Blog

Posts Tagged cyber security

The Right to Know When I Am Not Left Alone – Is Not Enough.

The Right to Know When I Am Not Left Alone – Is Not Enough.

Our online privacy is continuously compromised with the scanning, skimming and scraping of our emails and our browsing behavior.

A recent study concluded that 92% of the population believes “that collecting the content of emails is unacceptable”. How many consumers understand that virtually every email is scanned, skimmed and scraped for information and their privacy is breached every day? A recent article in The Economist describes how people do not protect their right to privacy and anonymity.

Google scans the content of all emails on its servers as well as all emails sent or received by a gmail account. Google considers that users have no ‘reasonable expectation’ of privacy. This stance flies in the face of the predominant and consistent research about consumers’ ‘privacy expectations’.

Rami Essaid recently wrote in TechCrunch that, “The truth is, people will never achieve true privacy and anonymity online.” He concludes that tracking is here to stay and that it is getting more pervasive and sophisticated. His main thesis is that our discussion should not be about absolute the right to privacy or anonymity but about transparency.

If Essaid is correct, the horse has left the barn in terms of protecting our privacy and anonymity. Instead, he proposes focusing on making it visible and transparent about how our online privacy will be accessed or ripped off.  It is OK to to invade our privacy as long as it is transparent! Should consumers simply give up that they have any expectation for online privacy? This is almost Orwellian in concept – a dark road that we must not travel as this means that others have the right to observe us without our consent!

The Right to Privacy

In 1890, Warren and Brandeis wrote The Right to Privacy and their key argument was the “right to be let alone”. Here we are 100 years later. Do we really want to change the right to be left alone to the “the right to know when I am not left alone?” Transparency is an important need but we must not give up the fight for the right to privacy.

Posted in: Anonymity, Data breach, Email, Fraud, Identity, Phishing, Privacy, Uncategorized

Leave a Comment (0) →

The week in review: Dodoname goes mobile, U.S. president proposes privacy protection, plus data breach updates

The week in review: Dodoname goes mobile, U.S. president proposes privacy protection, plus data breach updates

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. This week, Dodoname went mobile, Obama’s privacy proposition draws cheers and jeers, and data breaches and settlements for same continued to make news. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Protecting your online privacy: there’s an app for that

‘Round Dodoname HQ, this was a big week. After months of slaving over a hot app store, this week the free Dodoname iOS app was made available on the Apple App Store. Got an iPhone? Like privacy? Then head over to the App Store and download the on-the-go version of our platform.

From the news release:

Whether you’re shopping online, visiting a retailer’s physical store, working or browsing, the situation often arises where you are asked to provide an email address. Perhaps it’s to receive an electronic receipt, take advantage of a special promotion, or sign up for a newsletter.

But providing that email address can easily lead to a flood of annoying and unwanted email solicitations. In some instances, giving out your email address can lead to malicious spam and phishing attacks.

Dodoname puts an end to this privacy abuse.

Imagine going shopping with all your coupons and offers in one convenient app. Use Dodonames to register with your favorite stores or online merchants. The next time you go shopping the old-fashioned way, all your coupons are right there on your mobile device for merchants to scan at checkout. It’s the single best way to interact with any merchant or vendor to get the stuff you want – and only the stuff you want – without giving up your privacy and anonymity.

Early media reports peg the company as “one to watch in 2015” and we’re already getting some great user reviews on the App Store. Want to know what all the fuss is about? Download the app now!

President proposes privacy protection

Last year was a record year for data breaches globally; the U.S. government is not taking this fact lightly. This week, President Obama proposed legislation that would protect consumer privacy and demand disclosure from companies who fail to protect consumer data.

The proposed legislation has been subject to virtual reams of coverage, naturally, and there are proponents and detractors.

The pro side says:

Now, the government may step in, at least to ensure consumers are protected. President Obama on Monday proposed a new law called the Personal Data Notification and Protection Act, which would create a basic set of rules for how companies handle their customer information. It also would criminalize international trade in stolen personal identity information.

Aside from one specific rule that would require companies to notify customers within 30 days of the discovery of a data breach, there aren’t many other details available yet about Obama’s proposal. The president is expected to outline more specifics in his State of the Union speech next week.

In the mean time, tech industry executives and privacy advocates are excited at the prospect of a renewed effort to create a national standard. They say the bills that succeed are typically aimed at the government and how it handles information, rather than corporations.

Now that could change.

“This is a huge shot in the arm to a much-needed advancement for our legislative protections,” said Scott Talbott, who heads up government relations for the trade group Electronic Transactions Association. – From Cnet’s article, “Obama’s data-breach initiative has privacy advocates optimistic, cautious

The con side says:

But the reality is that even if implemented, the proposed legislation and other actions would likely do little to make American companies or individuals safer. The only real benefit is likely to be raising the overall awareness of online vulnerabilities, just as the TSA’s airport security rigmarole may not actually catch weapons or terrorists, but still makes it abundantly clear that aviation is a risky business that needs to be approached with appropriate caution. – From Network World’s article, “Unfortunately, Obama’s new cybersecurity measures won’t help much”

Only time will tell whether this gets passed into law and what impact it will have. In the meantime, savvy consumers can use tools like Dodoname to protect their privacy when interacting with merchants.

Zappos settles for data breach; AMResorts customers report unusual credit card activity

Another week, another slew of data breach news. After suffering a 2012 data breach, Zappos this week settled lawsuits about same, resulting in a modest payout and a commitment to do better in the future. Perhaps a future vision of what AMResorts may need to prepare for given news that consumers who used credit cards on that site reported unusual activity on their cards afterwards.

 

 

Posted in: Blog, Privacy, This week in review

Leave a Comment (0) →

The week in review: international cyberwarfare, the cost of data breaches and the future of privacy

The week in review: international cyberwarfare, the cost of data breaches and the future of privacy

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. The Sony hack was catching everyone’s attention this week, banks and retailers are arguing about footing the data breach bill and there is some new thought provoking research on our digital lives and where we are going with privacy. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Truth is stranger than fiction

While “The Interview” is a screwball comedy based on a highly improbable scenario, even Hollywood could not have written the script we see playing out with the Sony hack. Reports indicate that the data breach of terabytes of all manner of data (including employee personal data) at Sony was, in fact, carried out by North Korea. While state-on-state cyberwar is certainly not the personal privacy milieu of Dodoname, there are some sobering implications of the Sony hack which are likely to reverberate across business, in what may come to be seen as a real turning point for how we look at cybersecurity.

North Korea’s Bureau 121 is certainly not the only hacker group out there. In previous weeks we shared posts about how criminal hacking was a major industry in some places. A Monday post by Robert Beckhusen and Matthew Gault suggested that it wasn’t cyberwar that we need to be worried about but cybercrime, since the U.S. — and the rest of the world, for that matter — aren’t ready to deal with cybercrime. As they point out, cybercrime is often stateless. Hackers operate across borders.

When we get to the point where Crimeware-as-a-Service Threatens Banks, The Economist notes in regard to cybercrime that the growth in general wickedness online is testing the police, and underground hacker markets are peddling complete kits for hackers monetizing every piece of data they can steal or buy and are adding services, it starts to feel like, whether we like it or not, 2015 will be a watershed year for cybersecurity. With polls reporting that almost half of Americans say their card details have been stolen in a data breach, it is also no surprise to see observers suggesting that protecting consumers’ data should be at top of new Congress’ agenda.

Who pays the bill?

As the cost of data breaches starts to explode, there is mounting tension between retailers and card issuers. Banking and Credit Union association officials Jim Nussle and Camden R. Fine note the instant criminal hackers gain access to consumer financial data, they sell the information to the highest bidders. Protecting the consumer then becomes the duty of financial institutions—leaving banks and credit unions on the hook for fronting the bill. Their industry feels it’s time for retailers to join efforts to put a stop to data breaches and protect the consumer. Current U.S. laws on data protection for retailers are not as strict as financial institutions and as a result there is little incentive to address their security flaws, because financial institutions are responsible for cleaning up their mess. We expect that retailers will face increased liability as laws are almost certain to change, highlighting the potential value to retailers of participating in a privacy marketing platform like Dodoname.

The future of privacy

The Pew Research Center Internet & American Life Project aims to be an authoritative source on the evolution of the Internet through surveys that examine how Americans use the Internet and how their activities affect their lives. They canvassed thousands (2,511) of experts and Internet builders to share their predictions on the future of privacy and released the results of those efforts this week.

In theintro to the report, Pew notes “The terms of citizenship and social life are rapidly changing in the digital age. No issue highlights this any better than privacy, always a fluid and context-situated concept and more so now as the boundary between being private and being public is shifting.

We recommend the entire report as a fascinating read. It reveals that, while we all can see benefits in our ever increasing digital lifestyle, privacy does mean something. However, it’s moving so fast that all parties are struggling to decide what it does mean and where it is going. Lots of food for thought for sure, but you won’t find a simple consensus. A taste of what we mean follows and do check out the full report.

We are at a crossroads,” noted Vytautas Butrimas, the chief adviser to a major government’s ministry. He added a quip from a colleague who has watched the rise of surveillance in all forms, who proclaimed, “George Orwell may have been an optimist,” in imagining “Big Brother.”

An executive at an Internet top-level domain name operator who preferred to remain anonymous replied, “Big data equals big business. Those special interests will continue to block any effective public policy work to ensure security, liberty, and privacy online.”

John Wilbanks, chief commons officer for Sage Bionetworks, wrote, “We have never had ubiquitous surveillance before, much less a form of ubiquitous surveillance that emerges primarily from voluntary (if market-obscured) choices. Predicting how it shakes out is just fantasy.”

An information science professional responded, “Individuals are willing to give up privacy for the reasons of ease, fastness, and convenience… If anything, consumer tracking will increase, and almost all data entered online will be considered ‘fair game’ for purposes of analytics and producing ‘user-driven’ ads. Privacy is an archaic term when used in reference to depositing information online.

Joe Kochan, chief operating officer for US Ignite, a company developing gigabit-ready digital experiences and applications, observed, “I do not believe that there is a ‘right balance’ between privacy, security, and compelling content. This will need to be a constantly negotiated balance—one that will swing too far in one direction or another with each iteration… Public norms will continue to trend toward the desire for more privacy, while people’s actions will tend toward giving up more and more control over their data.”

Posted in: Data breach, Privacy, Spam, This week in review

Leave a Comment (0) →

The week in review: privacy law world showcase, Sony’s bad week, and a phishing pop quiz

The week in review: privacy law world showcase, Sony’s bad week, and a phishing pop quiz

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about Internet privacy laws (or lack thereof) around the world, Sony’s extensive data breach, and a phishing pop quiz. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Whose Internet privacy laws are the fairest in all the land?

Do you want the bad news first? Or the good news first?

The bad news is that of the countries surveyed by the World Wide Web Foundation on the topic of Internet privacy law, 84% got a failing grade.

The good news? … well… er… Christmas is coming?

According to a Sputnik News article: “The United Kingdom, the United States, Australia, Canada and France all scored three out of a possible 10 in providing legal safeguards to ensure that surveillance did not interfere with rights to privacy.”

With a lack of legislation in place to protect consumers, it’s essential that they seek out and use tools and platforms that help them to protect their own online privacy, to control their own online personas and communications with merchants. Platforms like Dodoname can help!

All the makings of a Hollywood blockbuster

Those that follow the infosecurity and Hollywood beats have been glued to their screens since the announcement of a huge data breach at Sony Pictures that shares similar plot points with many a blockbuster thriller. From Forbes: “hackers not only erased data from its systems, but also stole, and released to the public, pre-release movies, people’s private information, and sensitive documents.” Extortion attempts, ignored warnings, cryptic messages to execs from the culprits and other go-to plot points became all too real, and splashed all over the Internet this week. Even more damning is that it appears the problems were discovered long ago – with a hack recorded in February and the studio deciding to keep it quiet. <insert joke about hindsight being 20/20 here>

The repercussions of this week’s revelations are widespread and ugly, from racist jokes made by studio executives at the president of the United States expense, to the A list slinging mud and bad mouthing other A list talent. The financial implications – and reputational damage – to Sony will no doubt be long lasting and the media is sure to broadcast every last juicy detail. It is a sobering lesson for organizations that are treating cybersecurity as an afterthought.

Phishing pop quiz

It’s Friday. You’ve had a long week. You’re looking for an online activity that will get you that much closer to the weekend. This phishing email quiz is just the ticket. Can you spot the difference between a legit email and a phishing scam?

How did you rate on the quiz? Tell us in the comments. And if you didn’t do so well, don’t despair: the IT security experts that first took the quiz didn’t do much better, as a mere 6% got all questions right. And, as the article at the link mentions, “this is their job.”

Posted in: Phishing, Privacy, This week in review

Leave a Comment (0) →

This week in review: U.N. pushes for digital privacy rights, Black Friday and Cyber Monday scams, Target data breach one year later

This week in review: U.N. pushes for digital privacy rights, Black Friday and Cyber Monday scams, Target data breach one year later

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about the United Nations recommending digital privacy rights, Black Friday and Cyber Monday scams, and lessons learned from the Target data breach last year. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

United Nations pushes for digital privacy rights

The digital rights cause had a bright light shone on it this week when the United Nations adopted a resolution to protect citizens’ digital privacy.

The resolution recommends that “all countries to protect the right to privacy in digital communications and to offer their citizens a way to seek “remedy” if their privacy is violated.” Germany and Brazil led the charge, with notable holdouts Canada, the United States, New Zealand, Britain and Australia notably absent from the resolution’s 65 co-sponsors.

The German co-sponsor name checked Big Brother’s inventor in his appeal to the U.N.

“Without the necessary checks,” said the German ambassador, Harald Braun, “we risk turning into Orwellian states, where every step of every citizen is being monitored and recorded in order to prevent any conceivable crime.”

Deals! And Scams! Black Friday and Cyber Monday are finally here!

The Monday after Thanksgiving is the most important online shopping day in the United States. Dubbed Cyber Monday, the first business day following Thanksgiving, Dec 2, 2014, is expected to exceed the record of $1.74 billion spend on Cyber Monday 2013 – the biggest online spending day of all time. Prime conditions as online scammers target holiday shoppers. Watch out for scams as you’re filling your online carts.

Lessons from the Target data breach

This week, Target’s CEO hit the PR trail, appearing on network television to address the retailer’s Black Friday plans but also discuss the huge data breach that Target suffered in 2013. Chalking it up to an “industry problem” he stressed that the company is doing everything it can to protect customers’ privacy. Cold comfort for those who had their credit card information stolen, and the banks that suffered tremendous losses in the breach. Thos banks filed lawsuits against Target looking for reparations, but Target claimed in court this week that they had no legal obligation to the banks that claimed tens of millions of dollars in losses.

On that data breach, whodunit? This article posits that foreign gangs are the culprit in a data breach that compromised the data of more than 40 million consumers.

Posted in: Blog, This week in review

Leave a Comment (0) →

This week in review: Cybersecurity as child’s play, travel advisory, and fresh phish

This week in review: Cybersecurity as child’s play, travel advisory, and fresh phish

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about cybersecurity being child’s play, travellers targeted by cybercriminals, and plenty of fresh phishing news. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Reading, writing and cybersecurity

The hot ticket these days isn’t to InfoSec Taylor Swift, it’s to see eight-year old cybersecurity expert and startup CEO Reuben Paul. This pint-sized infosec phenom is in high demand, speaking at numerous infosec conferences, sharing his message that cybersecurity is an important skill set to be teaching younger generations. To learn more about his perspective – and his busy speaking schedule – read this Q&A.

Travelers get more than free continental breakfast

Several stories in the news this week may prompt you to opt for a staycation rather than travel next time you’re contemplating leaving home. From booking your trip to logging on when you’re at the hotel, cybercriminals are one step ahead.

Booking.com, a highly trafficked online travel booking site, admitted that more than 10,000 of its users had been targeted in an email phishing scam. That booking confirmation email you received, seemingly from Booking.com or the hotel itself, and its request for a deposit to hold the reservation? It’s a scam. The site’s PR team went into defence mode, stating that “this was no data breach and that phishing is an industry-wide phenomenon,” while an infosec blogger posited another, more frightening possibility: “Maybe nobody knows how this happened.”

Meanwhile, business travelers in Asia have been targeted in another type of cybersecurity attack. And I mean targeted. Security advisors suspect that the attacks were targeting specific travellers and may have even had those targets’ itineraries. That’s how it started, but the attacks appear to have broadened and vulnerabilities may have impacted anyone connecting to hotel wifi. As is so often the case, phishing appears to have been a primary vector for delivery of these attacks.

It pays to be hypervigilant when booking and using wifi at hotels; give them your Dodoname instead of your email address!

Fresh phish

This week’s phishing news includes a bleak Outlook, a Google report shining a light on just how effective these scams are, and the full extent of the Home Depot breach that brought Christmas early for potential phishing scammers.

Bad news: Your Microsoft Outlook has been infected with a Trojan virus! At least that’s what the phishing scam in inboxes this week declared. Just click on the link in the very legitimate-looking email from Windows Microsoft to run the Norton antivirus software and eliminate the c93 virus from your mailbox; failing to do so will result in the deactivation of your mailbox. What is actually happening is that by following the steps in the email, you’re handing your Outlook credentials to cybercriminals. And recipients are clicking on these nefarious links much more frequently than you’d think, according to a recent report by Google.

Phishing scams are wildly successful, which is why they continue to plague our inboxes. Google has conducted some fascinating and terrifying research into what they’ve dubbed “manual hijacking,” a primary vector for which is phishing. The results are staggering – phishing emails were effective between three and 45 percent of the time. Of those who clicked on phishing links, 14 percent entered personal data like login credentials or credit card information. These stats are very alarming when you consider the number of personal records taken in some of the recent data breaches.

Listen closely. Do you hear it? That faint sound you hear is that of countless hackers thanking their lucky stars for the phishing bounty they’ve received from the likes of Home Depot. Home Depot has been on the PR campaign trail, trying to clean up the mess of the much-publicized data breaches that company has experienced. One consumer and journalist who had her details exposed in the breach shared the contents of an email that Home Depot sent out to those affected. In that email, the director of corporate communications for the company threw its loyalty program partners under the bus as the weak link in the data security chain, and let recipients know that theirs were just one of 53 million – more than the entire population of Canada! – email addresses compromised, followed by some tips and tricks for avoiding phishing scams.

An ounce of prevention is worth a pound of cure, as they say. Should have used Dodoname!

Posted in: Blog, Phishing, Privacy, This week in review

Leave a Comment (0) →

Data brokers: a threat to your online privacy

Data brokers: a threat to your online privacy

By Don Dobson

Two facts have collided in the early days of this millennium: one, much of our lives has gone digital and two, digital security measures have not kept pace with technological advancements and adoption. This is a huge problem.

Our commerce, work, social life, entertainment, information consumption and personal communication have all become digitized. Much of everyday life has either moved online or is touched in some way by our online activity, creating a stream of data coined by Google as our “digital exhaust.”

Secondly, not just laws and regulations but even broad social consensus around issues of security and privacy are falling behind the technological curve and the ever increasing collection capabilities for our data.

Consumer advocates and organizations like the American Civil Liberties Union are sounding the alarm on an industry many consider out of control. Its new video, Invasion of the Data Snatchers, paints a scary, dystopian view of our personal lives under scrutiny by governments and corporations. The intro to the video on their YouTube channel notes New technologies are making it easier for private companies and the government to learn about everything we do – in our homes, in our cars, in stores, and within our communities. As they collect vast amounts of data about us, things are getting truly spooky!

So, who is vacuuming up this so-called digital exhaust? One set of players in that business that few people know about and fewer still understand are “data brokers.” Pam Dixon is the executive director of the World Privacy Forum and her December 18, 2013 testimony before the Senate Committee on Commerce, Science, and Transportation, titled What Information Do Data Brokers Have on Consumers, and How Do They Use It?, sheds full light on a growing industry with somewhere around 4,000 companies. Dixon asked:

What do a retired librarian in Wisconsin in the early stages of Alzheimer’s, a police officer, and a mother in Texas have in common? The answer is that all were victims of consumer data brokers. Data brokers collect, compile, buy and sell personally identifiable information about who we are, what we do, and much of our “digital exhaust.” 

We are their business models. The police officer was “uncovered” by a data broker who revealed his family information online, jeopardizing his safety. The mother was a victim of domestic violence who was deeply concerned about people finder web sites that published and sold her home address online. The librarian lost her life savings and retirement because a data broker put her on an eager elderly buyer and frequent donor list. She was deluged with predatory offers.

[Consumers] not able to escape from the activities of data brokers…until this Committee started its work, this entire industry largely escaped public scrutiny… Consumers have no effective rights because there is no legal framework that requires data brokers to offer consumers an opt-out or any other rights.

Frank Pasquale, a professor of law at the University of Maryland, is the author of the forthcoming book, “The Black Box Society: The Secret Algorithms That Control Money and Information.” He writes, Every day, corporations are connecting the dots about our personal behavior—silently scrutinizing clues left behind by our work habits and Internet use. The data compiled and portraits created are incredibly detailed, to the point of being invasive. 

In a October 16th, 2014 op-ed in the New York Times entitled, The Dark Market for Personal Data, Pasquale suggests, We need regulation to help consumers recognize the perils of the new information landscape without being overwhelmed with data.

Media investigators are starting to inform the public that the personal data being brokered can be very personal indeed. Reports from Bloomberg indicate Tapping social media, health-related phone apps and medical websites, data aggregators are scooping up bits and pieces of tens of millions of Americans’ medical histories. Even a purchase at the pharmacy can land a shopper on a health list…People would be shocked if they knew they were on some of these lists…yet millions are.

According to the Data-Driven Marketing Institute, the data-mining industry generated $156 billion in revenue in 2012. Technology CEO and Harvard professor Nathan Eagle offers up his insight on the matter … it is just the first step for the data economy. By 2020, the global Internet population will reach five billion; ten billion new machine-to-machine connections will be created; and mobile data traffic will rise 11-fold. Given the dramatic growth in the amount of data being generated, together with ever-expanding applications across industries, it is reasonable to expect that…within ten years, the data-capture industry can be expected to generate more than $500 billion annually.

The World Privacy Forum has compiled a list of 352 consumer-focused U.S. data broker sites. Check out the list and see if you’re on any of these sites. Many of the sites offer the ability for those included to opt-out; might be a good use of your time to go through that process and engage in more privacy-centric online practices in future.

With these nefarious, data grabbing institutions at large, the urgency to protect your online data, including through use of a tool like Dodoname, has never been more real.

(Image: Flickr, Simon Cunningham, link)

Posted in: Blog, Data breach

Leave a Comment (0) →

Chances are your personal data has been compromised in a data breach

Chances are your personal data has been compromised in a data breach

This Throwback Thursday, let’s travel back to a simpler time, a time when the threats to your personal data online were not as frequent or severe as now. The year was 2009.

James Cameron’s groundbreaking film Avatar reigned at the box office. The world was introduced to golden-voiced singer Susan Boyle via a viral YouTube video. Yelp was emerging as one of the top iPhone apps of the year. America struggled to recover from the financial setbacks of the previous fall. And there were a mere 778 data breaches in the U.S. that year, according to a Risk Based Security and Open Security Foundation Report. It was the best of times, it was the worst of times.

Fast forward to today, when there’s a good chance that your personal data has been compromised in a data breach. According to a CNNMoney/Ponemon Institute study, 47 percent of U.S. adults had their personal information exposed by hackers between May 2013 and May 2014. That’s a frightening statistic to behold. And that number is likely just the tip of the iceberg; retailers are decidedly cagey when sharing with the general public, the media and their customers just what data has been leaked, and so many consumers may be victims and not even know it.

The Risk Based Security and Open Security Foundation Report for 2013 provided some additional stats about how far we’ve come since 2009 in terms of the numbers of data breaches and the amount of records impacted. According to the InfoSec Institute, “During the 2,164 incidents, nearly 822 million records were exposed.” It’s not pretty, as you can see.

Databreaches2009to2013

The stats for 2014 are still being compiled, but anecdotal evidence (Adobe, ebay, Target, JP Morgan Chase… need I go on?) would suggest that it’s on track to be the worst year ever for data breaches.

Dodoname has none of your personal information. Ergo, when you use a Dodoname to engage with a retailer, they have none of your personal information. Retailers can’t knowingly or unknowingly give up information that they don’t have. As consumers become more aware of the serious risks associated with sharing personal data with retailers, we’re hoping that they’ll be open to using Dodoname to protect themselves – and their personal information – against future data breaches. With Dodoname, consumers can get the best that the web has to offer, without exposing themselves to data breaches.

(Image: Flickr, Justgrimes, link)

Posted in: #TBT, Blog, Data breach

Leave a Comment (0) →

Top five online privacy concerns

Top five online privacy concerns

By Don Dobson

In epidemiology, the means for the transmission of disease is termed a “vector.” In the world of online privacy, your personal email address is one of the prime vectors by which your privacy can be compromised. If you’re not using a Dodoname to interact with merchants, you’re leaving yourself open to these top five privacy concerns (which can have some very scary repercussions!)

1. Phishing

Wikipedia defines phishing as the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Although not the only means, email is one of the main vectors for phishing. At Dodoname, we like to keep up to date on the latest developments in cybercrime through email phishing scams. We see that the scammers are relentless and that anyone can be a victim: criminals shamelessly exploit the latest news, such as recent attempts linked to the Ebola scare gripping the world or even attack children. It also a big problem for businesses as employees can be fooled and surrender corporate information or provide a pathway for hacking of retailer systems.

Phishing still thrives because it remains a simple game and the power of easily sending millions of emails every day allows the bad guys to fill their quotas. Old scams are still making the rounds and claiming victims. And the fact is, email remains a very popular communication channel. Unfortunately, it’s true that real dangers can place themselves in your inbox. Here’s a start on some help to stay out of trouble and also some advice if you have taken the bait.

2. Data breaches

Retailers in particular have shown themselves to be vulnerable to hacker attacks which result in a “breach” of security measures protecting customer data, as have financial institutions.

You may think “that’s their problem” but it could also be a problem for you. Depending on the nature of the data breach, personal information you have shared with companies, including credit card information, may become available for use by criminals and/or be re-sold in criminal markets. Ironically, this can result in even more effective phishing emails as criminals use information already stolen to become more credible to email recipients in what is known as “spear-fishing.”

There is nothing you can do to prevent these breaches, but they are the top of the list of concerns for company executives. Customers are striking back. Many consumers will stop patronizing companies who have had a data breach while some victims of these attacks  have joined lawsuits against retailers like Home Depot.

3. Malware

Email phishing can have many consequences. One of those is the installation of malware on your device. There are many varieties of malware “in-the-wild,” some malicious, some not so much, but none have any business on your device. Among the types of malware that can impact you are “key-loggers,” which send back everything you type online to criminals. This information would include details of all your online activity including banking website passwords.

And the thing is, you don’t always even need to click on anything. Just visiting some sites exposes you to these sneaky downloads through “malvertising.” You might think that staying away from seedy corners of the Internet would protect you, but the truth is even reputable sites can be hacked in these ways through ad exchanges.

4. Identity theft

Identity thieves have many different ways to strike: over the phone or through something as low-tech as criminals sifting through your trash, or through email phishing attacks. Online theft of personal identity and it has become a major problem worldwide. Criminals can use your identity and credit card information to make purchases, take out loans or conduct any illicit financial transaction.

Identity thieves can be individuals at the local level or international organized criminal operations. Even using free wi-fi at a coffee shop can open you up to identity theft. It’s clear that these types of cybercrime enterprises are a growth business.

5. Data brokers

A much broader concern for personal privacy than the vector of phishing emails and malware criminals is an industry that operates “legitimately” but without much regulatory protection for consumers. Testimony by Pam Dixon, Executive Director, World Privacy Forum appearing before the Senate Committee on Commerce, Science, and Transportation, suggests that somewhere around 4,000 companies in the U.S. gather identity information left by the “digital exhaust” of your online activity. Dixon cites real harm to individuals resulting from these activities and notes “Despite the large and growing size of the industry, until this Committee started its work, this entire industry largely escaped public scrutiny. Privacy laws apply to credit bureaus and health care providers, but data broker activity generally falls outside these laws. Even a knowledgeable consumer lacks the tools to exercise any control over his or her data held by a data broker.” 

(Image: Flickr, Sebastien Wiertz, link)

 

 

 

 

 

 

 

 

Posted in: Blog, Data breach, Email, Fraud, Identity, Phishing, Privacy

Leave a Comment (0) →

This week in review: cyber security awareness month, modern mobsters, phishing and data breaches

This week in review: cyber security awareness month, modern mobsters, phishing and data breaches

By Don Dobson

In our weekly roundup, we want to draw your attention to news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data: problems that Dodoname can solve. Catching our attention this week were posts about a yearly event for which Hallmark doesn’t yet make a card, the lengths we’ll go to for cookies, how the underworld is keeping up with the times, phishing trips, data breaches and a reminder that common sense goes a long way. 

Acknowledging the problem is the first step to solving it

October 1st marked the start of National Cyber Security Awareness Month in the U.S. and Canada. Follow it through the #NCSAM hashtag on Twitter or through various organizations in both countries promoting a more cyber security aware public, including @GetCyberSafe on Twitter, or their website, the @STOPTHNKCONNECT or @StaySafeOnline Twitter accounts or their respective websites at http://www.stopthinkconnect.org/ and http://www.staysafeonline.org/

Cookies may contain personal data (and nuts)

We loved this story about a performance art project that had people in Brooklyn thinking about personal information, privacy and data collection. Artist Risa Puno traded a cookie, a real one, not the cyber kind, for personal data that included their address, driver’s license number, phone number and mother’s maiden name. Very clever and cheeky, Risa!

www.stolencreditcardsforcheap.com

It’s hard for most folks to believe that there is actually a website where a criminal can go and buy a stolen credit card. Not only is that true,  so many stolen cards have become available that the criminals are dropping their prices in order to move inventory!

The underworld goes high tech

‘Commercialization’ of cybercrime has been identified as a new trend in a report released by Europol’s European Cybercrime Centre. The Mirror notes traditional organized crime gangs are getting in because they can now easily find people selling tools and services that allow them to carry out illegal activities such as data theft and password cracking without the need for specialist skills. Surely this phenomenon is not limited to Europe?

Phishy tales

There is never any shortage of phishing scams in the news: organizations as diverse as the Nelson Mandela Foundation and the Virginia Department of Transportation EZ pass program have been impacted recently. It’s no wonder that cyber risk insurers are doing a brisk business these days.

World leaders: they’re just like us! 

It was reported that financial giant JP Morgan suffered a significant data breach, with reports that hackers grabbed contact information for 76 million households and 7 million small businesses, including names, addresses, phone numbers and email addresses, as well as “internal JPMorgan Chase information relating to such users.” Even President Obama may have been impacted as Business Insider noted a White House press pool in July mentioned him using his JP Morgan card at a Texas barbecue restaurant.

An ounce of prevention…

Blogger Chrysler Summer’s post on personal responsibility for privacy and security on the Web struck a chord. She suggested that “the biggest problem is that most people are just not as cautious as they should be on the Web.” Although we can’t protect ourselves from all cyber threats just by being careful, it is a point worth noting. We think using a Dodoname is a great tool for being more careful.

Posted in: Blog, Data breach, Fraud, Phishing, Privacy, This week in review

Leave a Comment (0) →
Page 1 of 2 12