USSecurities and Exchange Commission warnsof government impersonation attacks:
- The Securities and Exchange Commission (SEC) raised the alarm of scammers impersonating SEC officials
- "We are aware that several individuals recently received phone calls or voicemail messages that appeared to be from an SEC phone number," the SEC's Office of Investor Education and Advocacy (OIEA) said
- OIEA said "The calls and messages raised purported concerns about unauthorized transactions or other suspicious activity in the recipients' checking or cryptocurrency accounts."
- "The SEC does not seek money from any person or entity as a penalty or disgorgement for alleged wrongdoing outside of its formal Enforcement process" OIEA said
- The SEC warned that any purported contacts from the SEC should be verified before any information is shared
- Go out-of-band. Call (202) 551-6000, (800) SEC-0330 or emailhelp@SEC.gov
- If you believe you've been scammed, you can file a complaint with the SEC's Office of Inspector General atwww.sec.gov/oig
Beware holiday oriented scams:
- "Free" gift cards
- Deals that are too good to be true
- Top holiday wish-list items as bait
- Misleading/ fake social media posts and ads
- Compromised account alerts
- Bogus shipping notifications
- Fake charities
- Lookalike/doppelganger websites
- Temporary holiday job scams
Hacking fingerprints is easier than you think:
- Kraken Security Labs reported that a fingerprint scanner can be "hacked" for around $5
- A high resolution photo of a fingerprint can be converted to a negative in Photoshop
- The negative is then 3D printed on acetate
- The printed fingerprint is covered with wood glue, when the glue dries, it can be removed from the acetate and used to fool many scanners
- "We were able to perform this well-known attack on the majority of devices our team had available for testing" Kraken said
- Cisco's Talos unit published a report in 2020 that explored several ways a fingerprint could be spoofed
- "Our tests showed that—on average—we achieved an ~80 percent success rate while using the fake fingerprints, where the sensors were bypassed at least once" - Cisco Talos
- Talos said "a person that is likely to be targeted by a well-funded and motivated actor should not use fingerprint authentication."
- In regards to using your fingerprint for authentication, Kraken said "At best, you should only consider using it as second-factor authentication (2FA)"
- Read the Kraken report here:https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/