Skype Calls on Echo Devices

In the News 

Voice-controlled speakers continue to make new updates and improvements. In Amazon Echo devices can now make Skype calls, Brian Heater at TechCrunch discusses the recent collaboration between Amazon Echo products and Microsoft’s Skype which will allow Echo device users to make Skype voice and video calls depending on their device capabilities. Heater details that this collaboration will enable Echo users to request Skype calls using voice-control and make calls with Skype contacts.  

Our Take 

Voice-controlled smart devices such as the Amazon Echo have become commonplace in the home, work, and travel destinations. They capitalize on consumer’s demand for convenience and can save one time and energy in doing mundane tasks. While such devices have many positives, the technology-driven nature of such devices result in security concerns that are important to understand. Not all smart devices are created the same and not all of these devices are built with the same data security measures. Researching the data collection practices of such devices before purchasing them as well as being mindful of the information and the quantity of information that you share with these devices are proactive steps to securing your personal information. Using such devices can still be done safely and beneficially for all parties, but understanding the risks associated with the use of such devices can help protect not only your personal information but also the personal information of your contacts.  

Recommendations 

How can you protect your personal information when using voice-controlled smart devices?  

  • Understand the risks of putting your personal information into the world, and only share what you have to   
  • Refrain from discussing highly sensitive information over a voice or video call; such information should be addressed in-person whenever possible 
  • Update your devices and apps whenever possible to avoid running a vulnerable program  
  • Be aware of default settings on any device or application and turn on privacy settings as needed

Apple Pay Phishing Scam

In the News 

Advertisements embedded in online media have become the source of many malicious attacks. In Malvertising in Apple Pay Targets iPhone Users, Kacy Zurkus at Infosecurity Magazine discusses the detection of a phishing attack and redirection campaign that preys on Apple Pay users on both iPhones and Android devices. Zurkus explains that when clicked, a malicious ad, yet legitimate appearing, on specific news and media sites called PayLeak prompts users to Zurkus details that the malware can determine if one’s device contains malware detecting software and if it does not, iPhone users are prompted to update either their devices and Apple Pay accounts which require inputting financial information. 

Our Take 

Phishing campaigns are becoming increasingly complex and dangerous, and the endgame of such malicious attacks is the theft of your personal and financial information. While these attacks are designed to look legitimate and aim to trick the untrained eye into falling prey to such attacks, mindful online practices can protect you from falling into such traps. For the Apple Pay and many similar attacks, a user must first click on a malware embedded app. By refraining from clicking on unfamiliar ads, one can avoid the lure of such dangerous attempts. Similarly, an update prompt or request to enter financial information should be verified before complied with. You can check to see if an app needs updating on the AppStore or by searching online to see if an update for your app or device is ready. Although it is essential to update your devices regularly, it is vital that such practices be done with care and consideration of the possibility of malicious attackers aiming to steal your information.  

Recommendations 

How can you protect your data and finances from phishing attacks and scams?  

  • Understand the risks of putting your personal information into the world, and only share what you have to   
  • Use safe password practices, and take advantage of Multi-factor Authentication where possible   
  • Avoid clicking directly on links, whether in email or social media – always search through your search engine to verify legitimacy and find the appropriate site    
  • Refrain from opening suspicious attachments   
  • Pay particular attention to messages that threaten to cut off a service or promise unlikely rewards–these are intended to get you to act quickly without thinking   
  • Stay up to date on the news regarding recent fraud and phishing attacks to see if you may have been affected

Instagram Exposes Passwords

In the News 

First Facebook, then Instagram: data exposure continues to plague the social media industry. In Instagram Bug, Now Fixed, Exposed User Passwords, Kacy Zurkus at Infosecurity Magazine discusses the impact of a now fixed bug on the social media platform, Instagram. Zurkus explains that by utilizing the Download You Data tool, users were sent an email exposing their passwords in the contents of a URL. Zurkus emphasizes the importance of ‘comprehensive cybersecurity measures’ to adequately secure user’s data. 

Our Take 

Password security is vital in the Age of the Internet. Receiving your password through an email is potentially dangerous because most emails are not sent with proper encryption meaning that there is potential for the email account to be hacked. Unfortunately, many people still use the same password for multiple accounts, thus making the idea of a password breach more harmful. If your password is breached through email hacking or another data breach, the ‘key’ to any account that utilizes the password is also compromised. With the normalization of online shopping, subscription services, and online finances, the reality of having your password and thus account breached could be detrimental to your finances. In addition to advocating for cybersecurity measures on the corporate front, being proactive about protecting not only your accounts but also your passwords are the best way to secure your information and your finances.  

Recommendations 

How can you protect your data and personal information from being exposed?  

  • Understand the risks of putting your personal information into the world, and only share what you have to   
  • Don’t reuse your account passwords, and take advantage of multi-factor authentication whenever possible  
  • Be aware of default settings on mobile apps and turn on privacy settings as needed   
  • Stay up to date on the news regarding recent security breaches to see if you may have been affected 

PayPal Email Scam

In the News 

In Scammers Target PayPal Users With Bogus Emails; ‘It Just Blows My Mind That Everything Was Fake, Dorothy Tucker at CBS2 Chicago discusses a recurring email scam targeting PayPal users in the resale industry. Tucker states that the fraud informs users that money was transferred to their account and then prompts the user to send the purchased product they are selling to an address. However, this is all fake, and no money has been added to their account. Tucker explains that the only noticeable tell that the email was fake was the email ending which was @email.com instead of the correct @paypal.com. Tucker recommends that PayPal users check their accounts before sending any items to ensure that their transaction was legitimate.  

Our Take 

The increasing intricacy of email scams and their legitimate appearances are designed to trick customer’s into falling prey to malicious attacks. Although these scams may be challenging to decipher, being cautious and proactive about your email and account practices are essential to realizing a fraud before you are harmed. It is vital that customers proceed with caution anytime finances are in play, especially when dealing with transactions with other individuals. The resale industry is especially vulnerable to such scams because individual to individual transactions are often less formal. However, one must always verify that a transfer of money, whether to you or from you is complete and reputable before taking any additional steps in a transaction. Making the extra time and effort to verify transactions can save you money in the future and prevent the possibility of financial damages. 

Recommendations 

How can you protect your finances from email scams?  

  • Don’t reuse your account passwords, and take advantage of multi-factor authentication whenever possible  
  • Know the signs of an email scam and know how to act if you are affected    
  • Avoid clicking directly on links, whether in email or social media – always search through your search engine to verify legitimacy and find the appropriate site   
  • Refrain from opening suspicious attachments 
  • Track your finances closely to notice suspicious transactions before they become dangerous

Dangers of Recent Gmail Glitch

In the News 

Email scams and phishing attempts may not just be targeting your email inbox. In Gmail Glitch Offers Stealthy Trick for Phishing Attacks, Lindsey O’Donnell at Threatpost discusses how a malicious attacker can send emails that get received and stored in a user’s sent mailbox, providing the opportunity to evade scam filtration of inbox emails. O’Donnell explains that by sending an email with a user’s email address in the ‘from’ section, this then prompts Gmail to save the email as read in the sent folder. O’Donnell states that this can be used by malicious attackers to embed malware or harmful content in attachments and links that appear to have been sent by an unsuspecting user.  

Our Take 

Phishing attempts and email scams are all too frequent in today’s society, and falling prey to such an attack can have dangerous repercussions for your data security and finances. Technology glitches, such as the one recently detected on Gmail increase the ability of malicious attackers to create and profit off of phishing and scam attacks. These types of glitches allow attackers to capitalize on unsuspecting users who may not be aware that hackers can access their sent folder or access their email account at all. Although such glitches should be the company’s responsibility to address, it is crucial that all email users be aware of the possibility of malicious emails and attachments somehow plaguing their email account or one of their contact’s accounts. Take an additional few seconds to confirm that you are reading the correct email or opening a legitimate attachment…it could save you big time in the future.  

Recommendations 

How can you protect your personal information from phishing attempts and malicious attacks?  

  • Avoid clicking directly on links, whether in email or social media – always search through your search engine to verify legitimacy and find the appropriate site  
  • Be mindful of your emails; always check the date, subject line, and recipients to confirm that you are reading and using the correct email 
  • Stay up to date on recent security glitches, scams, and attacks to see if you may have been affected

Firefox Notifications

In the News 

Knowing whether a website has been breached recently just got easier. In Mozilla adds website breach notifications to Firefox, Natasha Lomas at TechCrunch discusses a new security feature that will alert Firefox users via a pop-up notification if a website they are browsing experienced a data breach in the past year. Lomas elaborates that this new security feature will be connected to Mozilla’s Firefox Monitor tool, which alerts users is their email was affected in the event of a data breach. 

Our Take 

With the unfortunately high frequency of data and security breaches, any initiative by a major web browser to further protect and educate users is welcomed. Mozilla’s new tools provide the user more information about their browsing habits and information security. While we hope that you proceed with caution when utilizing a website that has been recently breached, having such information allows you, the user, to make your own decision about your data security, a choice that is often not afforded to consumers in our tech-driven society. Additionally, by learning about all of the recent breaches, more users may become more sensitive to the dangers of oversharing online or using websites that are notoriously not secure.  

Recommendations 

How can you protect your personal information from data breaches?  

  • Understand the risks of putting your personal information into the world, and only share what you have to   
  • Don’t reuse your account passwords, and take advantage of multi-factor authentication whenever possible  
  • Be wary of clicking on arbitrary links—utilize reputable and verifiable platforms for online browsing and purchases 
  • Track your finances closely to notice suspicious transactions before they become dangerous

Cyber Attacks This Holiday Season

In the News 

As holiday shopping heats up, the threat of cyber attacks looms large. In Ahead of Black Friday, Rash of Malware Families Takes Aim at Holiday Shoppers, Tara Seals at Threatpost discusses the potential dangers of online shopping this holiday season and the methods of malicious attackers aiming to capitalize on the increase in web-based purchases. Seals explains that 14 types of malware have been identified thus far manipulating 67 businesses in various sectors including clothes, tech, and financials. Seals elaborates that consumers are struggling with their knowledge of the security risks of online shopping and the convenience that online shopping brings. 

Our Take 

While convenience place a significant factor in many individual decisions in our society, the issue of security and more importantly financial security should take a higher priority. The holiday seasons are a time of increased shopping, gifting, and unfortunately, vulnerability for consumers as malicious actors capitalize on the season of giving to steal your finances and identity. Online shopping can be especially vulnerable because the consumer is unable to see malware present on a given website. Additionally, the convenience of online shopping is accompanied by a decrease in caution used when making purchases. Although making a purchase at 2 am while you watch Netflix in bed might be convenient, making online purchases when you guard is down can lead to unsafe online practices.  

Recommendations 

How can you protect your finances from cyber attacks this holiday season?  

  • Understand the risks of putting your personal information into the world, and only share what you have to, especially when making purchases online 
  • Make purchases at reputable online retailers 
  • When possible, shop at brick and mortar locations that utilize EMV (chip-payment PoS systems) 
  • Minimize the number of accounts that have direct access to your bank account or card numbers  
  • Don’t reuse your account passwords, and take advantage of multi-factor authentication where possible. 
  • Check your email, financial accounts, and credit reports regularly for abnormal activities  
  • Stay up to date on the news regarding recent fraud and phishing attacks to see if you may have been affected

Facebook Patent and Data Privacy 

In the News 

In A Facebook patent would use your family photos to target ads, Adi Robertson at The Verge discusses a recently issued Facebook patent that will make it easier for Facebook to gain more data about your family and relationships by analyzing your photos and inputted information, increasing ad personalization. Robertson explains that Facebook is already able to learn a lot about its users are given the information that they add to their bios, but that it will soon be able to utilize cross-referencing to learn even more about your life and provide more personalized ads as a result.  

Our Take 

Privacy is the name of the game in today’s social climate, and this new patent seems to be a pretty clear violation of privacy. Social media platforms are designed to promote the sharing of life moments and personal information, but there is a clear difference between actively sharing information and having such information used in ways that you may not be aware. This brings up the issue regarding data misuse and what a company should and should not be able to do with its users’ data. Ad tracking is a very common method of using data inputted by users on a given platform, though it is highly controversial in nature. While it may be nice to see an ad pop up for a product that seems tailor-made for you, think about how the company or platform knew that you might like that product. If you are frequently recommended products that look very personal, you might be providing too much personal information on the accounts you use daily.  

Recommendations 

How can you protect your privacy on social media platforms?  

  • Understand the risks of putting your personal information into the world, and only share what you have to 
  • Refrain from sharing your location frequently 
  • Choose your social media connections carefully, only friend, follow, and like people and organizations you know and trust 
  • Know your rights when it comes to data use and storage

Secure Products for Holiday Gifting

In the News 

With the holiday shopping season rapidly approaching, gift guides are all the rage. In Mozilla releases privacy report on which holiday gadgets are too creepy, Shannon Liao at The Verge discusses a report released by Mozilla that grades popular IoT (Internet of Things) and tech products regarding their security and privacy policies. Liao reports that 25 out of the 70 products analyzed meet certain standards set by Mozilla and that others including the Amazon Echo and Google Home had important security and privacy risks. Liao explains that the purpose of this report is to help consumers make an educated decision regarding their purchases and how they might impact their privacy. 

Our Take 

While tech and IoT products are increasing in popularity and decreasing in cost, which makes them popular gift options, not all products have the same security and privacy features. It is crucial that as consumers, we use caution when purchasing such products and develop an understanding as to why certain products are more secure than others. Though products like the Google Home and the Amazon Echo rank low on the privacy and security scale, they can still be used cautiously if one genuinely wants to utilize one. Similarly, even the most secure products can be used in unsafe ways if account privacy settings are not enabled or if strong and unique passwords are not created. In this regard, responsibility is placed on the consumer to make the best out of their tech-related products. However, purchasing products that rank highly in security and privacy can’t hurt. 

Recommendations 

How can you protect your privacy when using tech-related products?  

Recent Twitter Scam & Target

In the News 

Twitter as a platform has been used once again to host a scam attack. In Target’s Twitter account was hacked and used for a bitcoin scam, Makena Kelly at The Verge explains how Target’s Twitter account was hacked for a short period allowing hackers to create a scam post promising Bitcoin amounts to users who provided personal information and small Bitcoin amounts. Kelly discusses how this scam is the continuation of scams in which malicious individuals impersonate individuals on Twitter to accomplish a similar scheme. Kelly reports that Twitter has taken steps to reduce the possibility of these scams through account verification, but hackers continue to advance in their approaches in order to extort money from unsuspecting individuals.   

Our Take 

In today’s society, companies capitalize on social media as a marketing tool and offer promotions and information through these platforms often. While this marketing tool connects with the customer consistently and may improve customer experiences and brand loyalty, it also builds consumer trust in the company that can be exploited through social media hacking and scams. Twitter users and Target shoppers trust verified company and personal accounts and may be more likely to click on a post and provide personal information. This activity can be potentially dangerous when finances are involved. In the case of the Twitter Target scam, users’ trust was exploited, and they were harmed financially as a result. With the high occurrence of financial scams on social media, it is vital that us, as the consumer, are cautious about what we trust and where we input our personal and financial information. Remember, when an ad or post offers free goods or services in return for small amounts of money, it is often a scam to which you should avoid falling prey. 

Recommendations 

How can you protect your finances from social media scams?  

  • Be cautious of posts and ads promising free or easy financial gains…if it looks too good to be true, it probably is 
  • Avoid clicking directly on links or posts, whether in email or social media – always search through your search engine to verify legitimacy and find the appropriate site   
  • Secure your account by always using new and unique passwords, and take advantage of multi-factor authentication where possible. 
  • Stay up to date on the news regarding recent fraud and phishing attacks to see if you may have been affected 
  • Check your email, financial accounts, and credit reports regularly for abnormal activities