Blog

Posts Tagged hackers

The Right to Know When I Am Not Left Alone – Is Not Enough.

The Right to Know When I Am Not Left Alone – Is Not Enough.

Our online privacy is continuously compromised with the scanning, skimming and scraping of our emails and our browsing behavior.

A recent study concluded that 92% of the population believes “that collecting the content of emails is unacceptable”. How many consumers understand that virtually every email is scanned, skimmed and scraped for information and their privacy is breached every day? A recent article in The Economist describes how people do not protect their right to privacy and anonymity.

Google scans the content of all emails on its servers as well as all emails sent or received by a gmail account. Google considers that users have no ‘reasonable expectation’ of privacy. This stance flies in the face of the predominant and consistent research about consumers’ ‘privacy expectations’.

Rami Essaid recently wrote in TechCrunch that, “The truth is, people will never achieve true privacy and anonymity online.” He concludes that tracking is here to stay and that it is getting more pervasive and sophisticated. His main thesis is that our discussion should not be about absolute the right to privacy or anonymity but about transparency.

If Essaid is correct, the horse has left the barn in terms of protecting our privacy and anonymity. Instead, he proposes focusing on making it visible and transparent about how our online privacy will be accessed or ripped off.  It is OK to to invade our privacy as long as it is transparent! Should consumers simply give up that they have any expectation for online privacy? This is almost Orwellian in concept – a dark road that we must not travel as this means that others have the right to observe us without our consent!

The Right to Privacy

In 1890, Warren and Brandeis wrote The Right to Privacy and their key argument was the “right to be let alone”. Here we are 100 years later. Do we really want to change the right to be left alone to the “the right to know when I am not left alone?” Transparency is an important need but we must not give up the fight for the right to privacy.

Posted in: Anonymity, Data breach, Email, Fraud, Identity, Phishing, Privacy, Uncategorized

Leave a Comment (0) →

Identity theft and who has the keys to your virtual house?

Identity theft and who has the keys to your virtual house?

We were moving out of the neighborhood where we have lived for the past 23 years. Tracy, our neighbor, invited us over for a farewell dinner.  Tracy knows that I have been in technology for a long time and related the story of her recent identity theft where the thieves came very close to emptying her bank account. It started with the bad guys phishing and finding her personal email address. This data breach and cybercrime was incredibly invasive to Tracy as she now had to get rid of the personal email address she had used for over twenty years.

 

The front door to our virtual house, hence our privacy, is our personal email address. It seems we give this email address to everybody. Concerned about their privacy, many consumers simply get a second or third email they use as their ‘spam address’ – typically a Hotmail or Gmail address. So now we have two or three front doors to our virtual house. Susie Baszkeiwicz blogged in January about 9 reasons you should have more than one email address. Avoid spam & hackers, protect yourself, have a disposable email, have an alias and have a backup are 5 of her 9 reasons that we built Dodoname.

How many of us would hand out the keys to our front, side and back door of our regular house to every merchant or supplier who said, “I won’t sell to you unless you give me the keys to your house.” If that seems a little insane in the real world then why do we do it in the virtual world?

Consider that identify theft is a Type I invasion of our privacy and that spam is a Type II invasion of our privacy. Clearly a Type I privacy breach is more serious than Type II privacy breach.

For Type I protection most consumers continue to use their personal email address – the less secure email address. Why? Because there is no easy way to manage our secondary emails, which are filled with spam, and not really the place we want to collect and manager our ‘good’ communications. We shrug our shoulders and continue to use our personal email addresses for the really important stuff. The phishers know this. Consumers should understand what phishing is and how to protect themselves. Read this article from the Safety & Security Center at Microsoft for more information about how to protect yourself.

Using a Dodoname for key confidential registrations would eliminate much of the risk because a Dodoname can only ever be used by that one service. Moreover, the managed email system in Dodoname provides users with a powerful way to store and manage confidential communications. Finally, Dodoname is also designed as a marketplace where merchants and consumers can meet, sell and buy with confidence that the consumer’s private information is protected. Privacy with Personalization is the core architectural feature of Dodoname. Everyone should have a Dodoname.

Posted in: Uncategorized

Leave a Comment (0) →

The week in review: international cyberwarfare, the cost of data breaches and the future of privacy

The week in review: international cyberwarfare, the cost of data breaches and the future of privacy

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. The Sony hack was catching everyone’s attention this week, banks and retailers are arguing about footing the data breach bill and there is some new thought provoking research on our digital lives and where we are going with privacy. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Truth is stranger than fiction

While “The Interview” is a screwball comedy based on a highly improbable scenario, even Hollywood could not have written the script we see playing out with the Sony hack. Reports indicate that the data breach of terabytes of all manner of data (including employee personal data) at Sony was, in fact, carried out by North Korea. While state-on-state cyberwar is certainly not the personal privacy milieu of Dodoname, there are some sobering implications of the Sony hack which are likely to reverberate across business, in what may come to be seen as a real turning point for how we look at cybersecurity.

North Korea’s Bureau 121 is certainly not the only hacker group out there. In previous weeks we shared posts about how criminal hacking was a major industry in some places. A Monday post by Robert Beckhusen and Matthew Gault suggested that it wasn’t cyberwar that we need to be worried about but cybercrime, since the U.S. — and the rest of the world, for that matter — aren’t ready to deal with cybercrime. As they point out, cybercrime is often stateless. Hackers operate across borders.

When we get to the point where Crimeware-as-a-Service Threatens Banks, The Economist notes in regard to cybercrime that the growth in general wickedness online is testing the police, and underground hacker markets are peddling complete kits for hackers monetizing every piece of data they can steal or buy and are adding services, it starts to feel like, whether we like it or not, 2015 will be a watershed year for cybersecurity. With polls reporting that almost half of Americans say their card details have been stolen in a data breach, it is also no surprise to see observers suggesting that protecting consumers’ data should be at top of new Congress’ agenda.

Who pays the bill?

As the cost of data breaches starts to explode, there is mounting tension between retailers and card issuers. Banking and Credit Union association officials Jim Nussle and Camden R. Fine note the instant criminal hackers gain access to consumer financial data, they sell the information to the highest bidders. Protecting the consumer then becomes the duty of financial institutions—leaving banks and credit unions on the hook for fronting the bill. Their industry feels it’s time for retailers to join efforts to put a stop to data breaches and protect the consumer. Current U.S. laws on data protection for retailers are not as strict as financial institutions and as a result there is little incentive to address their security flaws, because financial institutions are responsible for cleaning up their mess. We expect that retailers will face increased liability as laws are almost certain to change, highlighting the potential value to retailers of participating in a privacy marketing platform like Dodoname.

The future of privacy

The Pew Research Center Internet & American Life Project aims to be an authoritative source on the evolution of the Internet through surveys that examine how Americans use the Internet and how their activities affect their lives. They canvassed thousands (2,511) of experts and Internet builders to share their predictions on the future of privacy and released the results of those efforts this week.

In theintro to the report, Pew notes “The terms of citizenship and social life are rapidly changing in the digital age. No issue highlights this any better than privacy, always a fluid and context-situated concept and more so now as the boundary between being private and being public is shifting.

We recommend the entire report as a fascinating read. It reveals that, while we all can see benefits in our ever increasing digital lifestyle, privacy does mean something. However, it’s moving so fast that all parties are struggling to decide what it does mean and where it is going. Lots of food for thought for sure, but you won’t find a simple consensus. A taste of what we mean follows and do check out the full report.

We are at a crossroads,” noted Vytautas Butrimas, the chief adviser to a major government’s ministry. He added a quip from a colleague who has watched the rise of surveillance in all forms, who proclaimed, “George Orwell may have been an optimist,” in imagining “Big Brother.”

An executive at an Internet top-level domain name operator who preferred to remain anonymous replied, “Big data equals big business. Those special interests will continue to block any effective public policy work to ensure security, liberty, and privacy online.”

John Wilbanks, chief commons officer for Sage Bionetworks, wrote, “We have never had ubiquitous surveillance before, much less a form of ubiquitous surveillance that emerges primarily from voluntary (if market-obscured) choices. Predicting how it shakes out is just fantasy.”

An information science professional responded, “Individuals are willing to give up privacy for the reasons of ease, fastness, and convenience… If anything, consumer tracking will increase, and almost all data entered online will be considered ‘fair game’ for purposes of analytics and producing ‘user-driven’ ads. Privacy is an archaic term when used in reference to depositing information online.

Joe Kochan, chief operating officer for US Ignite, a company developing gigabit-ready digital experiences and applications, observed, “I do not believe that there is a ‘right balance’ between privacy, security, and compelling content. This will need to be a constantly negotiated balance—one that will swing too far in one direction or another with each iteration… Public norms will continue to trend toward the desire for more privacy, while people’s actions will tend toward giving up more and more control over their data.”

Posted in: Data breach, Privacy, Spam, This week in review

Leave a Comment (0) →

The week in review: privacy law world showcase, Sony’s bad week, and a phishing pop quiz

The week in review: privacy law world showcase, Sony’s bad week, and a phishing pop quiz

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about Internet privacy laws (or lack thereof) around the world, Sony’s extensive data breach, and a phishing pop quiz. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Whose Internet privacy laws are the fairest in all the land?

Do you want the bad news first? Or the good news first?

The bad news is that of the countries surveyed by the World Wide Web Foundation on the topic of Internet privacy law, 84% got a failing grade.

The good news? … well… er… Christmas is coming?

According to a Sputnik News article: “The United Kingdom, the United States, Australia, Canada and France all scored three out of a possible 10 in providing legal safeguards to ensure that surveillance did not interfere with rights to privacy.”

With a lack of legislation in place to protect consumers, it’s essential that they seek out and use tools and platforms that help them to protect their own online privacy, to control their own online personas and communications with merchants. Platforms like Dodoname can help!

All the makings of a Hollywood blockbuster

Those that follow the infosecurity and Hollywood beats have been glued to their screens since the announcement of a huge data breach at Sony Pictures that shares similar plot points with many a blockbuster thriller. From Forbes: “hackers not only erased data from its systems, but also stole, and released to the public, pre-release movies, people’s private information, and sensitive documents.” Extortion attempts, ignored warnings, cryptic messages to execs from the culprits and other go-to plot points became all too real, and splashed all over the Internet this week. Even more damning is that it appears the problems were discovered long ago – with a hack recorded in February and the studio deciding to keep it quiet. <insert joke about hindsight being 20/20 here>

The repercussions of this week’s revelations are widespread and ugly, from racist jokes made by studio executives at the president of the United States expense, to the A list slinging mud and bad mouthing other A list talent. The financial implications – and reputational damage – to Sony will no doubt be long lasting and the media is sure to broadcast every last juicy detail. It is a sobering lesson for organizations that are treating cybersecurity as an afterthought.

Phishing pop quiz

It’s Friday. You’ve had a long week. You’re looking for an online activity that will get you that much closer to the weekend. This phishing email quiz is just the ticket. Can you spot the difference between a legit email and a phishing scam?

How did you rate on the quiz? Tell us in the comments. And if you didn’t do so well, don’t despair: the IT security experts that first took the quiz didn’t do much better, as a mere 6% got all questions right. And, as the article at the link mentions, “this is their job.”

Posted in: Phishing, Privacy, This week in review

Leave a Comment (0) →

This week in review: Cyber Monday sales and scams, the European Plan and the science behind tracking

This week in review: Cyber Monday sales and scams, the European Plan and the science behind tracking

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts on Cyber Monday, ongoing privacy debates, including in Europe and the science behind who is tracking you. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Cyber Monday – sales and scams

Although figures vary quite widely depending on the source, a considerable fury of online sales was unleashed this week on Cyber Monday. ComScore reported U.S. sales of over $2 billion, a 17 percent increase over last year’s Cyber Monday, making this the “heaviest U.S. online spending day in history.” Predictably, this rush of e-commerce also captured the full attention of online bad actors. Researchers had already observed a “sharp increase” in phishing and spam activities against online shoppers and expect more to come into the holiday season. In a Politico article called “Hack Friday: Black Friday cybercrime is unstoppable,” Jay Healey, a former White House and financial sector official notes “Hunters are more likely to be out when there’s more prey to be hunted.” Bolstering that idea, reports on a study from security firm Imperva shows nearly half of all web application cyber-attacks target retailers. “This is largely due to the data that retail websites store – customer names, addresses, credit card details – which cyber criminals can use and sell in the cybercrime underworld,” said Amichai Shulman, chief technology officer at Imperva.

While email is still the prime vector for phishing, we were also reminded that social media is not immune to these threats riding the wave of a major online event such as Cyber Monday. Fake social media messages on platforms like Facebook attempted to hook unsuspecting shoppers looking for deals and discounts.

Privacy debates

Of course, we continue to monitor news and debates around how companies use your data to track your online activities for various advertising and marketing purposes. Indeed, providing a way to have both privacy and personalization is the raison d’être behind Dodoname. It’s fascinating to see the general public slowly becoming aware of the extent to which we are tracked. Jascha Kaykas-Wolff, the Chief Marketing Officer of BitTorrent, notes recent Pew research, saying it “overwhelmingly showed the burgeoning distrust users have harbored in putting their private information online.” His article, Why privacy is like the frog in the pot of boiling water, is descriptive of what has happened to all of us. Like the proverbial frog in the pot of water that is slowly increasing in temperature, we’ve paid little notice to the tracking and erosion of privacy. With the Pew study showing that ninety percent of adults agree that we’ve lost control of our personal data, the temperature is going to start to rise for business as well.

One way the market is responding to consumer concerns is through offers like Dodoname where privacy, rather than tracking, is central to the value proposition. Another prominent example is DuckDuckGo, a search engine that puts privacy first, rather than collecting data. Gabriel Weinberg founder of the company, speaking about privacy-based products in a Guardian Article notes “I don’t think it’s a fad. One of the big things people have noticed in the last year is the ads that follow them around the Internet and that’s perhaps the most visible notion of this new tracking mindset that most companies are adopting. Those trends are not disappearing. More tracking on the Internet, more surveillance, so I think as people find out about it they’re going to be wanting to opt out in some percentage.”

The European Plan

The European Union is ahead of North America in many regards concerning privacy, including evolving regulations concerning cookie use. We’ve previously reported on so-called super cookies and device fingerprinting used to track consumers across devices, including smartphones. A Guardian article this week Europe’s next privacy war is with websites silently tracking users, notes regulators have made it clear that companies cannot bypass cookies consent by using covert methods to track users through their devices. In the article, Jim Killock, executive director of the Open Rights Group says “Building profiles to deliver personalised content and adverts clearly falls under e-privacy and data protection law.” This regulator opinion on device fingerprinting techniques seems to pave the way for developing new legislation to govern their use and protect user privacy.

The science behind tracking you

The science behind tracking and the answer as to why techniques that track users across devices are being pursued by companies on both side of the Atlantic can be found in a MIT Technology Review article we shared this week: New Technology for Tracking Consumers Across Devices Grows Results.

Companies like Adometry are using probabilistic identification methods, to link smartphones to desktops accurately enough to justify ad placements. Drawbridge, of San Mateo, California, says it can “take anonymous signals from the device and do a kind of statistical space-time triangulation.” By performing the analysis over time, Drawbridge identifies clusters of devices and then figures out which are paired, providing confidence that they have the same user. The results provide marketers with data that is accurate enough for retargeting and attribution.

Still, we are just at the beginning of what marketers would like tracking to accomplish. As various vendors build their own technology and tech companies like Apple or Google seek dominance of their own proprietary methods, Adometry CEO, Casey Carey offers the opinion that Marketers need a new system to track customers across platforms.

Posted in: Blog, Data breach, Fraud, Phishing, Privacy, This week in review

Leave a Comment (0) →

Data brokers: a threat to your online privacy

Data brokers: a threat to your online privacy

By Don Dobson

Two facts have collided in the early days of this millennium: one, much of our lives has gone digital and two, digital security measures have not kept pace with technological advancements and adoption. This is a huge problem.

Our commerce, work, social life, entertainment, information consumption and personal communication have all become digitized. Much of everyday life has either moved online or is touched in some way by our online activity, creating a stream of data coined by Google as our “digital exhaust.”

Secondly, not just laws and regulations but even broad social consensus around issues of security and privacy are falling behind the technological curve and the ever increasing collection capabilities for our data.

Consumer advocates and organizations like the American Civil Liberties Union are sounding the alarm on an industry many consider out of control. Its new video, Invasion of the Data Snatchers, paints a scary, dystopian view of our personal lives under scrutiny by governments and corporations. The intro to the video on their YouTube channel notes New technologies are making it easier for private companies and the government to learn about everything we do – in our homes, in our cars, in stores, and within our communities. As they collect vast amounts of data about us, things are getting truly spooky!

So, who is vacuuming up this so-called digital exhaust? One set of players in that business that few people know about and fewer still understand are “data brokers.” Pam Dixon is the executive director of the World Privacy Forum and her December 18, 2013 testimony before the Senate Committee on Commerce, Science, and Transportation, titled What Information Do Data Brokers Have on Consumers, and How Do They Use It?, sheds full light on a growing industry with somewhere around 4,000 companies. Dixon asked:

What do a retired librarian in Wisconsin in the early stages of Alzheimer’s, a police officer, and a mother in Texas have in common? The answer is that all were victims of consumer data brokers. Data brokers collect, compile, buy and sell personally identifiable information about who we are, what we do, and much of our “digital exhaust.” 

We are their business models. The police officer was “uncovered” by a data broker who revealed his family information online, jeopardizing his safety. The mother was a victim of domestic violence who was deeply concerned about people finder web sites that published and sold her home address online. The librarian lost her life savings and retirement because a data broker put her on an eager elderly buyer and frequent donor list. She was deluged with predatory offers.

[Consumers] not able to escape from the activities of data brokers…until this Committee started its work, this entire industry largely escaped public scrutiny… Consumers have no effective rights because there is no legal framework that requires data brokers to offer consumers an opt-out or any other rights.

Frank Pasquale, a professor of law at the University of Maryland, is the author of the forthcoming book, “The Black Box Society: The Secret Algorithms That Control Money and Information.” He writes, Every day, corporations are connecting the dots about our personal behavior—silently scrutinizing clues left behind by our work habits and Internet use. The data compiled and portraits created are incredibly detailed, to the point of being invasive. 

In a October 16th, 2014 op-ed in the New York Times entitled, The Dark Market for Personal Data, Pasquale suggests, We need regulation to help consumers recognize the perils of the new information landscape without being overwhelmed with data.

Media investigators are starting to inform the public that the personal data being brokered can be very personal indeed. Reports from Bloomberg indicate Tapping social media, health-related phone apps and medical websites, data aggregators are scooping up bits and pieces of tens of millions of Americans’ medical histories. Even a purchase at the pharmacy can land a shopper on a health list…People would be shocked if they knew they were on some of these lists…yet millions are.

According to the Data-Driven Marketing Institute, the data-mining industry generated $156 billion in revenue in 2012. Technology CEO and Harvard professor Nathan Eagle offers up his insight on the matter … it is just the first step for the data economy. By 2020, the global Internet population will reach five billion; ten billion new machine-to-machine connections will be created; and mobile data traffic will rise 11-fold. Given the dramatic growth in the amount of data being generated, together with ever-expanding applications across industries, it is reasonable to expect that…within ten years, the data-capture industry can be expected to generate more than $500 billion annually.

The World Privacy Forum has compiled a list of 352 consumer-focused U.S. data broker sites. Check out the list and see if you’re on any of these sites. Many of the sites offer the ability for those included to opt-out; might be a good use of your time to go through that process and engage in more privacy-centric online practices in future.

With these nefarious, data grabbing institutions at large, the urgency to protect your online data, including through use of a tool like Dodoname, has never been more real.

(Image: Flickr, Simon Cunningham, link)

Posted in: Blog, Data breach

Leave a Comment (0) →

This week in review: a freight train of outrage, Google on cybercrime, bad telecoms and more

This week in review: a freight train of outrage, Google on cybercrime, bad telecoms and more

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about how fast the world of advertising is changing and how little most people know about the privacy implications of tracking, more telecom snooping, Google speaks, and a few top links on phishing and malware attacks. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Awareness lags reality in ad targeting

In digital advertising, the Holy Grail touted for driving ad performance is relevancy. That is, making sure the ads you see are relevant to you. Of course, in order to do that, advertisers need to know lots of things about you. An excellent article in The Economist notes that spending is moving rapidly from traditional media to digital formats (advertising that knows who you are) and reported on an Adobe poll that showed “most marketers say they have seen more change in the past two years than in the previous 50.” In discussing the privacy implications of it all, they quote the head of one British advertising firm who put it: “Once people realise what’s happening, I can’t imagine there won’t be pushback.” Forbes Magazine also agrees that awareness of what is happening is not what it should be when it offered up Nine Things You Don’t Know About The Gathering Of Your Personal Data. The potential for a coming freight train of outrage is being anticipated by the advertising industry. Exactly because the technology and resulting capabilities are so powerful, they want to make sure they continue to have the ability to track you and in fact, we see AdAge reporting: Agencies Load Up on Privacy Specialists, Hoping to Keep Consumers From ‘Opting Out’

Google speaks on cybercrime – why wouldn’t we listen?

I’m told Google have the data. That’s why it is always worth listening to what they are saying; in this case, it’s a Google Security Blog entry about cybercrime. It’s Google oriented, but it confirms many of the things we have been saying about phishing leading to identity theft, how easy it is to fall prey and how quickly it can happen. All conventional emails have these security issues Google deals with but what is interesting about this post is how it paints a picture of a criminal workforce of what they call “manual hijackers” who intensively work over their victim and always use phishing emails.

Telecoms: a snooper’s best friends

We shared information with you last week about so called “super-cookies” being inserted into your web traffic by telecom providers, in particular Verizon. This is important because they introduce the notion of physical tracking to web habit tracking. Further details have emerged including the fact that it’s not only Verizon but also AT&T. It didn’t take long for news of at least one user of the technology to become known. Twitter’s mobile advertising arm, MoPub, self-described as “world’s largest mobile ad exchange,” is all over it. Privacy advocates are freaking out.

While data is good for advertisers, this type of news can’t be a good situation when you consider that even before this revelation, reports indicate that consumers are already concerned that using their mobile phone for coupon and loyalty schemes puts them at risk of identity theft. When customers aren’t happy, retailers always also have a concern.

Filthy phishers flourish

Criminals continue to innovate in their phishing attempts like a new hybrid approach seen this week in Japan. Called Huyao, which means “monstrous fox” in Chinese, experts are concerned this technique of combining legitimate sites with a fake checkout procedure is set to spread.

Meanwhile, investors and students were warned about phishing attacks targeting them, web host GoDaddy was being spoofed, we saw how just having your email leaked by companies you deal with can lead to a very effective phishing attack and a growing trend involving fake wire transfer request e-mails that can clean out your bank account.

Posted in: Blog, This week in review

Leave a Comment (0) →

This week in review: this machine eats privacy, malware, ApplePay retailers pay the piper, and more

This week in review: this machine eats privacy, malware, ApplePay retailers pay the piper, and more

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about technology advances that further erode your privacy, new payment system hacking, the continuing cyber-security battle for retailers and as always, lots of phishing and other email scams. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

The privacy killing machine

We had seen previously Facebook’s move into direct competition with Google with its advertising exchange Atlas. The platform leverages your unique Facebook identifier tracking you across the web and multiple devices. ISP Verizon is also using what they call a “Unique Identifier Header.” Some critics are saying “…it’s also a reckless misuse of Verizon’s power as an internet service provider—something that could be used as a trump card to obviate established privacy tools such as private browsing sessions or “do not track” features.”

The ol’ Backoff sneak attack

We’ve previously noted many retail data breaches that compromise consumer data including personal and financial information. Retailers can be infected with at least one piece of malware and be unaware for long periods of time. Unfortunately, it appears to be getting worse as we discover in a report that says the ‘Backoff’ malware used in retail data breaches is spreading. Apparently some  recent breaches, like that at Home Depot, are resulting in credit card charges coming out of Brazil.

Hackers give CurrentC no quarter

Apple’s new payment system, ApplePay, was announced with much fanfare a couple of weeks ago. However, some retailers abruptly stopped using the system this past week. Apparently they forgot agreements they had in place to support an alternate system that precluded them for using ApplePay. The payment system, called CurrentC includes partners CVS and Rite Aid among others. It vacuums up (and promises to share) lots of personal data and has been signing up customers. However, it actually hasn’t been released for use yet and already it has been hacked and criminals managed to grab the email addresses of anyone who signed up for the program.

Phishing for Apple

The Apple ecosystem has traditionally been noted as being less subject to security concerns than its competition but that has been changing. News was revealed this week via the CYREN Internet Threats Trend Report that phishing scams targeting Apple rose 246%.

Other phishing activity noted this week involve Pizza Hut, a Michigan hospital, rocker Brett Michaels, doctors, architects, engineers and other white-collar professionals, and even Revenue Canada.

Malware hackers do seem to be more prevalent than ever so it comes as no real surprise to see a new Microsoft survey where 42% report weekly and even daily attempts to gain access to their PC or a @FindLawConsumer survey that shows 29% of U.S. adults say they’ve had their identity stolen and that 10% report being hit twice. Whether it’s a legitimate-looking invoice email hiding a data-stealing Trojan malware attack, banking malware that specifically targets sensitive user account credentials, or horse owners, unfortunately Pew Research sees a likelihood of major attacks in coming years.

Posted in: Blog, Data breach, Phishing, Privacy, This week in review

Leave a Comment (0) →

This week in review: scary tales of data brokers, info snatchers, phishing scams and more

This week in review: scary tales of data brokers, info snatchers, phishing scams and more

By Don Dobson

In our weekly roundup, we want to draw your attention to news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data: problems that Dodoname can solve. Catching our attention this week were posts about the fight for your data, those pesky data brokers, spooky tales of data snatchers, privacy terror and phishing season.

The fight for data: yours

While conversation around the issue of privacy continues to get louder, use of the word “fight” is really a misnomer, as in many respects the fight appears to be lost. This was underlined in a book review we discovered this week of What Stays in Vegas by Adam Tanner, a Harvard University scholar and business writer. The book provides an inside look on how personal data from credit ratings, voter lists, marriage licenses, police records and online behaviours are combined and sold on the open market.

Going for (data) broke(rs)

Frank Pasquale, a professor of law at the University of Maryland, is the author of the forthcoming book “The Black Box Society: The Secret Algorithms That Control Money and Information.” He writes, Every day, corporations are connecting the dots about our personal behavior—silently scrutinizing clues left behind by our work habits and Internet use. The data compiled and portraits created are incredibly detailed, to the point of being invasive. His October 16 op-ed in the New York Times, The Dark Market for Personal Data, notes there are at least 4,000 U.S. “data brokers” selling your information without proper regulation and without the control that consumers deserve.

Tales of (privacy) terror

The alarm is being raised by many, including the American Civil Liberties Union. Although the group was founded in 1920, their concerns remain highly contemporary. Just in time for Halloween, they have released a new video Invasion of the Data Snatchers. The intro to the video on its YouTube channel notes, New technologies are making it easier for private companies and the government to learn about everything we do – in our homes, in our cars, in stores, and within our communities. As they collect vast amounts of data about us, things are getting truly spooky!

Giving up your data for the greater good?

Like any big issue, it isn’t always as simple as it might first appear. Dr. Jean Marmoreo, a physician in Toronto, writing in the Globe and Mail Debate section, notes that the collection of personal data can provide big community benefits while acknowledging the privacy concerns. Inspired by a recent Toronto lecture by Sandy Pentland from the MIT Media Lab, Dr. Marmoreo endorses Pentland’s call for a universal bill of rights for collecting and using Internet data.

Phishing Season: Always Open

Seems there is news every day about phishing scams and this week was no exception. Whether on a local scale, like a restaurant reservation scam in Chicago, the local credit union, much wider schemes like Dropbox users worldwide being targeted, spoofing PayPal or “spear phishing” targeting students, the assaults never stop.  Kaspersky Lab published its Spam in September report this week noting that financial phishing accounted for 36.97 percent of all (its) detections.

There are many ways for phishing to compromise your security including malware that can install itself on your computer without you knowing. Your own protection efforts might benefit by taking a look at the most common malware emails currently hitting inboxes. You can find out if your email has been leaked during a reported data breach using a utility provided by the makers of password manager RoboForm. And if you have taken the bait, Andy Davidson writing on the Rogers Connected site answers the burning question, I Fell for a Phishing Scheme… Now What?

Posted in: Blog, Fraud, Phishing, Privacy, This week in review

Leave a Comment (0) →

This week in review: malspace, old phishing tricks, ransomware, identity theft and more

This week in review: malspace, old phishing tricks, ransomware, identity theft and more

By Don Dobson

In our weekly roundup, we want to draw your attention to news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data: problems that Dodoname can solve. Catching our attention this week were posts about malspace, the oldest phishing tricks in the book, hack attacks, the weakest link and identity crises.

Word of the week: malspace

A new-to-us word this week, “malspace” was introduced by Steve Durbin in Wired who describes it as an online environment inhabited by hacker groups, criminal organizations and espionage units. Cybercriminals working from malspace are a growth industry where the returns are great and the risks are low, costing the global economy more than $400 billion, according to McAfee. They will grab any target of opportunity, as illustrated in a growing number of attacks on children under 18, which can cause a lifetime of credit problems for the child, as it may not be discovered for years.

Oldies but baddies

Some of the oldest and simplest email phishing scams are still circulating and creating new waves of victims, even though it would be fair to assume that users would be wise to these scams. A blog post from ScamOfTheDay.com claimed that around 156 million spam emails make it through spam filters globally everyday and phoney links are clicked by around 5% who get them. Around 10% of that group are tricked into surrendering info. But consider their report on a “mock scam” security exercise by Canada’s Department of Justice where half of the 5,000 email recipients were lawyers. That test resulted in 1,850 or around 37% clicking a bad link. It’s not easy to tell what is legit and what’s a scam, even when the law is your livelihood.

We are not alone

We learned of a brave volunteer Sophie Curtis who set out to answer just how vulnerable we are. Her article in the Guardian reveals the anatomy of a hacker attack. Curtis summarizes; It’s a salutary tale, mitigated only slightly by the fact that it’s apparently something that could happen to all of us, with precious little that can really be done to prevent it.

Scams range from simple to handsome 

Threats can come from many sources including the advertising we view online, but simple email phishing cybercriminals can certainly wreak some serious havoc. It could be as simple as preying on hopeful job seekers through a “mystery shopper” scam. Or it could be a more elaborate scam, such as detailed in this update on “ransomware” from Bernie Lambrecht via the Solutionary blog, who notes; Ransomware is like Clark Griswold’s crazy Cousin Eddie in the movie National Lampoon Vacation. It just won’t go away, no matter how hard you try to get rid of it.

It’s not you (the credit card companies); it’s me (the retailer) 

Many U.S. consumers might be surprised to hear the U.S. credit card system described as a global “weak link”. Home Depot is feeling the pain as its recent retail security breach has already produced at least 21 class action suits. Unfortunately, retailers can also shoot themselves in the foot: take well known chain Aaron’s Rent-To-Own, which reached a settlement with the State of California this week. Attorney General, Kamala Harris said “Aaron’s concealed its illegal privacy and business practices from customers in a deceptive attempt to avoid California’s robust consumer protection laws and increase its profits.” It’s harder all the time to know who to trust with your personal information when stories continue to emerge like LinkedIn being sued for alleged illegal marketing of member data to employers for their own secret snooping.

Can I see some ID?

Million are victims of identity theft every year. In a case that is a combination of striking back and turning lemons into lemonade, artist Jessamyn Lovell mounted a solo exhibition this past week, based on ID theft, which she titled, “Dear Erin Hart”, after the perpetrator. “I base all of my work on a fact that I experienced,” says Lovell.

Posted in: Blog, Phishing

Leave a Comment (0) →
Page 1 of 2 12