Blog

Posts Tagged malware

This week in review: Forgetful Firefox, Uber’s God View, Detekt and phish food

This week in review: Forgetful Firefox, Uber’s God View, Detekt and phish food

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about browsing cleanup at the push of a button, the all-seeing Uber, Detektion in the name of online privacy, and of course, phishing schemes. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Forgetful Firefox

One of the more popular web browsers is Mozilla’s Firefox, which just celebrated 10 years in existence. To help mark the occasion, some upgrades to the Firefox browser were made, including the addition of a Forget button. According to TheNextWeb, “Using it allows you to clear between 5 minutes and 24 hours of browser data – history, cookies, log-ins, saved passwords etc. – but it leaves the rest of your stored data and auto-complete history in place. It also closes any browser windows you have open and presents you with a fresh, blank one.”

God View puts Uber in privacy purgatory with consumers

Uber, to those unfamiliar with the service, is a mobile app the facilitates ride sharing. This service has seen tremendous global growth since its launch in 2009. Funded by the likes of actor-slash-investor Ashton Kutcher, those seeking rides are connected with Uber drivers who act much like a taxi service. The company got themselves in some hot water this week when it was discovered that an Uber executive is being investigated for tracking the travel records of a journalist by using the platform’s God View. Forbes also discovered recently that Uber employees had tracked the whereabouts of VIPs using the service without their consent or knowledge. A #deleteuber hastag was born, and Ashton Kutcher himself wandered into the fray with his own comments, which subsequently landed him in some hot water of his own.

Scanning for spyware

Journalists and activists are two groups to whom privacy is of the utmost importance: their lives may depend on it. An open-source tool called Detekt has been released to provide those concerned about targeted surveillance with the means to identify spyware that has been placed without their knowledge on their Windows-based PCs.

Phish food

This week’s phishing news includes fake crowdfunding for Ebola, and targeting people who have sent out their Christmas gifts early.

Indiegogo shut down a scam that started with 700,000 spam emails sent out to unsuspecting consumers, asking them to donate to a phony crowdfunding campaign in the guise of an fundraiser to help fight Ebola.

As we get closer to the holidays, many people will have shipped off presents to loved ones that might live across the state, country or planet. Phishing scams disguised as emails have been sent to gift givers who used the mail or couriers to send out presents. That email in your inbox from the USPS, FedEx or UPS? Probably a scam.

Posted in: Blog, This week in review

Leave a Comment (0) →

This week in review: this machine eats privacy, malware, ApplePay retailers pay the piper, and more

This week in review: this machine eats privacy, malware, ApplePay retailers pay the piper, and more

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about technology advances that further erode your privacy, new payment system hacking, the continuing cyber-security battle for retailers and as always, lots of phishing and other email scams. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

The privacy killing machine

We had seen previously Facebook’s move into direct competition with Google with its advertising exchange Atlas. The platform leverages your unique Facebook identifier tracking you across the web and multiple devices. ISP Verizon is also using what they call a “Unique Identifier Header.” Some critics are saying “…it’s also a reckless misuse of Verizon’s power as an internet service provider—something that could be used as a trump card to obviate established privacy tools such as private browsing sessions or “do not track” features.”

The ol’ Backoff sneak attack

We’ve previously noted many retail data breaches that compromise consumer data including personal and financial information. Retailers can be infected with at least one piece of malware and be unaware for long periods of time. Unfortunately, it appears to be getting worse as we discover in a report that says the ‘Backoff’ malware used in retail data breaches is spreading. Apparently some  recent breaches, like that at Home Depot, are resulting in credit card charges coming out of Brazil.

Hackers give CurrentC no quarter

Apple’s new payment system, ApplePay, was announced with much fanfare a couple of weeks ago. However, some retailers abruptly stopped using the system this past week. Apparently they forgot agreements they had in place to support an alternate system that precluded them for using ApplePay. The payment system, called CurrentC includes partners CVS and Rite Aid among others. It vacuums up (and promises to share) lots of personal data and has been signing up customers. However, it actually hasn’t been released for use yet and already it has been hacked and criminals managed to grab the email addresses of anyone who signed up for the program.

Phishing for Apple

The Apple ecosystem has traditionally been noted as being less subject to security concerns than its competition but that has been changing. News was revealed this week via the CYREN Internet Threats Trend Report that phishing scams targeting Apple rose 246%.

Other phishing activity noted this week involve Pizza Hut, a Michigan hospital, rocker Brett Michaels, doctors, architects, engineers and other white-collar professionals, and even Revenue Canada.

Malware hackers do seem to be more prevalent than ever so it comes as no real surprise to see a new Microsoft survey where 42% report weekly and even daily attempts to gain access to their PC or a @FindLawConsumer survey that shows 29% of U.S. adults say they’ve had their identity stolen and that 10% report being hit twice. Whether it’s a legitimate-looking invoice email hiding a data-stealing Trojan malware attack, banking malware that specifically targets sensitive user account credentials, or horse owners, unfortunately Pew Research sees a likelihood of major attacks in coming years.

Posted in: Blog, Data breach, Phishing, Privacy, This week in review

Leave a Comment (0) →

Top five online privacy concerns

Top five online privacy concerns

By Don Dobson

In epidemiology, the means for the transmission of disease is termed a “vector.” In the world of online privacy, your personal email address is one of the prime vectors by which your privacy can be compromised. If you’re not using a Dodoname to interact with merchants, you’re leaving yourself open to these top five privacy concerns (which can have some very scary repercussions!)

1. Phishing

Wikipedia defines phishing as the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Although not the only means, email is one of the main vectors for phishing. At Dodoname, we like to keep up to date on the latest developments in cybercrime through email phishing scams. We see that the scammers are relentless and that anyone can be a victim: criminals shamelessly exploit the latest news, such as recent attempts linked to the Ebola scare gripping the world or even attack children. It also a big problem for businesses as employees can be fooled and surrender corporate information or provide a pathway for hacking of retailer systems.

Phishing still thrives because it remains a simple game and the power of easily sending millions of emails every day allows the bad guys to fill their quotas. Old scams are still making the rounds and claiming victims. And the fact is, email remains a very popular communication channel. Unfortunately, it’s true that real dangers can place themselves in your inbox. Here’s a start on some help to stay out of trouble and also some advice if you have taken the bait.

2. Data breaches

Retailers in particular have shown themselves to be vulnerable to hacker attacks which result in a “breach” of security measures protecting customer data, as have financial institutions.

You may think “that’s their problem” but it could also be a problem for you. Depending on the nature of the data breach, personal information you have shared with companies, including credit card information, may become available for use by criminals and/or be re-sold in criminal markets. Ironically, this can result in even more effective phishing emails as criminals use information already stolen to become more credible to email recipients in what is known as “spear-fishing.”

There is nothing you can do to prevent these breaches, but they are the top of the list of concerns for company executives. Customers are striking back. Many consumers will stop patronizing companies who have had a data breach while some victims of these attacks  have joined lawsuits against retailers like Home Depot.

3. Malware

Email phishing can have many consequences. One of those is the installation of malware on your device. There are many varieties of malware “in-the-wild,” some malicious, some not so much, but none have any business on your device. Among the types of malware that can impact you are “key-loggers,” which send back everything you type online to criminals. This information would include details of all your online activity including banking website passwords.

And the thing is, you don’t always even need to click on anything. Just visiting some sites exposes you to these sneaky downloads through “malvertising.” You might think that staying away from seedy corners of the Internet would protect you, but the truth is even reputable sites can be hacked in these ways through ad exchanges.

4. Identity theft

Identity thieves have many different ways to strike: over the phone or through something as low-tech as criminals sifting through your trash, or through email phishing attacks. Online theft of personal identity and it has become a major problem worldwide. Criminals can use your identity and credit card information to make purchases, take out loans or conduct any illicit financial transaction.

Identity thieves can be individuals at the local level or international organized criminal operations. Even using free wi-fi at a coffee shop can open you up to identity theft. It’s clear that these types of cybercrime enterprises are a growth business.

5. Data brokers

A much broader concern for personal privacy than the vector of phishing emails and malware criminals is an industry that operates “legitimately” but without much regulatory protection for consumers. Testimony by Pam Dixon, Executive Director, World Privacy Forum appearing before the Senate Committee on Commerce, Science, and Transportation, suggests that somewhere around 4,000 companies in the U.S. gather identity information left by the “digital exhaust” of your online activity. Dixon cites real harm to individuals resulting from these activities and notes “Despite the large and growing size of the industry, until this Committee started its work, this entire industry largely escaped public scrutiny. Privacy laws apply to credit bureaus and health care providers, but data broker activity generally falls outside these laws. Even a knowledgeable consumer lacks the tools to exercise any control over his or her data held by a data broker.” 

(Image: Flickr, Sebastien Wiertz, link)

 

 

 

 

 

 

 

 

Posted in: Blog, Data breach, Email, Fraud, Identity, Phishing, Privacy

Leave a Comment (0) →