it is more than just ads. “On an individual level, lack of privacy leads to putting people into a filter bubble, getting manipulated by ads, discrimination, fraud, and identity theft. On a societal level, it can lead to deepened polarization and societal manipulation as we’ve unfortunately been seeing multiply in recent years.”If you want more control over your data, you can use this tutorial to learn how to view and delete the data Google has collected on you.Additionally, you might want to limit the amount of data Google collects on you in the future. This is easier said than done, but VisualCapitalist suggests:Adjusting privacy settingsUsing private browsingUsing a different browser (not Chrome) for searchTurning off your location settingsDeleting your Google accountsUsing a Virtual Private Network (VPN)3. Is Your Phone Spying on You? (Privacy)Have you ever noticed a sudden flurry of ads in your Facebook feed on a subject you recently talked about with friends—even though the conversation didn’t take place online and you didn’t search for or read online content about it? Others have noticed that, too. They wonder if their phones are eavesdropping on their conversations and sharing data with advertisers. There is always the possibility that these ads showing up after an offline conversation with friends are just a coincidence or even that you have been shown the ads before but didn’t think anything of them. However, when the BBC asked their audience about this, a number of people shared their stories of getting ads they were convinced were served based on their private conversations. Smart devices are always listening for “wake” words such as “Hey Siri,” so they can record your voice and execute your request. In the absence of the wake words, any data is processed only on your phone and is not transmitted. That means that third party applications on your phone (such as Facebook) would still have access to this data and could choose to use it. Facebook has vehemently denied that they use these bits of conversation to influence ad content, but a writer for decided to try an experiment. Twice a day for five days he said things in the presence of his phone about going back to school or needing cheap shirts for work. Then he watched Facebook for related ads. “The changes came literally overnight. Suddenly I was being told (about) mid-semester courses at various universities, and how certain brands were offering cheap clothing. A private conversation with a friend about how I’d run out of data led to an ad about cheap 20 GB data plans. And although they were all good deals, the whole thing was eye-opening and utterly terrifying.”When CBS News ran a similar experiment, they did not find any “secret audio transmissions” and did not see ads for any of the products they discussed. A former Facebook operations manager says that collecting and analyzing a lot of voice data would be expensive and unnecessary, as the tech companies already know so much about us. Because they have so much data, they can make “uncannily accurate” guesses about what to advertise to us. Even though we do not know with any certainty that this is happening, if the possibility that your conversations are being monitored by your smartphone concerns you, you can:Disable features such as Siri, Alexa, Cortana, and Ok Google to keep devices from listening for the wake phrase.Disable Facebook’s mic access.4. Money Mules (Scams) Money mules are individuals who are hired to receive and forward funds through their personal or business bank accounts. According to the Federal Bureau of Investigation (FBI), “Money mules help criminals launder their proceeds derived from criminal activities, by adding layers of recipients to the money trail.” This makes it more difficult for law enforcement to trace the trail of money from a specific victim to a criminal actor.It may begin with a seemingly innocent request from someone the victim met through an online dating site or in response to a job posting. They are asked to provide their banking information and let money flow through their account to others. They may believe they are doing it as a favor to a new romantic partner or to earn some money. However, much of the money moved through these schemes is stolen through Internet fraud or comes from drug trafficking or human trafficking. Whether or not the mule is aware they are engaged in criminal activity, they are breaking the law.Although some mules know that they are engaging in illicit behavior, many of them (at least initially) believe they are simply helping an individual or a business and do not realize they are involved in money laundering. Mules who are unaware of what they are doing may be able to avoid prosecution, but even if they are not prosecuted money mules are putting themselves at risk for identity theft, personal liability, negative impacts on their credit scores and the inability to open bank accounts in the future. They and their families could also be threatened by the criminals if they refuse to continue working as mules.These schemes use a variety of methods to transfer funds. Mules may be instructed to wire money, obtain cashier’s checks or purchase gift cards with the illicit funds. KrebsonSecurity reports that some mules are now using Bitcoin ATMs to convert cash to cybercurrency and forward it to the criminals. The FBI suggests several ways to avoid becoming a money mule:Do not accept a job offer requiring you to use your bank account to transfer money for the company.Be suspicious of an employer who asks you to form a company and open a bank account.Never give your financial details to anyone you do not personally know and trust.Watch out for job advertisements riddled with spelling and grammar errors.Be wary when a person you met on a dating website wants to use your bank account to send or receive funds.Do online searches to verify any information that seems questionable.Ask potential employers to send a copy of their business license.5. Child Predators Target Victims Through Online Gaming (Legal Matters) It’s no secret that child predators seek victims wherever they can find them and, according to the Federal Bureau of Investigation (FBI), one current popular avenue is online gaming. The Pew Research Center notes that 97 percent of American teenage boys and about 83 percent of girls play video games, providing easy access to children. Through the contact they establish through the games, predators groom their victims and convince them to send sexually explicit images or videos. According to the New York Times, “There are many ways for gamers to meet online. They can use built-in chat features on consoles like Xbox and services like Steam or connect on sites like Discord and Twitch. The games have become extremely social and developing relationships with strangers on them is normal.” The abuse may begin in the games themselves or the predators may move to platforms such as Facebook Messenger, Kik, and Skype, where they can communicate more privately.Predators build relationships with their victims by sending gifts or gaming currency, such as V-Bucks in Fortnite. They begin desensitizing children to sexual terms and imagery with explicit texts and photos before asking them to send naked pictures and videos of their own. Gary Halpert of Savvy Cyber Kids says, “Parents aren’t telling their kids at 6 years old, ‘Keep your clothes on online.’ But they need to.”The victims often believe they are communicating with another child and go along with the predator’s requests. Once the abuse has begun, the predator may threaten to harm the child or the child’s family if the child does not do as the predator demands. Ultimately, many victims are so traumatized that they commit or attempt suicide.Bark, a service that monitors children’s online activity for signs of cyberbullying, abuse and other dangers, has a task force that seeks out online predators using modified images of an adult woman as bait. These are among the suggestions they offer for combatting online predators:Let your child know they can come to you for help. It isn’t easy for victims to talk about what they have experienced, but let your children know they can always come to you and you will love and support them. Also let them know about the Childhelp National Child Abuse Hotline. If they aren’t ready to speak with someone they know, they can call 1-800-4-A-CHILD (1-800-422-4453) to get help at any time.Learn how to report suspected child predators. If you suspect your child or another child is being targeted, contact the tip line of the National Center for Missing & Exploited Children at 1-800-THE-LOST (1-800-843-5678) or the FBI at 1-800-CALL-FBI (1-800-225-5324).Join a Facebook group for parents, such as Parenting in a Tech World.6. Millennials Scammed More Than Seniors (Scams) There is a belief that seniors are the victims of most scams, but scams affect people of all generations. In fact, data from the Federal Trade Commission (FTC) indicates that millennials are 25% more likely to report losing money to fraud than those over 40. However, the types of scams that ensnare millennials are not the same as those targeting seniors. There are three key differences highlighted in the FTC data: the types of frauds, the methods of first contact, and the amounts of the losses. The top five types of frauds affecting millennials are online shopping frauds, business imposters, government imposters, fake check scams, and romance scams. Older consumers report the same types of scams, but millennials appear to fall prey to them more often. Millennials are twice as likely as those over 40 to report being victimized by online shopping scams. They are also more likely to report scams related to debt relief or money-making opportunities. Millennials are 93% more likely than those over 40 to report falling for a fake check scam. Phone calls are the most frequent method of initial contact for fraud victims of all ages. Millennials lost money to phone scams at a slightly lower rate than those over 40. However, millennials are 77% more likely to report losing money to a scam that began with an email.Even though younger people were more often victims of scams, average losses for older victims were higher. The median loss for victims in their 20s was $400, while the figure for those in their 70s was $621. Those over 80 had the largest median loss of $1,021.Why did younger consumers have more losses? The FTC points out a few reasons. First, younger consumers are more likely to share personal information online, making them vulnerable to fraud. They also tend to assume that others are at greater risk of being scammed than they are, so they are less cautious. And, despite the common perception that older people are easily scammed, Monica Vaca of the FTC says, “Older consumers are doing a really good job recognizing fraud when they encounter it. They’re taking the next step to warn other people about it.”The clear message? It is important to beware of scammers no matter your age.Quarterly Newsletter: Securing Your Home WiFi Router (Crimeware)Your router is an important part of your home network. In order to protect your data and your devices, you need to make sure your router is secure. “A compromised router can spy on you,” said computer consultant Michael Horowitz, explaining that a router under an attacker's control can stage a man-in-the-middle attack, alter unencrypted data or send the user to "evil twin" websites masquerading as often-used webmail or online-banking portals. Tom’s Guide recommends the following simple steps to take (at a minimum) to safeguard your home network:Change the network’s default username and password. They're the first things an attacker will try. Your router's instruction manual should show you how to do this; if it doesn't, then do an online search for instructions.Change the network name or SSID, from the default. Don’t make it something that identifies you, such as “Smith Family.”Enable WPA2 wireless encryption so that only authorized users can join your network.Disable Wi-Fi Protected Setup, if your router lets you. Protected Setup makes it easy to add new devices to your network without the password, but it also makes it easier for anyone, even people you don’t know, to access your network.Set up a guest Wi-Fi network and offer its use to visitors, if your router includes this feature. In addition to connecting visitors to the guest network, you can connect Internet of Things devices to the guest network to keep them from compromising your primary network.Do not use cloud-based router management. Turn it off if you can.Install new firmware as it becomes available in order to patch any security flaws.Set your dual-band router to use the 5-GHz band as the signal does not travel as far at the 2.4-GHz band and it makes your network less visible.Use a virtual private network (VPN) router to supplement or replace your existing router and encrypt all your network traffic.Glossary:Five Password Security Terms You Need to KnowBiometric authentication relies on the user’s face, fingerprints, voice, or eyes to confirm their identity. It is one of the most secure authentication methods.Dictionary attacks enable hackers to find the most common passwords in as little as a fraction of a second by attempting logins via a list of dictionary words until a match is found. Dictionary attacks may also combine common words, add numbers to the end or make common substitutions (such as a zero for the letter o). A keylogger is a software program or hardware device used to monitor and record each keystroke typed on a specific device's keyboard. Keyloggers are available for use on computers, smartphones, and tablets. Keyloggers are often used to steal personally identifiable information (PII), login credentials, and other sensitive data. Ethical uses of keyloggers may include use by employers to monitor employees' activities and parents to supervise their children's internet.A Password generator is a software tool that creates random or customized passwords for users. It helps users create stronger passwords that provide greater security for a given type of access.A password manager is used to securely store and manage a user's passwords. With a password manager it is not necessary to remember dozens of complicated passwords. You simply go to a site, provide the master password you set for the password manager, then log in to the site and the username and password will be stored for you.Podcast: Keeping Kids Safe from Online PredatorsMost children spend hours every day online. Much of that time is spent messaging with others. Gaming and social media apps provide a way for children to connect with others, but sometimes those others are not what they appear to be. In this podcast we discuss where predators seek children online, how pedophiles groom children for abuse, what parents can do to protect their children, and what they can do if they believe their child is in danger.Expert: Avani DesaiAvani Desai is a Partner and President at Schellman & Company, LLC, the largest niche CPA firm in the world that focuses on technology and security assessments. She is also CEO and co-founder of MyCryptoAlert, a push notification and portfolio app for cryptocurrency. Avani has been featured in Forbes, , and the Wall Street Journal, and is a sought-after speaker as a voice on a variety of emerging topics, including security, privacy, information security, future technology trends, and the expansion of young women involved in technology. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download