Blog

Archive for Phishing

The Right to Know When I Am Not Left Alone – Is Not Enough.

The Right to Know When I Am Not Left Alone – Is Not Enough.

Our online privacy is continuously compromised with the scanning, skimming and scraping of our emails and our browsing behavior.

A recent study concluded that 92% of the population believes “that collecting the content of emails is unacceptable”. How many consumers understand that virtually every email is scanned, skimmed and scraped for information and their privacy is breached every day? A recent article in The Economist describes how people do not protect their right to privacy and anonymity.

Google scans the content of all emails on its servers as well as all emails sent or received by a gmail account. Google considers that users have no ‘reasonable expectation’ of privacy. This stance flies in the face of the predominant and consistent research about consumers’ ‘privacy expectations’.

Rami Essaid recently wrote in TechCrunch that, “The truth is, people will never achieve true privacy and anonymity online.” He concludes that tracking is here to stay and that it is getting more pervasive and sophisticated. His main thesis is that our discussion should not be about absolute the right to privacy or anonymity but about transparency.

If Essaid is correct, the horse has left the barn in terms of protecting our privacy and anonymity. Instead, he proposes focusing on making it visible and transparent about how our online privacy will be accessed or ripped off.  It is OK to to invade our privacy as long as it is transparent! Should consumers simply give up that they have any expectation for online privacy? This is almost Orwellian in concept – a dark road that we must not travel as this means that others have the right to observe us without our consent!

The Right to Privacy

In 1890, Warren and Brandeis wrote The Right to Privacy and their key argument was the “right to be let alone”. Here we are 100 years later. Do we really want to change the right to be left alone to the “the right to know when I am not left alone?” Transparency is an important need but we must not give up the fight for the right to privacy.

Posted in: Anonymity, Data breach, Email, Fraud, Identity, Phishing, Privacy, Uncategorized

Leave a Comment (0) →

The week in review: the FTC on IoT at CES, ringing in a new year of data breaches and phishing scams

The week in review: the FTC on IoT at CES, ringing in a new year of data breaches and phishing scams

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. This week, the annual Consumer Electronics Show in Las Vegas highlighted the growing interest in privacy as well as the privacy impacts of the Internet of Things, ringing in the new year of data breaches, and new phishing schemes for a new year. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

The FTC on IoT + CES = big privacy news

This week, technology companies big and small gathered in Las Vegas to tout their wares and reveal to consumers worldwide the next wave of consumer electronics. At the Consumer Electronics Show 2015, privacy was big news, both on the show floor and on the main stage.

The Internet of Things is a hot topic these days: from connected smoke alarms to intelligent refrigerators, futurists – and technology companies – are betting on the fact that soon most of our world will be connected to the Internet. This brave new world, however, has serious implications for consumer privacy.

The chairwoman of the U.S. Federal Trade Commission gave a keynote address at CES this week highlighting the privacy and security implications of IoT, and her speech got a lot of coverage in both tech and mainstream media.

“Connected devices that provide increased convenience and improve health services are also collecting, transmitting, storing, and often sharing vast amounts of consumer data, some of it highly personal, thereby creating a number of privacy risks,” she said.

This creates an opportunity, of course, for technology companies to help solve those challenges, as evidenced by the small but mighty group of privacy-focused technology providers exhibiting on the CES show floor.

Brace for a busy year of data breaches

2014 was a remarkable year for data breaches, with seemingly no corner of the retail and consumer worlds untouched by the hand of hackers and poor security systems and policies. Well, I’ve got some bad news for you: experts are predicting that 2015 could be even worse. From the Sony hack that arguably touched off international cyberwar at a magnitude never before seen to financial institutions and retail giants suffering legal action and penalties as an unprecedented rate, these are just the tip of the iceberg for what could be about to unfold in 2015.

As Forbes reported in its harbinger of the data breach potential for 2015: “…a recent study found that more than 40% of companies experienced a data breach of some sort in the past year – four out of ten companies that maintain your credit card numbers, social security numbers, health information, and other personal information.  That number is staggering, and shows no signs of retreat.”

Fast food restaurant Chick-Fil-A (which has had troubles of a different sort in recent years based on its political and religious affiliations) has the dubious distinction of being the first reported data breach of 2015. Congratulations?

What’s good on Netflix? Not the phish. Try Friends instead.

Online streaming service Netflix has fallen victim to one of the first reported phishing scams of 2015. Netflix subscribers are being targeted with the old account verification phishing scheme. Some subscribers are reporting receiving notification that their payment has failed and that they need to log in to provide updated payment details. Let’s resolve to try and not fall victim to these sorts of tactics in 2015, shall we?

 

Posted in: Blog, Data breach, Phishing, Privacy, This week in review

Leave a Comment (0) →

The week in review: privacy law world showcase, Sony’s bad week, and a phishing pop quiz

The week in review: privacy law world showcase, Sony’s bad week, and a phishing pop quiz

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about Internet privacy laws (or lack thereof) around the world, Sony’s extensive data breach, and a phishing pop quiz. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Whose Internet privacy laws are the fairest in all the land?

Do you want the bad news first? Or the good news first?

The bad news is that of the countries surveyed by the World Wide Web Foundation on the topic of Internet privacy law, 84% got a failing grade.

The good news? … well… er… Christmas is coming?

According to a Sputnik News article: “The United Kingdom, the United States, Australia, Canada and France all scored three out of a possible 10 in providing legal safeguards to ensure that surveillance did not interfere with rights to privacy.”

With a lack of legislation in place to protect consumers, it’s essential that they seek out and use tools and platforms that help them to protect their own online privacy, to control their own online personas and communications with merchants. Platforms like Dodoname can help!

All the makings of a Hollywood blockbuster

Those that follow the infosecurity and Hollywood beats have been glued to their screens since the announcement of a huge data breach at Sony Pictures that shares similar plot points with many a blockbuster thriller. From Forbes: “hackers not only erased data from its systems, but also stole, and released to the public, pre-release movies, people’s private information, and sensitive documents.” Extortion attempts, ignored warnings, cryptic messages to execs from the culprits and other go-to plot points became all too real, and splashed all over the Internet this week. Even more damning is that it appears the problems were discovered long ago – with a hack recorded in February and the studio deciding to keep it quiet. <insert joke about hindsight being 20/20 here>

The repercussions of this week’s revelations are widespread and ugly, from racist jokes made by studio executives at the president of the United States expense, to the A list slinging mud and bad mouthing other A list talent. The financial implications – and reputational damage – to Sony will no doubt be long lasting and the media is sure to broadcast every last juicy detail. It is a sobering lesson for organizations that are treating cybersecurity as an afterthought.

Phishing pop quiz

It’s Friday. You’ve had a long week. You’re looking for an online activity that will get you that much closer to the weekend. This phishing email quiz is just the ticket. Can you spot the difference between a legit email and a phishing scam?

How did you rate on the quiz? Tell us in the comments. And if you didn’t do so well, don’t despair: the IT security experts that first took the quiz didn’t do much better, as a mere 6% got all questions right. And, as the article at the link mentions, “this is their job.”

Posted in: Phishing, Privacy, This week in review

Leave a Comment (0) →

This week in review: Cyber Monday sales and scams, the European Plan and the science behind tracking

This week in review: Cyber Monday sales and scams, the European Plan and the science behind tracking

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts on Cyber Monday, ongoing privacy debates, including in Europe and the science behind who is tracking you. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Cyber Monday – sales and scams

Although figures vary quite widely depending on the source, a considerable fury of online sales was unleashed this week on Cyber Monday. ComScore reported U.S. sales of over $2 billion, a 17 percent increase over last year’s Cyber Monday, making this the “heaviest U.S. online spending day in history.” Predictably, this rush of e-commerce also captured the full attention of online bad actors. Researchers had already observed a “sharp increase” in phishing and spam activities against online shoppers and expect more to come into the holiday season. In a Politico article called “Hack Friday: Black Friday cybercrime is unstoppable,” Jay Healey, a former White House and financial sector official notes “Hunters are more likely to be out when there’s more prey to be hunted.” Bolstering that idea, reports on a study from security firm Imperva shows nearly half of all web application cyber-attacks target retailers. “This is largely due to the data that retail websites store – customer names, addresses, credit card details – which cyber criminals can use and sell in the cybercrime underworld,” said Amichai Shulman, chief technology officer at Imperva.

While email is still the prime vector for phishing, we were also reminded that social media is not immune to these threats riding the wave of a major online event such as Cyber Monday. Fake social media messages on platforms like Facebook attempted to hook unsuspecting shoppers looking for deals and discounts.

Privacy debates

Of course, we continue to monitor news and debates around how companies use your data to track your online activities for various advertising and marketing purposes. Indeed, providing a way to have both privacy and personalization is the raison d’être behind Dodoname. It’s fascinating to see the general public slowly becoming aware of the extent to which we are tracked. Jascha Kaykas-Wolff, the Chief Marketing Officer of BitTorrent, notes recent Pew research, saying it “overwhelmingly showed the burgeoning distrust users have harbored in putting their private information online.” His article, Why privacy is like the frog in the pot of boiling water, is descriptive of what has happened to all of us. Like the proverbial frog in the pot of water that is slowly increasing in temperature, we’ve paid little notice to the tracking and erosion of privacy. With the Pew study showing that ninety percent of adults agree that we’ve lost control of our personal data, the temperature is going to start to rise for business as well.

One way the market is responding to consumer concerns is through offers like Dodoname where privacy, rather than tracking, is central to the value proposition. Another prominent example is DuckDuckGo, a search engine that puts privacy first, rather than collecting data. Gabriel Weinberg founder of the company, speaking about privacy-based products in a Guardian Article notes “I don’t think it’s a fad. One of the big things people have noticed in the last year is the ads that follow them around the Internet and that’s perhaps the most visible notion of this new tracking mindset that most companies are adopting. Those trends are not disappearing. More tracking on the Internet, more surveillance, so I think as people find out about it they’re going to be wanting to opt out in some percentage.”

The European Plan

The European Union is ahead of North America in many regards concerning privacy, including evolving regulations concerning cookie use. We’ve previously reported on so-called super cookies and device fingerprinting used to track consumers across devices, including smartphones. A Guardian article this week Europe’s next privacy war is with websites silently tracking users, notes regulators have made it clear that companies cannot bypass cookies consent by using covert methods to track users through their devices. In the article, Jim Killock, executive director of the Open Rights Group says “Building profiles to deliver personalised content and adverts clearly falls under e-privacy and data protection law.” This regulator opinion on device fingerprinting techniques seems to pave the way for developing new legislation to govern their use and protect user privacy.

The science behind tracking you

The science behind tracking and the answer as to why techniques that track users across devices are being pursued by companies on both side of the Atlantic can be found in a MIT Technology Review article we shared this week: New Technology for Tracking Consumers Across Devices Grows Results.

Companies like Adometry are using probabilistic identification methods, to link smartphones to desktops accurately enough to justify ad placements. Drawbridge, of San Mateo, California, says it can “take anonymous signals from the device and do a kind of statistical space-time triangulation.” By performing the analysis over time, Drawbridge identifies clusters of devices and then figures out which are paired, providing confidence that they have the same user. The results provide marketers with data that is accurate enough for retargeting and attribution.

Still, we are just at the beginning of what marketers would like tracking to accomplish. As various vendors build their own technology and tech companies like Apple or Google seek dominance of their own proprietary methods, Adometry CEO, Casey Carey offers the opinion that Marketers need a new system to track customers across platforms.

Posted in: Blog, Data breach, Fraud, Phishing, Privacy, This week in review

Leave a Comment (0) →

This week in review: Cybersecurity as child’s play, travel advisory, and fresh phish

This week in review: Cybersecurity as child’s play, travel advisory, and fresh phish

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about cybersecurity being child’s play, travellers targeted by cybercriminals, and plenty of fresh phishing news. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Reading, writing and cybersecurity

The hot ticket these days isn’t to InfoSec Taylor Swift, it’s to see eight-year old cybersecurity expert and startup CEO Reuben Paul. This pint-sized infosec phenom is in high demand, speaking at numerous infosec conferences, sharing his message that cybersecurity is an important skill set to be teaching younger generations. To learn more about his perspective – and his busy speaking schedule – read this Q&A.

Travelers get more than free continental breakfast

Several stories in the news this week may prompt you to opt for a staycation rather than travel next time you’re contemplating leaving home. From booking your trip to logging on when you’re at the hotel, cybercriminals are one step ahead.

Booking.com, a highly trafficked online travel booking site, admitted that more than 10,000 of its users had been targeted in an email phishing scam. That booking confirmation email you received, seemingly from Booking.com or the hotel itself, and its request for a deposit to hold the reservation? It’s a scam. The site’s PR team went into defence mode, stating that “this was no data breach and that phishing is an industry-wide phenomenon,” while an infosec blogger posited another, more frightening possibility: “Maybe nobody knows how this happened.”

Meanwhile, business travelers in Asia have been targeted in another type of cybersecurity attack. And I mean targeted. Security advisors suspect that the attacks were targeting specific travellers and may have even had those targets’ itineraries. That’s how it started, but the attacks appear to have broadened and vulnerabilities may have impacted anyone connecting to hotel wifi. As is so often the case, phishing appears to have been a primary vector for delivery of these attacks.

It pays to be hypervigilant when booking and using wifi at hotels; give them your Dodoname instead of your email address!

Fresh phish

This week’s phishing news includes a bleak Outlook, a Google report shining a light on just how effective these scams are, and the full extent of the Home Depot breach that brought Christmas early for potential phishing scammers.

Bad news: Your Microsoft Outlook has been infected with a Trojan virus! At least that’s what the phishing scam in inboxes this week declared. Just click on the link in the very legitimate-looking email from Windows Microsoft to run the Norton antivirus software and eliminate the c93 virus from your mailbox; failing to do so will result in the deactivation of your mailbox. What is actually happening is that by following the steps in the email, you’re handing your Outlook credentials to cybercriminals. And recipients are clicking on these nefarious links much more frequently than you’d think, according to a recent report by Google.

Phishing scams are wildly successful, which is why they continue to plague our inboxes. Google has conducted some fascinating and terrifying research into what they’ve dubbed “manual hijacking,” a primary vector for which is phishing. The results are staggering – phishing emails were effective between three and 45 percent of the time. Of those who clicked on phishing links, 14 percent entered personal data like login credentials or credit card information. These stats are very alarming when you consider the number of personal records taken in some of the recent data breaches.

Listen closely. Do you hear it? That faint sound you hear is that of countless hackers thanking their lucky stars for the phishing bounty they’ve received from the likes of Home Depot. Home Depot has been on the PR campaign trail, trying to clean up the mess of the much-publicized data breaches that company has experienced. One consumer and journalist who had her details exposed in the breach shared the contents of an email that Home Depot sent out to those affected. In that email, the director of corporate communications for the company threw its loyalty program partners under the bus as the weak link in the data security chain, and let recipients know that theirs were just one of 53 million – more than the entire population of Canada! – email addresses compromised, followed by some tips and tricks for avoiding phishing scams.

An ounce of prevention is worth a pound of cure, as they say. Should have used Dodoname!

Posted in: Blog, Phishing, Privacy, This week in review

Leave a Comment (0) →

This week in review: this machine eats privacy, malware, ApplePay retailers pay the piper, and more

This week in review: this machine eats privacy, malware, ApplePay retailers pay the piper, and more

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about technology advances that further erode your privacy, new payment system hacking, the continuing cyber-security battle for retailers and as always, lots of phishing and other email scams. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

The privacy killing machine

We had seen previously Facebook’s move into direct competition with Google with its advertising exchange Atlas. The platform leverages your unique Facebook identifier tracking you across the web and multiple devices. ISP Verizon is also using what they call a “Unique Identifier Header.” Some critics are saying “…it’s also a reckless misuse of Verizon’s power as an internet service provider—something that could be used as a trump card to obviate established privacy tools such as private browsing sessions or “do not track” features.”

The ol’ Backoff sneak attack

We’ve previously noted many retail data breaches that compromise consumer data including personal and financial information. Retailers can be infected with at least one piece of malware and be unaware for long periods of time. Unfortunately, it appears to be getting worse as we discover in a report that says the ‘Backoff’ malware used in retail data breaches is spreading. Apparently some  recent breaches, like that at Home Depot, are resulting in credit card charges coming out of Brazil.

Hackers give CurrentC no quarter

Apple’s new payment system, ApplePay, was announced with much fanfare a couple of weeks ago. However, some retailers abruptly stopped using the system this past week. Apparently they forgot agreements they had in place to support an alternate system that precluded them for using ApplePay. The payment system, called CurrentC includes partners CVS and Rite Aid among others. It vacuums up (and promises to share) lots of personal data and has been signing up customers. However, it actually hasn’t been released for use yet and already it has been hacked and criminals managed to grab the email addresses of anyone who signed up for the program.

Phishing for Apple

The Apple ecosystem has traditionally been noted as being less subject to security concerns than its competition but that has been changing. News was revealed this week via the CYREN Internet Threats Trend Report that phishing scams targeting Apple rose 246%.

Other phishing activity noted this week involve Pizza Hut, a Michigan hospital, rocker Brett Michaels, doctors, architects, engineers and other white-collar professionals, and even Revenue Canada.

Malware hackers do seem to be more prevalent than ever so it comes as no real surprise to see a new Microsoft survey where 42% report weekly and even daily attempts to gain access to their PC or a @FindLawConsumer survey that shows 29% of U.S. adults say they’ve had their identity stolen and that 10% report being hit twice. Whether it’s a legitimate-looking invoice email hiding a data-stealing Trojan malware attack, banking malware that specifically targets sensitive user account credentials, or horse owners, unfortunately Pew Research sees a likelihood of major attacks in coming years.

Posted in: Blog, Data breach, Phishing, Privacy, This week in review

Leave a Comment (0) →

Top five online privacy concerns

Top five online privacy concerns

By Don Dobson

In epidemiology, the means for the transmission of disease is termed a “vector.” In the world of online privacy, your personal email address is one of the prime vectors by which your privacy can be compromised. If you’re not using a Dodoname to interact with merchants, you’re leaving yourself open to these top five privacy concerns (which can have some very scary repercussions!)

1. Phishing

Wikipedia defines phishing as the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Although not the only means, email is one of the main vectors for phishing. At Dodoname, we like to keep up to date on the latest developments in cybercrime through email phishing scams. We see that the scammers are relentless and that anyone can be a victim: criminals shamelessly exploit the latest news, such as recent attempts linked to the Ebola scare gripping the world or even attack children. It also a big problem for businesses as employees can be fooled and surrender corporate information or provide a pathway for hacking of retailer systems.

Phishing still thrives because it remains a simple game and the power of easily sending millions of emails every day allows the bad guys to fill their quotas. Old scams are still making the rounds and claiming victims. And the fact is, email remains a very popular communication channel. Unfortunately, it’s true that real dangers can place themselves in your inbox. Here’s a start on some help to stay out of trouble and also some advice if you have taken the bait.

2. Data breaches

Retailers in particular have shown themselves to be vulnerable to hacker attacks which result in a “breach” of security measures protecting customer data, as have financial institutions.

You may think “that’s their problem” but it could also be a problem for you. Depending on the nature of the data breach, personal information you have shared with companies, including credit card information, may become available for use by criminals and/or be re-sold in criminal markets. Ironically, this can result in even more effective phishing emails as criminals use information already stolen to become more credible to email recipients in what is known as “spear-fishing.”

There is nothing you can do to prevent these breaches, but they are the top of the list of concerns for company executives. Customers are striking back. Many consumers will stop patronizing companies who have had a data breach while some victims of these attacks  have joined lawsuits against retailers like Home Depot.

3. Malware

Email phishing can have many consequences. One of those is the installation of malware on your device. There are many varieties of malware “in-the-wild,” some malicious, some not so much, but none have any business on your device. Among the types of malware that can impact you are “key-loggers,” which send back everything you type online to criminals. This information would include details of all your online activity including banking website passwords.

And the thing is, you don’t always even need to click on anything. Just visiting some sites exposes you to these sneaky downloads through “malvertising.” You might think that staying away from seedy corners of the Internet would protect you, but the truth is even reputable sites can be hacked in these ways through ad exchanges.

4. Identity theft

Identity thieves have many different ways to strike: over the phone or through something as low-tech as criminals sifting through your trash, or through email phishing attacks. Online theft of personal identity and it has become a major problem worldwide. Criminals can use your identity and credit card information to make purchases, take out loans or conduct any illicit financial transaction.

Identity thieves can be individuals at the local level or international organized criminal operations. Even using free wi-fi at a coffee shop can open you up to identity theft. It’s clear that these types of cybercrime enterprises are a growth business.

5. Data brokers

A much broader concern for personal privacy than the vector of phishing emails and malware criminals is an industry that operates “legitimately” but without much regulatory protection for consumers. Testimony by Pam Dixon, Executive Director, World Privacy Forum appearing before the Senate Committee on Commerce, Science, and Transportation, suggests that somewhere around 4,000 companies in the U.S. gather identity information left by the “digital exhaust” of your online activity. Dixon cites real harm to individuals resulting from these activities and notes “Despite the large and growing size of the industry, until this Committee started its work, this entire industry largely escaped public scrutiny. Privacy laws apply to credit bureaus and health care providers, but data broker activity generally falls outside these laws. Even a knowledgeable consumer lacks the tools to exercise any control over his or her data held by a data broker.” 

(Image: Flickr, Sebastien Wiertz, link)

 

 

 

 

 

 

 

 

Posted in: Blog, Data breach, Email, Fraud, Identity, Phishing, Privacy

Leave a Comment (0) →

This week in review: scary tales of data brokers, info snatchers, phishing scams and more

This week in review: scary tales of data brokers, info snatchers, phishing scams and more

By Don Dobson

In our weekly roundup, we want to draw your attention to news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data: problems that Dodoname can solve. Catching our attention this week were posts about the fight for your data, those pesky data brokers, spooky tales of data snatchers, privacy terror and phishing season.

The fight for data: yours

While conversation around the issue of privacy continues to get louder, use of the word “fight” is really a misnomer, as in many respects the fight appears to be lost. This was underlined in a book review we discovered this week of What Stays in Vegas by Adam Tanner, a Harvard University scholar and business writer. The book provides an inside look on how personal data from credit ratings, voter lists, marriage licenses, police records and online behaviours are combined and sold on the open market.

Going for (data) broke(rs)

Frank Pasquale, a professor of law at the University of Maryland, is the author of the forthcoming book “The Black Box Society: The Secret Algorithms That Control Money and Information.” He writes, Every day, corporations are connecting the dots about our personal behavior—silently scrutinizing clues left behind by our work habits and Internet use. The data compiled and portraits created are incredibly detailed, to the point of being invasive. His October 16 op-ed in the New York Times, The Dark Market for Personal Data, notes there are at least 4,000 U.S. “data brokers” selling your information without proper regulation and without the control that consumers deserve.

Tales of (privacy) terror

The alarm is being raised by many, including the American Civil Liberties Union. Although the group was founded in 1920, their concerns remain highly contemporary. Just in time for Halloween, they have released a new video Invasion of the Data Snatchers. The intro to the video on its YouTube channel notes, New technologies are making it easier for private companies and the government to learn about everything we do – in our homes, in our cars, in stores, and within our communities. As they collect vast amounts of data about us, things are getting truly spooky!

Giving up your data for the greater good?

Like any big issue, it isn’t always as simple as it might first appear. Dr. Jean Marmoreo, a physician in Toronto, writing in the Globe and Mail Debate section, notes that the collection of personal data can provide big community benefits while acknowledging the privacy concerns. Inspired by a recent Toronto lecture by Sandy Pentland from the MIT Media Lab, Dr. Marmoreo endorses Pentland’s call for a universal bill of rights for collecting and using Internet data.

Phishing Season: Always Open

Seems there is news every day about phishing scams and this week was no exception. Whether on a local scale, like a restaurant reservation scam in Chicago, the local credit union, much wider schemes like Dropbox users worldwide being targeted, spoofing PayPal or “spear phishing” targeting students, the assaults never stop.  Kaspersky Lab published its Spam in September report this week noting that financial phishing accounted for 36.97 percent of all (its) detections.

There are many ways for phishing to compromise your security including malware that can install itself on your computer without you knowing. Your own protection efforts might benefit by taking a look at the most common malware emails currently hitting inboxes. You can find out if your email has been leaked during a reported data breach using a utility provided by the makers of password manager RoboForm. And if you have taken the bait, Andy Davidson writing on the Rogers Connected site answers the burning question, I Fell for a Phishing Scheme… Now What?

Posted in: Blog, Fraud, Phishing, Privacy, This week in review

Leave a Comment (0) →

This week in review: malspace, old phishing tricks, ransomware, identity theft and more

This week in review: malspace, old phishing tricks, ransomware, identity theft and more

By Don Dobson

In our weekly roundup, we want to draw your attention to news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data: problems that Dodoname can solve. Catching our attention this week were posts about malspace, the oldest phishing tricks in the book, hack attacks, the weakest link and identity crises.

Word of the week: malspace

A new-to-us word this week, “malspace” was introduced by Steve Durbin in Wired who describes it as an online environment inhabited by hacker groups, criminal organizations and espionage units. Cybercriminals working from malspace are a growth industry where the returns are great and the risks are low, costing the global economy more than $400 billion, according to McAfee. They will grab any target of opportunity, as illustrated in a growing number of attacks on children under 18, which can cause a lifetime of credit problems for the child, as it may not be discovered for years.

Oldies but baddies

Some of the oldest and simplest email phishing scams are still circulating and creating new waves of victims, even though it would be fair to assume that users would be wise to these scams. A blog post from ScamOfTheDay.com claimed that around 156 million spam emails make it through spam filters globally everyday and phoney links are clicked by around 5% who get them. Around 10% of that group are tricked into surrendering info. But consider their report on a “mock scam” security exercise by Canada’s Department of Justice where half of the 5,000 email recipients were lawyers. That test resulted in 1,850 or around 37% clicking a bad link. It’s not easy to tell what is legit and what’s a scam, even when the law is your livelihood.

We are not alone

We learned of a brave volunteer Sophie Curtis who set out to answer just how vulnerable we are. Her article in the Guardian reveals the anatomy of a hacker attack. Curtis summarizes; It’s a salutary tale, mitigated only slightly by the fact that it’s apparently something that could happen to all of us, with precious little that can really be done to prevent it.

Scams range from simple to handsome 

Threats can come from many sources including the advertising we view online, but simple email phishing cybercriminals can certainly wreak some serious havoc. It could be as simple as preying on hopeful job seekers through a “mystery shopper” scam. Or it could be a more elaborate scam, such as detailed in this update on “ransomware” from Bernie Lambrecht via the Solutionary blog, who notes; Ransomware is like Clark Griswold’s crazy Cousin Eddie in the movie National Lampoon Vacation. It just won’t go away, no matter how hard you try to get rid of it.

It’s not you (the credit card companies); it’s me (the retailer) 

Many U.S. consumers might be surprised to hear the U.S. credit card system described as a global “weak link”. Home Depot is feeling the pain as its recent retail security breach has already produced at least 21 class action suits. Unfortunately, retailers can also shoot themselves in the foot: take well known chain Aaron’s Rent-To-Own, which reached a settlement with the State of California this week. Attorney General, Kamala Harris said “Aaron’s concealed its illegal privacy and business practices from customers in a deceptive attempt to avoid California’s robust consumer protection laws and increase its profits.” It’s harder all the time to know who to trust with your personal information when stories continue to emerge like LinkedIn being sued for alleged illegal marketing of member data to employers for their own secret snooping.

Can I see some ID?

Million are victims of identity theft every year. In a case that is a combination of striking back and turning lemons into lemonade, artist Jessamyn Lovell mounted a solo exhibition this past week, based on ID theft, which she titled, “Dear Erin Hart”, after the perpetrator. “I base all of my work on a fact that I experienced,” says Lovell.

Posted in: Blog, Phishing

Leave a Comment (0) →

This week in review: data breaches, oversharing online, phishing, DRM run amok

This week in review: data breaches, oversharing online, phishing, DRM run amok

By Don Dobson

In our weekly roundup, we want to draw your attention to news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data: problems that Dodoname can solve. Catching our attention this week were posts about data breaches, the competing forces of privacy and oversharing on social media, phishing trips, and 1984 in 2014.

Come for the frozen treats and bargain basement prices, stay for the data breach! 

The ongoing parade of data breaches continued this week with these crimes potentially impacting customers of retailers like Dairy Queen and Kmart. These types of attacks are up 30% over 2013 with reports that 43% of companies globally have been affected. Retailers are one thing but security experts are increasingly concerned when they see what should be bastions of security like banks being affected, such as was the case with JP Morgan.

How are people reconciling privacy with sharing online? Poorly.

Stories like the Edward Snowden revelations, spam scams or retailer data breaches are certainly bubbling to the top in media coverage. The fact is, issues surrounding privacy in a world where much of life is lived on-line are complex and there are many implications on a personal level. Are individuals really processing it all and behaving differently? We all do have some personal responsibility of course and Kate Murphy writing in the New York Times says privacy researchers are seeing signs of a backlash, like setting up fake identities, but still it seems; We Want Privacy, but Can’t Stop Sharing

Phishing catches are bountiful

We learned this week that even LinkedIn has become a forum for phishing type attacks and that phishing attacks from websites using one of the world’s most widely used content management platforms, WordPress, are increasingly rapidly.

Surprise: you’ve joined an Orwellian book club! 

Adobe was in the privacy spotlight this week as well, with their attempt at so-called Digital Rights Management (DRM). Independent reports; claim that Adobe’s e-book software, “Digital Editions,” logs every document readers add to their local “library,” tracks what happens with those files, and then sends those logs back to the mother-ship, over the Internet, in the clear. In other words, Adobe is not only tracking your reading habits, it’s making it really, really easy for others to do so as well. Librarian Barbara Fister challenged her profession to be more privacy aware in regard to Adobe, noting; Chances are, you’ve heard the troubling news that the new version of Adobe Digital Editions is a privacy train wreck.

Posted in: Blog, Data breach, Phishing, Privacy, This week in review

Leave a Comment (0) →
Page 1 of 2 12