Tech Friday with Dave Hatter- January 24th 2020 - SPONSORED BY INTRUST IT


  • Fake company sites used to scam applicants:
    • Online job boards are being used to funnel job seekers to spoofed company websites offering lucrative jobs
    • The FBI's Internet Crime Complaint Center (IC3) recently said "Since early 2019, victims have reported numerous examples of this scam to the FBI. The average reported loss was nearly $3,000 per victim, in addition to damage to the victims’ credit scores"
    • Once an applicant "applies", they are contacted by the criminals posing as employees and offered jobs "usually in a work-at-home capacity."
    • The criminals typically ask for the same information as legitimate hiring companies
    • The FBI said "In order to appear legitimate, the criminals send victims an employment contract to physically sign, and also request a copy of the victims’ driver’s licenses, Social Security numbers, direct deposit information, and credit card information"
    • Victims may also be told that they are required to pay for background checks, training, supplies, etc., and told that any fees will be returned in their first check, which never comes
    • Hiring scams are not new, but spoofed websites used to capture victims' PII and steal their money is a new level of evil and complexity
    • The FBI recommends a quick Google search for the hiring company to look for duplicate sites. If you find more than one, that's red flag that could indicate a scam
    • Never provide PII or financial information to a potential employer unless you have verified they are legitimate
    • Never provide credit card information, bank information or wire transfer information to someone you have only met online
    • If you become a victim of this scam or any cybercrime, report it to the IC3 at: http://www.ic3.gov
    • You should also report it to the job site hosting the fake job listings and the real company that is being impersonated to help prevent this from happening to others
    • Additionally, you should contact your financial institutions to stop or reverse any charges as soon as possible
    • Read the FBI warning here: https://www.ic3.gov/media/2020/200121.aspx
    • Read tips from the FTC here: https://www.consumer.ftc.gov/articles/0243-job-scams
  • Clearview app can find your information from a photo:
    • The NY Times recently wrote about a start-up that helps law enforcement match photos of people to their online images
    • A startup named Clearview AI has built an app uses facial recogniation on a photo to discover your name, address and other information
    • The app is being used by hundreds of law enforcement agencies in the US
    • The FBI has been working on similar technology for some time. Their database uses passport and driver's license photos and has more than 640 million images of US citizens
    • The Clearview app has a database of more than 3 billion photos they scraped off Facebook, Venmo, YouTube and other sites
    • At this time, the Clearview app is only available to law enforcement professionals, but that could change in the future
    • Clearview recently said it's "technology is intended only for use by law enforcement and security personnel. It is not intended for use by the general public."
    • Law enforcement officials claim the app has been used to solve crimes ranging from shoplifting to murder
    • Facial recognition has come under increasing fire for privacy concerns and issues with false positives and false negatives
    • Privacy advocates have warned for some time about the mass surveillance applicability of such technologies
    • Privacy experts warn that the app could return false positives and it could be used by criminals
    • Regulation of facial recognition technology has few controls. Several cities including San Francisco, have banned it
    • Two US senators recently introduced a bill to limit how agencies like the FBI and ICE use facial recognition
    • Senator Mike Lee said: "Facial recognition technology can be a powerful tool for law enforcement officials,"
    • Senator Lee also said "But its' very power also makes it ripe for abuse. That is why American citizens deserve protection from facial recognition abuse."
    • Read the NY Times story here: https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html
  • Android Fleeceware apps installed over a half billion times:
    • Sophos recently reported on a large number of malware apps in the Android Play Store
    • In this case, these apps are known as "Fleeceware", which typically offer some limited functionality then start charging you after a very short trial period 
    • Even worse, removing the app does not cancel the subscription, you have to do that separately
    • In most cases, Fleeceware apps are not malicious in the traditional sense, they just start charging you and collect for as long as they can
    • Additionally, Sophos said these apps may change their name once installed to make it more difficult to find and remove
    • Some of the apps Sophos found charge as much as $70 per week!
    • This once again demonstrates that you must vet each app carefully before your download it
    • Google Play Store policies are less friendly than credit card policies and it can very difficult if not impossible to get a refund if you're stung
    • Sophos said that per the information from Google's own Play Store, 25 fleeceware apps have been installed over 600 million times. A few apps have been installed over 100 million times!
    • Sophos said that while Google has take down previously reported Fleeceware apps, "fleeceware remains a big problem on Google Play. Since our September post, we’ve seen many more Fleeceware apps appear on the official Android app store"
    • You can see the list of apps that sophos has called out here: https://news.sophos.com/en-us/2020/01/14/fleeceware-apps-persist-on-the-play-store/
    • If you've installed any of these apps, delete them and cancel the subscriptions
    • Check your payments for unsual entries that may be from fleeceware
  • TechSolve Cybersecurity Bootcamp for Manufacturers: Wednesday, February 5, 2020 at 7:30 AM – 12 PM - https://www.eventbrite.com/e/cybersecurity-bootcamp-for-manufacturers-tickets-82652322321?aff=efbeventtix