 |
| Cybersecurity resource site https://www.stopthinkconnect.org/ |
- The IoT provides easy access to many smart homes. When did you last buy an appliance, or perhaps even something as simple as a door lock, that wasn't connected to the internet? Most are, and manufacturer security is notoriously weak. Begin by changing the manufacturer-supplied password and continue by reading the instructions to ensure that protection like automatic software updates is in place. It's likely that threats will become ever more sophisticated.
- Mobile threats multiply with emphasis on fake apps. Traditional threats like advertising that delivers malware and phishing attacks--born on the desktop and migrating to mobile--continue to affect millions of consumers. Even more worrisome, because they are so hard to detect, are fake apps. They can be found anywhere, even on the app stores. The malicious apps are removed when identified, but new ones take their places. One security firm suggests three ways to identify fake apps:
- Look for the developer name. If it is not the same as the brand, there's something wrong.
- Read the reviews and see if they appear legit.
- Be suspicious of unreasonable promises--or unreasonable requests like writing a review before you download the app.
- Phishing is now spear phishing. Here's one example, mortgage wire fraud:
home buyers are tricked into wiring closing fees to a rogue party by an email arriving from a trusted mortgage agent. “The hacker breaks into the mortgage lender’s (or title agent’s) computer and takes note of all the upcoming pending deals and their closing dates,” he says. “Then the day before the mortgage agent would normally send out an email telling the client where to send the closing money, the phisher uses the mortgage agent’s computer to beat them to the punch. The unsuspecting client wires the money, which is rarely recovered, and ends up losing the house (unless they can come up with another substantial closing payment, which most can’t do).”
Spear phishing can be very close to home and very personal. At least 3 employees at Wichita State University responded to a phishing email by supplying their university ID number and lost their entire paychecks, which were diverted and never reached their banks. Individuals should never respond to this kind of request for information and employers have a huge responsibility to educate and remind their employees of the danger.
- Artificial Intelligence leading to smarter attacks on a larger scale. What AI can accomplish remains a mystery to many web users because it's highly technical in nature. Look at it this way. AI can help cybercriminals deceive users directly or to trick the technology itself. I wrote about fake news during CyberMonth and the warnings there are relevant (1, 2 and more).
 |
| https://www.bbc.com/news/av/technology-40598465/fake-obama-created-using-ai-tool-to-make-phoney-speeches |
Here an example of a totally fake Obama message that could have been aimed at web users. It was produced by researchers and they explain the basics of how they did it. It's easy enough to understand, but harder to actually do. However, the technology is readily available to web users who care enough to find it and learn to use it.
Harder to understand are techniques used to hijack web sites. Here's a brief article about the use of fake fonts to disguise landing pages created for phishing schemes. It's not necessary to understand how it is done to understand there are ways of deceiving users that are hard to identify. The article doesn't say so, but the fake pages should have URLs that are not exactly the same as that of the actual brand. Users need to beware, but they also need to be able to trust brands, and that's getting increasingly hard to do. When in doubt, especially about a followed link, close it and go directly to the brand website. And make a practice of notifying brands when you see something that appears suspicious. How the brand responds is one way of knowing whether to trust it or not.
- Following the implementation of the EU's GDPR in 2018 laws protecting privacy will continue to emerge. The General Data Protection Regulation is a sweeping reform of European privacy laws, which were already stronger than those in the US. I explained how and why the law applies to US web users in a 2017 post. Users currently see the effects in things like cookie warnings and explicit requests to contact users when they visit a site. See if your state has recently passed a law regarding data privacy on this consumer-oriented site. There are also legal sites that cover the issue.
The focus in the US is on the states because the federal government has moved in the other direction. The repeal of the Net Neutrality law made it possible for ISPs to collect and sell data about the activities of their users. Who knows more about us? Watch for a followup post on this issue soon.
These are five broad categories that cover many types of threats. Customers need to have high expectations of the brands they use in terms of how well the brand protects their data. It really helps for brands to know that their customers are paying attention and even taking actions on the basis of how much they trust the brand.
'Paying attention' is the relevant phrase. Every individual user needs to be alert to attempts to breach their privacy and steal their identity. My new year's resolution is to do all I can to be helpful!
Stay Safe in 2019!
