Blog

Archive for This week in review

The week in review: Dodoname goes mobile, U.S. president proposes privacy protection, plus data breach updates

The week in review: Dodoname goes mobile, U.S. president proposes privacy protection, plus data breach updates

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. This week, Dodoname went mobile, Obama’s privacy proposition draws cheers and jeers, and data breaches and settlements for same continued to make news. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Protecting your online privacy: there’s an app for that

‘Round Dodoname HQ, this was a big week. After months of slaving over a hot app store, this week the free Dodoname iOS app was made available on the Apple App Store. Got an iPhone? Like privacy? Then head over to the App Store and download the on-the-go version of our platform.

From the news release:

Whether you’re shopping online, visiting a retailer’s physical store, working or browsing, the situation often arises where you are asked to provide an email address. Perhaps it’s to receive an electronic receipt, take advantage of a special promotion, or sign up for a newsletter.

But providing that email address can easily lead to a flood of annoying and unwanted email solicitations. In some instances, giving out your email address can lead to malicious spam and phishing attacks.

Dodoname puts an end to this privacy abuse.

Imagine going shopping with all your coupons and offers in one convenient app. Use Dodonames to register with your favorite stores or online merchants. The next time you go shopping the old-fashioned way, all your coupons are right there on your mobile device for merchants to scan at checkout. It’s the single best way to interact with any merchant or vendor to get the stuff you want – and only the stuff you want – without giving up your privacy and anonymity.

Early media reports peg the company as “one to watch in 2015” and we’re already getting some great user reviews on the App Store. Want to know what all the fuss is about? Download the app now!

President proposes privacy protection

Last year was a record year for data breaches globally; the U.S. government is not taking this fact lightly. This week, President Obama proposed legislation that would protect consumer privacy and demand disclosure from companies who fail to protect consumer data.

The proposed legislation has been subject to virtual reams of coverage, naturally, and there are proponents and detractors.

The pro side says:

Now, the government may step in, at least to ensure consumers are protected. President Obama on Monday proposed a new law called the Personal Data Notification and Protection Act, which would create a basic set of rules for how companies handle their customer information. It also would criminalize international trade in stolen personal identity information.

Aside from one specific rule that would require companies to notify customers within 30 days of the discovery of a data breach, there aren’t many other details available yet about Obama’s proposal. The president is expected to outline more specifics in his State of the Union speech next week.

In the mean time, tech industry executives and privacy advocates are excited at the prospect of a renewed effort to create a national standard. They say the bills that succeed are typically aimed at the government and how it handles information, rather than corporations.

Now that could change.

“This is a huge shot in the arm to a much-needed advancement for our legislative protections,” said Scott Talbott, who heads up government relations for the trade group Electronic Transactions Association. – From Cnet’s article, “Obama’s data-breach initiative has privacy advocates optimistic, cautious

The con side says:

But the reality is that even if implemented, the proposed legislation and other actions would likely do little to make American companies or individuals safer. The only real benefit is likely to be raising the overall awareness of online vulnerabilities, just as the TSA’s airport security rigmarole may not actually catch weapons or terrorists, but still makes it abundantly clear that aviation is a risky business that needs to be approached with appropriate caution. – From Network World’s article, “Unfortunately, Obama’s new cybersecurity measures won’t help much”

Only time will tell whether this gets passed into law and what impact it will have. In the meantime, savvy consumers can use tools like Dodoname to protect their privacy when interacting with merchants.

Zappos settles for data breach; AMResorts customers report unusual credit card activity

Another week, another slew of data breach news. After suffering a 2012 data breach, Zappos this week settled lawsuits about same, resulting in a modest payout and a commitment to do better in the future. Perhaps a future vision of what AMResorts may need to prepare for given news that consumers who used credit cards on that site reported unusual activity on their cards afterwards.

 

 

Posted in: Blog, Privacy, This week in review

Leave a Comment (0) →

The week in review: the FTC on IoT at CES, ringing in a new year of data breaches and phishing scams

The week in review: the FTC on IoT at CES, ringing in a new year of data breaches and phishing scams

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. This week, the annual Consumer Electronics Show in Las Vegas highlighted the growing interest in privacy as well as the privacy impacts of the Internet of Things, ringing in the new year of data breaches, and new phishing schemes for a new year. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

The FTC on IoT + CES = big privacy news

This week, technology companies big and small gathered in Las Vegas to tout their wares and reveal to consumers worldwide the next wave of consumer electronics. At the Consumer Electronics Show 2015, privacy was big news, both on the show floor and on the main stage.

The Internet of Things is a hot topic these days: from connected smoke alarms to intelligent refrigerators, futurists – and technology companies – are betting on the fact that soon most of our world will be connected to the Internet. This brave new world, however, has serious implications for consumer privacy.

The chairwoman of the U.S. Federal Trade Commission gave a keynote address at CES this week highlighting the privacy and security implications of IoT, and her speech got a lot of coverage in both tech and mainstream media.

“Connected devices that provide increased convenience and improve health services are also collecting, transmitting, storing, and often sharing vast amounts of consumer data, some of it highly personal, thereby creating a number of privacy risks,” she said.

This creates an opportunity, of course, for technology companies to help solve those challenges, as evidenced by the small but mighty group of privacy-focused technology providers exhibiting on the CES show floor.

Brace for a busy year of data breaches

2014 was a remarkable year for data breaches, with seemingly no corner of the retail and consumer worlds untouched by the hand of hackers and poor security systems and policies. Well, I’ve got some bad news for you: experts are predicting that 2015 could be even worse. From the Sony hack that arguably touched off international cyberwar at a magnitude never before seen to financial institutions and retail giants suffering legal action and penalties as an unprecedented rate, these are just the tip of the iceberg for what could be about to unfold in 2015.

As Forbes reported in its harbinger of the data breach potential for 2015: “…a recent study found that more than 40% of companies experienced a data breach of some sort in the past year – four out of ten companies that maintain your credit card numbers, social security numbers, health information, and other personal information.  That number is staggering, and shows no signs of retreat.”

Fast food restaurant Chick-Fil-A (which has had troubles of a different sort in recent years based on its political and religious affiliations) has the dubious distinction of being the first reported data breach of 2015. Congratulations?

What’s good on Netflix? Not the phish. Try Friends instead.

Online streaming service Netflix has fallen victim to one of the first reported phishing scams of 2015. Netflix subscribers are being targeted with the old account verification phishing scheme. Some subscribers are reporting receiving notification that their payment has failed and that they need to log in to provide updated payment details. Let’s resolve to try and not fall victim to these sorts of tactics in 2015, shall we?

 

Posted in: Blog, Data breach, Phishing, Privacy, This week in review

Leave a Comment (0) →

The week in review: international cyberwarfare, the cost of data breaches and the future of privacy

The week in review: international cyberwarfare, the cost of data breaches and the future of privacy

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. The Sony hack was catching everyone’s attention this week, banks and retailers are arguing about footing the data breach bill and there is some new thought provoking research on our digital lives and where we are going with privacy. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Truth is stranger than fiction

While “The Interview” is a screwball comedy based on a highly improbable scenario, even Hollywood could not have written the script we see playing out with the Sony hack. Reports indicate that the data breach of terabytes of all manner of data (including employee personal data) at Sony was, in fact, carried out by North Korea. While state-on-state cyberwar is certainly not the personal privacy milieu of Dodoname, there are some sobering implications of the Sony hack which are likely to reverberate across business, in what may come to be seen as a real turning point for how we look at cybersecurity.

North Korea’s Bureau 121 is certainly not the only hacker group out there. In previous weeks we shared posts about how criminal hacking was a major industry in some places. A Monday post by Robert Beckhusen and Matthew Gault suggested that it wasn’t cyberwar that we need to be worried about but cybercrime, since the U.S. — and the rest of the world, for that matter — aren’t ready to deal with cybercrime. As they point out, cybercrime is often stateless. Hackers operate across borders.

When we get to the point where Crimeware-as-a-Service Threatens Banks, The Economist notes in regard to cybercrime that the growth in general wickedness online is testing the police, and underground hacker markets are peddling complete kits for hackers monetizing every piece of data they can steal or buy and are adding services, it starts to feel like, whether we like it or not, 2015 will be a watershed year for cybersecurity. With polls reporting that almost half of Americans say their card details have been stolen in a data breach, it is also no surprise to see observers suggesting that protecting consumers’ data should be at top of new Congress’ agenda.

Who pays the bill?

As the cost of data breaches starts to explode, there is mounting tension between retailers and card issuers. Banking and Credit Union association officials Jim Nussle and Camden R. Fine note the instant criminal hackers gain access to consumer financial data, they sell the information to the highest bidders. Protecting the consumer then becomes the duty of financial institutions—leaving banks and credit unions on the hook for fronting the bill. Their industry feels it’s time for retailers to join efforts to put a stop to data breaches and protect the consumer. Current U.S. laws on data protection for retailers are not as strict as financial institutions and as a result there is little incentive to address their security flaws, because financial institutions are responsible for cleaning up their mess. We expect that retailers will face increased liability as laws are almost certain to change, highlighting the potential value to retailers of participating in a privacy marketing platform like Dodoname.

The future of privacy

The Pew Research Center Internet & American Life Project aims to be an authoritative source on the evolution of the Internet through surveys that examine how Americans use the Internet and how their activities affect their lives. They canvassed thousands (2,511) of experts and Internet builders to share their predictions on the future of privacy and released the results of those efforts this week.

In theintro to the report, Pew notes “The terms of citizenship and social life are rapidly changing in the digital age. No issue highlights this any better than privacy, always a fluid and context-situated concept and more so now as the boundary between being private and being public is shifting.

We recommend the entire report as a fascinating read. It reveals that, while we all can see benefits in our ever increasing digital lifestyle, privacy does mean something. However, it’s moving so fast that all parties are struggling to decide what it does mean and where it is going. Lots of food for thought for sure, but you won’t find a simple consensus. A taste of what we mean follows and do check out the full report.

We are at a crossroads,” noted Vytautas Butrimas, the chief adviser to a major government’s ministry. He added a quip from a colleague who has watched the rise of surveillance in all forms, who proclaimed, “George Orwell may have been an optimist,” in imagining “Big Brother.”

An executive at an Internet top-level domain name operator who preferred to remain anonymous replied, “Big data equals big business. Those special interests will continue to block any effective public policy work to ensure security, liberty, and privacy online.”

John Wilbanks, chief commons officer for Sage Bionetworks, wrote, “We have never had ubiquitous surveillance before, much less a form of ubiquitous surveillance that emerges primarily from voluntary (if market-obscured) choices. Predicting how it shakes out is just fantasy.”

An information science professional responded, “Individuals are willing to give up privacy for the reasons of ease, fastness, and convenience… If anything, consumer tracking will increase, and almost all data entered online will be considered ‘fair game’ for purposes of analytics and producing ‘user-driven’ ads. Privacy is an archaic term when used in reference to depositing information online.

Joe Kochan, chief operating officer for US Ignite, a company developing gigabit-ready digital experiences and applications, observed, “I do not believe that there is a ‘right balance’ between privacy, security, and compelling content. This will need to be a constantly negotiated balance—one that will swing too far in one direction or another with each iteration… Public norms will continue to trend toward the desire for more privacy, while people’s actions will tend toward giving up more and more control over their data.”

Posted in: Data breach, Privacy, Spam, This week in review

Leave a Comment (0) →

The week in review: privacy law world showcase, Sony’s bad week, and a phishing pop quiz

The week in review: privacy law world showcase, Sony’s bad week, and a phishing pop quiz

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about Internet privacy laws (or lack thereof) around the world, Sony’s extensive data breach, and a phishing pop quiz. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Whose Internet privacy laws are the fairest in all the land?

Do you want the bad news first? Or the good news first?

The bad news is that of the countries surveyed by the World Wide Web Foundation on the topic of Internet privacy law, 84% got a failing grade.

The good news? … well… er… Christmas is coming?

According to a Sputnik News article: “The United Kingdom, the United States, Australia, Canada and France all scored three out of a possible 10 in providing legal safeguards to ensure that surveillance did not interfere with rights to privacy.”

With a lack of legislation in place to protect consumers, it’s essential that they seek out and use tools and platforms that help them to protect their own online privacy, to control their own online personas and communications with merchants. Platforms like Dodoname can help!

All the makings of a Hollywood blockbuster

Those that follow the infosecurity and Hollywood beats have been glued to their screens since the announcement of a huge data breach at Sony Pictures that shares similar plot points with many a blockbuster thriller. From Forbes: “hackers not only erased data from its systems, but also stole, and released to the public, pre-release movies, people’s private information, and sensitive documents.” Extortion attempts, ignored warnings, cryptic messages to execs from the culprits and other go-to plot points became all too real, and splashed all over the Internet this week. Even more damning is that it appears the problems were discovered long ago – with a hack recorded in February and the studio deciding to keep it quiet. <insert joke about hindsight being 20/20 here>

The repercussions of this week’s revelations are widespread and ugly, from racist jokes made by studio executives at the president of the United States expense, to the A list slinging mud and bad mouthing other A list talent. The financial implications – and reputational damage – to Sony will no doubt be long lasting and the media is sure to broadcast every last juicy detail. It is a sobering lesson for organizations that are treating cybersecurity as an afterthought.

Phishing pop quiz

It’s Friday. You’ve had a long week. You’re looking for an online activity that will get you that much closer to the weekend. This phishing email quiz is just the ticket. Can you spot the difference between a legit email and a phishing scam?

How did you rate on the quiz? Tell us in the comments. And if you didn’t do so well, don’t despair: the IT security experts that first took the quiz didn’t do much better, as a mere 6% got all questions right. And, as the article at the link mentions, “this is their job.”

Posted in: Phishing, Privacy, This week in review

Leave a Comment (0) →

This week in review: Cyber Monday sales and scams, the European Plan and the science behind tracking

This week in review: Cyber Monday sales and scams, the European Plan and the science behind tracking

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts on Cyber Monday, ongoing privacy debates, including in Europe and the science behind who is tracking you. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Cyber Monday – sales and scams

Although figures vary quite widely depending on the source, a considerable fury of online sales was unleashed this week on Cyber Monday. ComScore reported U.S. sales of over $2 billion, a 17 percent increase over last year’s Cyber Monday, making this the “heaviest U.S. online spending day in history.” Predictably, this rush of e-commerce also captured the full attention of online bad actors. Researchers had already observed a “sharp increase” in phishing and spam activities against online shoppers and expect more to come into the holiday season. In a Politico article called “Hack Friday: Black Friday cybercrime is unstoppable,” Jay Healey, a former White House and financial sector official notes “Hunters are more likely to be out when there’s more prey to be hunted.” Bolstering that idea, reports on a study from security firm Imperva shows nearly half of all web application cyber-attacks target retailers. “This is largely due to the data that retail websites store – customer names, addresses, credit card details – which cyber criminals can use and sell in the cybercrime underworld,” said Amichai Shulman, chief technology officer at Imperva.

While email is still the prime vector for phishing, we were also reminded that social media is not immune to these threats riding the wave of a major online event such as Cyber Monday. Fake social media messages on platforms like Facebook attempted to hook unsuspecting shoppers looking for deals and discounts.

Privacy debates

Of course, we continue to monitor news and debates around how companies use your data to track your online activities for various advertising and marketing purposes. Indeed, providing a way to have both privacy and personalization is the raison d’être behind Dodoname. It’s fascinating to see the general public slowly becoming aware of the extent to which we are tracked. Jascha Kaykas-Wolff, the Chief Marketing Officer of BitTorrent, notes recent Pew research, saying it “overwhelmingly showed the burgeoning distrust users have harbored in putting their private information online.” His article, Why privacy is like the frog in the pot of boiling water, is descriptive of what has happened to all of us. Like the proverbial frog in the pot of water that is slowly increasing in temperature, we’ve paid little notice to the tracking and erosion of privacy. With the Pew study showing that ninety percent of adults agree that we’ve lost control of our personal data, the temperature is going to start to rise for business as well.

One way the market is responding to consumer concerns is through offers like Dodoname where privacy, rather than tracking, is central to the value proposition. Another prominent example is DuckDuckGo, a search engine that puts privacy first, rather than collecting data. Gabriel Weinberg founder of the company, speaking about privacy-based products in a Guardian Article notes “I don’t think it’s a fad. One of the big things people have noticed in the last year is the ads that follow them around the Internet and that’s perhaps the most visible notion of this new tracking mindset that most companies are adopting. Those trends are not disappearing. More tracking on the Internet, more surveillance, so I think as people find out about it they’re going to be wanting to opt out in some percentage.”

The European Plan

The European Union is ahead of North America in many regards concerning privacy, including evolving regulations concerning cookie use. We’ve previously reported on so-called super cookies and device fingerprinting used to track consumers across devices, including smartphones. A Guardian article this week Europe’s next privacy war is with websites silently tracking users, notes regulators have made it clear that companies cannot bypass cookies consent by using covert methods to track users through their devices. In the article, Jim Killock, executive director of the Open Rights Group says “Building profiles to deliver personalised content and adverts clearly falls under e-privacy and data protection law.” This regulator opinion on device fingerprinting techniques seems to pave the way for developing new legislation to govern their use and protect user privacy.

The science behind tracking you

The science behind tracking and the answer as to why techniques that track users across devices are being pursued by companies on both side of the Atlantic can be found in a MIT Technology Review article we shared this week: New Technology for Tracking Consumers Across Devices Grows Results.

Companies like Adometry are using probabilistic identification methods, to link smartphones to desktops accurately enough to justify ad placements. Drawbridge, of San Mateo, California, says it can “take anonymous signals from the device and do a kind of statistical space-time triangulation.” By performing the analysis over time, Drawbridge identifies clusters of devices and then figures out which are paired, providing confidence that they have the same user. The results provide marketers with data that is accurate enough for retargeting and attribution.

Still, we are just at the beginning of what marketers would like tracking to accomplish. As various vendors build their own technology and tech companies like Apple or Google seek dominance of their own proprietary methods, Adometry CEO, Casey Carey offers the opinion that Marketers need a new system to track customers across platforms.

Posted in: Blog, Data breach, Fraud, Phishing, Privacy, This week in review

Leave a Comment (0) →

This week in review: U.N. pushes for digital privacy rights, Black Friday and Cyber Monday scams, Target data breach one year later

This week in review: U.N. pushes for digital privacy rights, Black Friday and Cyber Monday scams, Target data breach one year later

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about the United Nations recommending digital privacy rights, Black Friday and Cyber Monday scams, and lessons learned from the Target data breach last year. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

United Nations pushes for digital privacy rights

The digital rights cause had a bright light shone on it this week when the United Nations adopted a resolution to protect citizens’ digital privacy.

The resolution recommends that “all countries to protect the right to privacy in digital communications and to offer their citizens a way to seek “remedy” if their privacy is violated.” Germany and Brazil led the charge, with notable holdouts Canada, the United States, New Zealand, Britain and Australia notably absent from the resolution’s 65 co-sponsors.

The German co-sponsor name checked Big Brother’s inventor in his appeal to the U.N.

“Without the necessary checks,” said the German ambassador, Harald Braun, “we risk turning into Orwellian states, where every step of every citizen is being monitored and recorded in order to prevent any conceivable crime.”

Deals! And Scams! Black Friday and Cyber Monday are finally here!

The Monday after Thanksgiving is the most important online shopping day in the United States. Dubbed Cyber Monday, the first business day following Thanksgiving, Dec 2, 2014, is expected to exceed the record of $1.74 billion spend on Cyber Monday 2013 – the biggest online spending day of all time. Prime conditions as online scammers target holiday shoppers. Watch out for scams as you’re filling your online carts.

Lessons from the Target data breach

This week, Target’s CEO hit the PR trail, appearing on network television to address the retailer’s Black Friday plans but also discuss the huge data breach that Target suffered in 2013. Chalking it up to an “industry problem” he stressed that the company is doing everything it can to protect customers’ privacy. Cold comfort for those who had their credit card information stolen, and the banks that suffered tremendous losses in the breach. Thos banks filed lawsuits against Target looking for reparations, but Target claimed in court this week that they had no legal obligation to the banks that claimed tens of millions of dollars in losses.

On that data breach, whodunit? This article posits that foreign gangs are the culprit in a data breach that compromised the data of more than 40 million consumers.

Posted in: Blog, This week in review

Leave a Comment (0) →

This week in review: Forgetful Firefox, Uber’s God View, Detekt and phish food

This week in review: Forgetful Firefox, Uber’s God View, Detekt and phish food

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about browsing cleanup at the push of a button, the all-seeing Uber, Detektion in the name of online privacy, and of course, phishing schemes. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Forgetful Firefox

One of the more popular web browsers is Mozilla’s Firefox, which just celebrated 10 years in existence. To help mark the occasion, some upgrades to the Firefox browser were made, including the addition of a Forget button. According to TheNextWeb, “Using it allows you to clear between 5 minutes and 24 hours of browser data – history, cookies, log-ins, saved passwords etc. – but it leaves the rest of your stored data and auto-complete history in place. It also closes any browser windows you have open and presents you with a fresh, blank one.”

God View puts Uber in privacy purgatory with consumers

Uber, to those unfamiliar with the service, is a mobile app the facilitates ride sharing. This service has seen tremendous global growth since its launch in 2009. Funded by the likes of actor-slash-investor Ashton Kutcher, those seeking rides are connected with Uber drivers who act much like a taxi service. The company got themselves in some hot water this week when it was discovered that an Uber executive is being investigated for tracking the travel records of a journalist by using the platform’s God View. Forbes also discovered recently that Uber employees had tracked the whereabouts of VIPs using the service without their consent or knowledge. A #deleteuber hastag was born, and Ashton Kutcher himself wandered into the fray with his own comments, which subsequently landed him in some hot water of his own.

Scanning for spyware

Journalists and activists are two groups to whom privacy is of the utmost importance: their lives may depend on it. An open-source tool called Detekt has been released to provide those concerned about targeted surveillance with the means to identify spyware that has been placed without their knowledge on their Windows-based PCs.

Phish food

This week’s phishing news includes fake crowdfunding for Ebola, and targeting people who have sent out their Christmas gifts early.

Indiegogo shut down a scam that started with 700,000 spam emails sent out to unsuspecting consumers, asking them to donate to a phony crowdfunding campaign in the guise of an fundraiser to help fight Ebola.

As we get closer to the holidays, many people will have shipped off presents to loved ones that might live across the state, country or planet. Phishing scams disguised as emails have been sent to gift givers who used the mail or couriers to send out presents. That email in your inbox from the USPS, FedEx or UPS? Probably a scam.

Posted in: Blog, This week in review

Leave a Comment (0) →

This week in review: Cybersecurity as child’s play, travel advisory, and fresh phish

This week in review: Cybersecurity as child’s play, travel advisory, and fresh phish

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about cybersecurity being child’s play, travellers targeted by cybercriminals, and plenty of fresh phishing news. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Reading, writing and cybersecurity

The hot ticket these days isn’t to InfoSec Taylor Swift, it’s to see eight-year old cybersecurity expert and startup CEO Reuben Paul. This pint-sized infosec phenom is in high demand, speaking at numerous infosec conferences, sharing his message that cybersecurity is an important skill set to be teaching younger generations. To learn more about his perspective – and his busy speaking schedule – read this Q&A.

Travelers get more than free continental breakfast

Several stories in the news this week may prompt you to opt for a staycation rather than travel next time you’re contemplating leaving home. From booking your trip to logging on when you’re at the hotel, cybercriminals are one step ahead.

Booking.com, a highly trafficked online travel booking site, admitted that more than 10,000 of its users had been targeted in an email phishing scam. That booking confirmation email you received, seemingly from Booking.com or the hotel itself, and its request for a deposit to hold the reservation? It’s a scam. The site’s PR team went into defence mode, stating that “this was no data breach and that phishing is an industry-wide phenomenon,” while an infosec blogger posited another, more frightening possibility: “Maybe nobody knows how this happened.”

Meanwhile, business travelers in Asia have been targeted in another type of cybersecurity attack. And I mean targeted. Security advisors suspect that the attacks were targeting specific travellers and may have even had those targets’ itineraries. That’s how it started, but the attacks appear to have broadened and vulnerabilities may have impacted anyone connecting to hotel wifi. As is so often the case, phishing appears to have been a primary vector for delivery of these attacks.

It pays to be hypervigilant when booking and using wifi at hotels; give them your Dodoname instead of your email address!

Fresh phish

This week’s phishing news includes a bleak Outlook, a Google report shining a light on just how effective these scams are, and the full extent of the Home Depot breach that brought Christmas early for potential phishing scammers.

Bad news: Your Microsoft Outlook has been infected with a Trojan virus! At least that’s what the phishing scam in inboxes this week declared. Just click on the link in the very legitimate-looking email from Windows Microsoft to run the Norton antivirus software and eliminate the c93 virus from your mailbox; failing to do so will result in the deactivation of your mailbox. What is actually happening is that by following the steps in the email, you’re handing your Outlook credentials to cybercriminals. And recipients are clicking on these nefarious links much more frequently than you’d think, according to a recent report by Google.

Phishing scams are wildly successful, which is why they continue to plague our inboxes. Google has conducted some fascinating and terrifying research into what they’ve dubbed “manual hijacking,” a primary vector for which is phishing. The results are staggering – phishing emails were effective between three and 45 percent of the time. Of those who clicked on phishing links, 14 percent entered personal data like login credentials or credit card information. These stats are very alarming when you consider the number of personal records taken in some of the recent data breaches.

Listen closely. Do you hear it? That faint sound you hear is that of countless hackers thanking their lucky stars for the phishing bounty they’ve received from the likes of Home Depot. Home Depot has been on the PR campaign trail, trying to clean up the mess of the much-publicized data breaches that company has experienced. One consumer and journalist who had her details exposed in the breach shared the contents of an email that Home Depot sent out to those affected. In that email, the director of corporate communications for the company threw its loyalty program partners under the bus as the weak link in the data security chain, and let recipients know that theirs were just one of 53 million – more than the entire population of Canada! – email addresses compromised, followed by some tips and tricks for avoiding phishing scams.

An ounce of prevention is worth a pound of cure, as they say. Should have used Dodoname!

Posted in: Blog, Phishing, Privacy, This week in review

Leave a Comment (0) →

This week in review: a freight train of outrage, Google on cybercrime, bad telecoms and more

This week in review: a freight train of outrage, Google on cybercrime, bad telecoms and more

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about how fast the world of advertising is changing and how little most people know about the privacy implications of tracking, more telecom snooping, Google speaks, and a few top links on phishing and malware attacks. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Awareness lags reality in ad targeting

In digital advertising, the Holy Grail touted for driving ad performance is relevancy. That is, making sure the ads you see are relevant to you. Of course, in order to do that, advertisers need to know lots of things about you. An excellent article in The Economist notes that spending is moving rapidly from traditional media to digital formats (advertising that knows who you are) and reported on an Adobe poll that showed “most marketers say they have seen more change in the past two years than in the previous 50.” In discussing the privacy implications of it all, they quote the head of one British advertising firm who put it: “Once people realise what’s happening, I can’t imagine there won’t be pushback.” Forbes Magazine also agrees that awareness of what is happening is not what it should be when it offered up Nine Things You Don’t Know About The Gathering Of Your Personal Data. The potential for a coming freight train of outrage is being anticipated by the advertising industry. Exactly because the technology and resulting capabilities are so powerful, they want to make sure they continue to have the ability to track you and in fact, we see AdAge reporting: Agencies Load Up on Privacy Specialists, Hoping to Keep Consumers From ‘Opting Out’

Google speaks on cybercrime – why wouldn’t we listen?

I’m told Google have the data. That’s why it is always worth listening to what they are saying; in this case, it’s a Google Security Blog entry about cybercrime. It’s Google oriented, but it confirms many of the things we have been saying about phishing leading to identity theft, how easy it is to fall prey and how quickly it can happen. All conventional emails have these security issues Google deals with but what is interesting about this post is how it paints a picture of a criminal workforce of what they call “manual hijackers” who intensively work over their victim and always use phishing emails.

Telecoms: a snooper’s best friends

We shared information with you last week about so called “super-cookies” being inserted into your web traffic by telecom providers, in particular Verizon. This is important because they introduce the notion of physical tracking to web habit tracking. Further details have emerged including the fact that it’s not only Verizon but also AT&T. It didn’t take long for news of at least one user of the technology to become known. Twitter’s mobile advertising arm, MoPub, self-described as “world’s largest mobile ad exchange,” is all over it. Privacy advocates are freaking out.

While data is good for advertisers, this type of news can’t be a good situation when you consider that even before this revelation, reports indicate that consumers are already concerned that using their mobile phone for coupon and loyalty schemes puts them at risk of identity theft. When customers aren’t happy, retailers always also have a concern.

Filthy phishers flourish

Criminals continue to innovate in their phishing attempts like a new hybrid approach seen this week in Japan. Called Huyao, which means “monstrous fox” in Chinese, experts are concerned this technique of combining legitimate sites with a fake checkout procedure is set to spread.

Meanwhile, investors and students were warned about phishing attacks targeting them, web host GoDaddy was being spoofed, we saw how just having your email leaked by companies you deal with can lead to a very effective phishing attack and a growing trend involving fake wire transfer request e-mails that can clean out your bank account.

Posted in: Blog, This week in review

Leave a Comment (0) →

This week in review: this machine eats privacy, malware, ApplePay retailers pay the piper, and more

This week in review: this machine eats privacy, malware, ApplePay retailers pay the piper, and more

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about technology advances that further erode your privacy, new payment system hacking, the continuing cyber-security battle for retailers and as always, lots of phishing and other email scams. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

The privacy killing machine

We had seen previously Facebook’s move into direct competition with Google with its advertising exchange Atlas. The platform leverages your unique Facebook identifier tracking you across the web and multiple devices. ISP Verizon is also using what they call a “Unique Identifier Header.” Some critics are saying “…it’s also a reckless misuse of Verizon’s power as an internet service provider—something that could be used as a trump card to obviate established privacy tools such as private browsing sessions or “do not track” features.”

The ol’ Backoff sneak attack

We’ve previously noted many retail data breaches that compromise consumer data including personal and financial information. Retailers can be infected with at least one piece of malware and be unaware for long periods of time. Unfortunately, it appears to be getting worse as we discover in a report that says the ‘Backoff’ malware used in retail data breaches is spreading. Apparently some  recent breaches, like that at Home Depot, are resulting in credit card charges coming out of Brazil.

Hackers give CurrentC no quarter

Apple’s new payment system, ApplePay, was announced with much fanfare a couple of weeks ago. However, some retailers abruptly stopped using the system this past week. Apparently they forgot agreements they had in place to support an alternate system that precluded them for using ApplePay. The payment system, called CurrentC includes partners CVS and Rite Aid among others. It vacuums up (and promises to share) lots of personal data and has been signing up customers. However, it actually hasn’t been released for use yet and already it has been hacked and criminals managed to grab the email addresses of anyone who signed up for the program.

Phishing for Apple

The Apple ecosystem has traditionally been noted as being less subject to security concerns than its competition but that has been changing. News was revealed this week via the CYREN Internet Threats Trend Report that phishing scams targeting Apple rose 246%.

Other phishing activity noted this week involve Pizza Hut, a Michigan hospital, rocker Brett Michaels, doctors, architects, engineers and other white-collar professionals, and even Revenue Canada.

Malware hackers do seem to be more prevalent than ever so it comes as no real surprise to see a new Microsoft survey where 42% report weekly and even daily attempts to gain access to their PC or a @FindLawConsumer survey that shows 29% of U.S. adults say they’ve had their identity stolen and that 10% report being hit twice. Whether it’s a legitimate-looking invoice email hiding a data-stealing Trojan malware attack, banking malware that specifically targets sensitive user account credentials, or horse owners, unfortunately Pew Research sees a likelihood of major attacks in coming years.

Posted in: Blog, Data breach, Phishing, Privacy, This week in review

Leave a Comment (0) →
Page 1 of 2 12