Tech Friday with Dave Hatter -September 18th 2020 - SPONSORED BY INTRUST IT


  • Funds Transfer Fraud is rapidly increasing;
    • Cybercriminals are always trying to figure out new ways to steal your money
    • Some use ransomware, some steal data to sell and some try to inject themselves into your transactions
    • One way they do that is "Fund Transfer Fraud" (FTF) where money that should come to you is sent elsewhere
    • Cyberinsurance company Coalition reported that FTF has increased 35% this year and reported losses ranging from thousands of dollars to well over $1 million
    • FTF represents 27% of cyber insurance claims in 2020 per Coalition
    • Coalition said that roughly 1/3rd of FTF related claims originated in the Consumer sector and the Financial Services sector was second
    • Funds were recovered only 45% of the time. But when the fraud is detected quickly, 84% of funds were recovered
    • Most funds transfer fraud claims involve some or all of the following social engineering techniques:
      • Invoice Manipulation
      • Look-alike aka doppelganger domains
      • Email Spoofing
    • Users should be skeptical and Stop, Think and Protect before making any changes
    • Organizations should implement policies that require multiple people to be involved in any change to payment processes
    • Users should attend Security Awareness Training to learn about trends and emerging threats. We offer this training at Intrust IT
  • Protect yourself from SIM Jacking:
    • Hackers are performing SIM swapping attacks, aka SIM Jacking, to take control of victim's phones and then using the phone to take control of their accounts
    • "A subscriber identity module or subscriber identification module (SIM), widely known as a SIM card, is an integrated circuit that is intended to securely store the international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephony devices (such as mobile phones and computers). It is also possible to store contact information on many SIM cards. SIM cards are always used on GSM phones; for CDMA phones, they are only needed for newer LTE-capable handsets. SIM cards can also be used in satellite phones, smart watches, computers, or cameras." - Wikipedia
    • Most mobile phone shops can issue a new SIM chip and activate it
    • If you've upgraded a phone, you may have experienced "SIM Swapping", which occurs when your old phone goes dead and a new phone is activated
    • For a stolen phone, a SIM swap is great because you can quickly disable the SIM in the stolen phone
    • If the criminal is the one initiating the swap, this is major problem because your phone goes dead and they have access to your account
    • This swap would give a criminal access to all inbound calls and messages, at least for a short time
    • While there is limited data on SIM swapping, the US Department of Justice has indicted numerous people for crimes associated with SIM swapping in the last year
    • Once the hacker has control of your phone number and account, they break into all connected accounts typically starting with with your email account
    • The hacker changes your credentials so that you can't regain control and can then plow through any cloud-based information looking for things of value
    • In 2018, Robert Ross noticed the bars on his phone had disappeared and he had no cell coverage
    • Ross was the victim of a SIM swap and a hacker was able to gain access to his accounts and steal about $1 million
    • Hackers use personal information that can be found online (OSINT) or purchased on the dark web to convince your cell carrier to transfer (port) your number to a new device in the attacker's possession
    • It works like this:
      • A criminal purchases PII on the web or steals it. It which contains bank and mobile phone information
      • The criminal uses the information acquired and other sources such as social media and searches to get additional information to answer security questions
      • The criminal creates an bank account in your name
      • The criminal obtains a blank SIM card
      • The phone provider is told the phone is lost or damaged and the new SIM card is activated while the old card is disabled
      • The criminal attempts to transfer funds using information sent to the phone by the bank during the Two-Factor Authentication (2FA) process
    • Like Ross, victims of this attack have had their bank accounts drained, and it's difficult to regain control of these accounts or to get stolen money back
    • What you can do:
      • Contact your carrier about any SIM swapping protection they may offer
      • Disconnect accounts from your phone. Ensure that each account requires that you must enter a user name and password and use a VoIP number—such as Google Voice or Skype
      • Use a secure password manager like LastPass or Roboform. At Intrust, we recommend and use LastPass
      • Use a strong, unique password for each account
      • Use Multi-Factor/Two-Factor authentication wherever possible and use an authenticator app rather than text for MFA
      • Don't store banking information on your device
      • If you suddenly lose cell service and access to your accounts, contact your carrier immediately
  • Apple released iOS 14 and iPadOS 14 September 16th:
    • iOS 14 has many new features including changes to the home screen, iMessage, privacy and much more
    • It will run on many older iPhones going back to the iPhone SE and the iPhone 6s
    • Most of the more notable changes will be available on the iPhone and include:
      • Widgets: Little apps you can put on your home screen to show information
      • Picture-in-picture: Watch video while you continue to use the phone
      • Apple Translate. Enables real-time translation between two languages with support for 11 languages
      • Threaded messages: Messages are threaded, you can reply to a text as a direct response. 
      • Pinned group chats: Pin group chats to the top of your message list
      • Siri: Siri appears at the bottom of the screen instead of taking over your whole iPhone. Dictation is rendered on the device, instead of sent to the cloud
      • App Library: Optionally organizes all of the apps on your home screen into specific folders for you
      • Apple Maps. Improvements include congestion and green zones in maps with other improvements coming
      • Privacy features:
        • App Privacy: Shows the personal information an app wants BEFORE you use it
        • A small circle at the top right of your phone when the microphone or camera are in use
        • Notice via a popup that data has been copied
        • Disable precise location tracking
        • Notice that an app is apps requesting local network access
        • Stop WiFi tracking with a random "private" MAC address when you join or reconnect to a Wi-Fi network
        • Restrict an app's access to specific photos in your camera roll,
    • The free update is now available on any device that currently runs iOS 13 or iPadOS 13