Tech Friday with Dave Hatter - March 27th 2020 - SPONSORED BY INTRUST IT


  • FBI warns of spoofed job sites:
    • As a result of COVID-19, many people are now looking for a job
    • Sadly, online job boards are being used to funnel job seekers tospoofedcompany websites offering "lucrative" jobs that are the basis for a scam
    • The FBI's Internet Crime Complaint Center (IC3) recently said "Since early 2019, victims have reported numerous examples of this scam to the FBI. The average reported loss was nearly $3,000 per victim, in addition to damage to the victims’ credit scores"
    • Once an applicant "applies", they are contacted by the criminals posing as employees and offered jobs "usually in a work-at-home capacity."
    • The criminals typically ask for the same information as legitimate hiring companies
    • The FBI said "In order to appear legitimate, the criminals send victims an employment contract to physically sign, and also request a copy of the victims’ driver’s licenses, Social Security numbers, direct deposit information, and credit card information"
    • Victims may also be told that they are required to pay for background checks, training, supplies, etc., and they are told that any fees will be returned in their first check, which never comes
    • Hiring scams are not new, butspoofedwebsites used to capture victims' PII and steal their money is a new level of evil and complexity
    • The FBI recommends a quick Google search for the hiring company to look for duplicate sites. If you find more than one, that's red flag that could indicate a scam
    • If a job is listed on a job board, but NOT on a company's website, that may be a red flag
    • Confirm with the hiring company that they, and the job are legitimate
    • Never provide PII or financial information to a potential employer unless you have verified they are legitimate
    • Never provide credit card information, bank information or wire transfer information to someone you have only met online
    • If you become a victim of this scam or any cybercrime, report it to the IC3 at:http://www.ic3.gov
    • You should also report it to the job site hosting the fake job listings and the real company that is being impersonated to help prevent this from happening to others
    • Additionally, you should contact your financial institutions to stop or reverse any charges as soon as possible
    • Read the FBI warning here:https://www.ic3.gov/media/2020/200121.aspx
    • Read tips from the FTC here: https://www.consumer.ftc.gov/articles/0243-job-scams
  • Smartphone data is used to determine who is social distancing and who isn't:
    • If you have a smartphone, you’re probably contributing to a massive COVID-19 surveillance system whether you realize it or not
    • All this location data is showing where people are and are not practicing social distancing
    • Unacast, a company that collects and analyzes phone GPS data, launched "Social Distancing Scoreboard" (SDS)
    • Unacast’s location data is collected from many apps installed on millions of Americans phones
    • SDS determines if we're staying home based on the reduction in the total distance traveled and grades which residents are changing behavior county by county
    • Based on data collected, Washington, DC, earned an A and this far, Wyoming has earned an F
    • Unacast awarded an F to any area that had a change of less than 10%
    • Unacast’s scores have not been vetted by public health authorities or epidemiologists
    • Such attempts to track public health during the COVID-19 pandemic serve as a reminder that our phones are tracking us as individuals and in aggregate
    • Social media sites also provide insight into where people are and what they are doing
    • South Korea used an app to track tens of thousands of quarantined people whose phone alerted authorities if they ventured out
    • The Washington Post recently reported that the US government is talking with several tech titans about using location data to combat COVID-19
    • This effort could include determining if people are practicing social distancing
    • The data would be managed by industry and health officials but searchable by government officials
    • Unacast CEO Thomas Walle "Over weeks now, we can identify what are the states and counties that are putting measures in place, and see if the number of cases stabilizes or drops"
    • Walle said "We can’t tell or disclose if any individual is staying at home or not."
    • Privacy advocates worry data firms like Unacast are gathering location data without clear consent
    • Walle indicated that all the apps Unacast acquires data from must inform user, but he conveniently declined to name any of the apps
  • Digital assistants are hearing confidential calls as more work from home:
    • As of 2019, there were more than 76 million "smart" speakers, aka "virtual assistants" in the US according to Consumer Intelligence Research Partners
    • There are well known instances of these and other devices listening when they shouldn'tbe listening
    • Virtual assistants like Siri and Alexa are designed to listen for a "wake phrase"
    • Many have questioned if the speakers are listening constantly
    • New research has shown that some "smart" speakers activate by mistake, as often as 19 times each day on average
    • For Google's Assistant the wake phrase is "OK Google", for Apple's Siri, it's "Hey Siri" and for Microsoft’s Cortana it's "Hey Cortana"
    • When the wake phrase is heard, the device pays attention to what follows
    • These devices can mishear things that trigger the device to listen. This has lead to these devices capturing everything from sex to crimes
    • Researchers at Northeastern University and Imperial College London have found that the accuracy of these devices for discerning the wake phrase is not very good
    • To simulate real-world conditions, researchers configured a variety of smart speakers and played 125 hours of audio from various TV shows
    • Devices tested included Google Home Mini (1st Gen), Apple’s HomePod (1st Gen), Amazon’s second- and third-generation Echo Dot, and the Harman Kardon Invoke with Cortana
    • Recording was detected by capturing when lights activated, by monitoring the network traffic, and by checking cloud accounts for recordings
    • The HomePod device was the worst for false activation
    • Additionally, when devices activated, it was for fairly long periods some as long as 43 seconds!
    • Despite past incidents, no evidence was found that any of these device recorded constantly
    • As more folks are forced to work from home, concerns are being raised by cybersecurity and privacy about the compromise of sensitive information
    • Mishcon de Reya LLP and English law firm, told staff to mute or disable such devices when discussing client matters
    • Mishcon’s warning covers any kind of visual or voice enabled device including Ring doorbells, baby monitors and closed-circuit TVs, are also a concern
    • "Perhaps we’re being slightly paranoid but we need to have a lot of trust in these organizations and these devices" - Mishcon partner Joe Hancock
    • You can disable active listening on many of these devices and require a button click to activate the device
    • The best thing you can do is D2, disconnect and discard these Orwellian spy machines

Follow me on Twitter for a steady stream of reliable, timely and useful cybersecurity information:https://twitter.com/DaveHatter

55KRC · THE Talk Station in Cincinnati

Listen Now on iHeartRadio