source:  technewsworld.com

With much of the workforce conducting business from home to escape the pandemic, scammers have revved up their trickery to scare victims into falling for credential harvesting schemes.

Two new reports lay bare the new twists digital scammers are putting on old approaches to get you to unwittingly give up login credentials for your personal or company online banking and server portals. The two reports focus on how to avoid becoming a corporate or consumer victim.

One new twist detailed by Armorblox threatens to recycle inactive addresses unless the would-be victims immediately update and confirm their account details. This results in fearful recipients entering their legitimate email addresses and password information.

The second report, by email phishing protection firm INKY, reveals the intricate directives of a credential harvesting phishing email. These emails impersonate the United States Department of Justice by using a malicious link with real logos mimicking government websites.

phishing email pretending to be the DoJ

A phishing email scam which gives the appearance that the sender is the U.S. Department of Justice.

Credential harvesting is largely considered the foundation of email phishing. It is the easiest way for anyone to get into your secure files. They simply use your password that you gave them, explained Dave Baggett, CEO and co-founder of INKY.

“In terms of the overall rate of phishing generally, we have seen nearly a three-times increase in phishing emails since the pandemic started,” Baggett told TechNewsWorld.

 

Banking on Phishing

Last week, Armorblox, a cloud office security platform that protects inbound and outbound enterprise communications, released its latest discovery of a new credential phishing attempt. The report details how cybercriminals use an email with a malicious link leading to a fake website. The landing page painstakingly resembles the Bank of America login page.

Continue reading “EMAIL SCAMMERS USING OLD TRICKS WITH NEW TWISTS”

source: wired.com

YOU ARE, WE hope, already protecting your phone with a PIN, a fingerprint, or a face (or all three), but sometimes you’ll want to add an extra barrier to particular apps—if you’re lending your phone to a friend, say, or if your kids or partner are always borrowing your phone for whatever reason.

How you want to apply this additional protection is up to you. Some apps come with it built in; in other cases you’ll need to enlist the help of a third-party app. The process is also different depending on whether you’re using Android or iOS, and so we’ve split our guide up into two sections.

Locking Apps on iOS

Apple doesn’t give third-party apps quite as much leeway on iOS as Google does on Android, so you won’t find any general-purpose locking tools in the App Store. Instead, you’re relying on the individual apps themselves—many apps that can hold sensitive information will give you additional options.

Apple’s own Notes app for the iPhone is one example. You can lock individual notes by tapping the Share button (inside a note) or long-pressing on a note (on the notes list) and then choosing Lock Note. Notes are locked using Face ID, Touch ID, or a PIN code, and you can set this via Notes in the iOS Settings app.

screenshot from Dropbox

You can lock Apple Notes individually on an iPhone.DAVID NIELD VIA APPLE

WhatsApp has protections in place as well to keep prying eyes out of your messages. From the main screen, you need to tap Settings, Account, Privacy, and Screen Lock—you’ll then be able to set up Touch ID or Face ID to guard access to your conversations. If either of those methods fail, you’ll get pushed back to your phone’s lock screen passcode.

Another third-party app with this same security measure is Dropbox, which is handy if you don’t want your toddler accidentally wiping all your files with an ill-judged finger push. Tap Account, then the cog icon (top left), then Turn Passcode On. When you’ve set a passcode, you’ll also be given the option to use Touch ID or Face ID as well.

We can’t guide you through every app on iOS, but have a look inside your favorite ones to see if an extra security layer has been included. Evernote, Amazon, and PayPal are three other apps that can be locked with Touch ID or Face ID, and many banking apps now have the same feature too, so even if someone gets access to your phone (with or without your permission), they can’t access all of your apps.

screenshot from iphone

Dropbox is one of the apps that supports Face ID and Touch ID on iOS.DAVID NIELD VIA APPLE

You have a couple of other tools you can turn to in iOS: They weren’t primarily intended for securing apps, but they can do the same job. The first is Screen Time, which you can access from Settings: If you tap Use Screen Time Passcode to set a passcode, then select App Limits and set the daily limit for an app to zero hours zero minutes, you’re effectively locking other people out of the app without the passcode.

Your second option is Guided Access, which you’ll find in the Accessibility menu in Settings. Once you’ve enabled it, open an app and triple-tap the side button or home button—you then won’t be able to switch to any other app without entering the phone’s passcode. It’s ideal if you want to let one of the kids play a game, but don’t want them to venture onto any other apps.

 

Locking Apps on Android

Android does let third-party apps control access to other apps, so you can install one of these app lockers and block access to any apps you don’t want other people snooping around inside. A passcode is usually required to gain access, though some locking tools can work with fingerprint sensors or face recognition.

Continue reading “HOW TO PASSCODE-LOCK ANY APP ON YOUR PHONE”

source: nakedsecurity.sophos.com

It’s simple: Boston doesn’t want to use crappy technology.

Boston Police Department (BPD) Commissioner William Gross said last month that abysmal error rates – errors that mean it screws up most particularly with Asian, dark or female skin – make Boston’s recently enacted ban on facial recognition use by city government a no-brainer:

Until this technology is 100%, I’m not interested in it. I didn’t forget that I’m African American and I can be misidentified as well.

Thus did the city become the second-largest in the world, after San Francisco, to ban use of the infamously lousy, hard-baked racist/sexist technology. The city council voted unanimously on the bill on 24 Jun – here’s the full text, and here’s a video of the 3.5-hour meeting that preceded the vote – and Mayor Marty Walsh signed it into law last week.

The Boston Police Department (BPD) isn’t losing anything. It doesn’t even use the technology. Why? Because it doesn’t work. Make that it doesn’t work well. The “iffy” factor matters most particularly if you’re Native American, black, asian or female, given high error rates with all but the mostly white males who created the algorithms it runs on.

Continue reading “BOSTON BANS GOVERNMENT USE OF FACIAL RECOGNITION”

source:  thecyberwire.com

At a glance.

  • FBI Director offers a harsh appraisal of Chinese cyberespionage.
  • Official concerns about Chinese cyber operations in France and India.

FBI Director offers a harsh appraisal of Chinese cyberespionage.

At a speech before the Hudson Institute yesterday, US FBI Director Wray denounced Chinese intelligence operations as serving Beijing’s ambitions to become the world’s dominant power. The Communist Party of China, Director Wray said, believes it’s in a “generational fight” to become the world’s sole superpower, and that Beijing’s assertiveness in cyberspace is a consequence of the strategy that flows from that belief. 

Continue reading “THE FBI’S TAKE ON CHINA’S CYBER OPERATIONS”