Rarely is something what it appears.

So much of our time is spent in a virtual world where disguises are becoming increasingly difficult to spot. 

Phishing emails, spoofed websites, hacked & bogus accounts and fake content shared until it reaches viral status -- these and so many other elements of the virtual world fool huge numbers of people each day into taking action or believing things they may not otherwise. 

Read on to learn how to look beyond the digital sheep's clothing to spot what may very well be a wolf underneath. 

NOTE: I'm using the idiom for this month's topic. Nothing against real wolves; they are beautiful animals!  

usU.S. Voting Systems Under Attack
The 2018 elections will make 2016 look like preschool.


If we thought the privacy and security concerns raised in the 2016 election cycle were bothersome, just wait until this year's process gets underway. 

Over the past several weeks, I've spoken with numerous election and voting system security analysts. Each says we are about to experience an entirely new level of disturbing circumstances. 

LISTEN: Are US Voting Systems
and Voter Registration Data Secure?

Political muddiness can make it difficult to recognize the reality of cybersecurity threats against our democratic process. However, the July 13 indictment of Russian intelligence officers for hacking during the 2016 elections makes it quite a bit harder to deny.

Shows that address this topic

Tune into the on-demand episode of my radio show with guest Maurice Turner , a senior technologist at the Center for Democracy & Technology, to learn more. 

I also addressed this topic in my June 26 show with Ed Moyle and plan to cover it several more times between now and the November elections in the U.S. Please share your feedback, and if you have any guest suggestions, especially those who are experts in voting and elections security, send them my way

hero2Privacy Heroes: Drs. Katina & M.G. Michael     
'Uberveillance coined,' pair dedicate careers to privacy awareness 

Professors Katina and M.G. Michael have been working to shine a light on privacy concerns for nearly their entire careers. The pair has co-authored numerous papers and books, most recently " Uberveillance and the Social Implications of Microchip Implants: Emerging Technologies ."

A recent guest of my radio show,  Data Security & Privacy with the Privacy Professor , Dr. Katina joined us to talk about the uberveillance threat, a term her husband and co-collaborator M.G. coined in 2006. Dr. Katina is currently a Professor in the School of Computing and Information Technology at the University of Wollongong in Australia. Prior to joining the university, she was Senior Network Engineer at Nortel Networks.

Dr. M.G. brings a unique, cross-disciplinary perspective to the international conversation around privacy, as he is a theologian and a historian. Also posted at the University of Wollongong's School of Computing and Information Technology, Dr. M.G. is an Associate Professor. Previously, he was coordinator of Information & Communication Security Issues for the university.

The focus of Dr. Katina & Dr. M.G.'s research, writing and speaking touches on a number of fascinating topics, from cryptography and the auto-ID trajectory to biometrics and chip implants. If you ever get the chance to attend a talk by either of these very bright, very passionate and very educated individuals, take it. They are doing great things to put the international community of consumers, business and governments on the right path to protecting our most precious digital assets, among them, our identities!

We want to know: Who is your privacy hero?
Throughout 2018, we'll introduce an individual or team who has gone over and above to advance data security and/or privacy in their corner of the world. To nominate, simply  drop us a note and explain why we need to know your hero.
At the end of December, we will announce our Privacy Hero of 2018. The hero will receive a token of appreciation and commemoration of outstanding work.

dnaFake Accounts Spread Fake News, Fake Sentiment
Social campaigns shine light on very 'real' problem
A politically divisive social media campaign with the hashtag #WalkAway began to spread on Twitter, Facebook and other platforms this summer. 

Viral campaigns are a hotbed of opportunity for nation-state hackers who are attracted to the sheer numbers of people they can reach. By spoofing legitimate content and/or creating bogus accounts, they can quite easily spread misinformation and flat-out lies.

Creating fake accounts has even become an industry in some countries, such as Indonesia.

Experts have explained that nation states and extremist groups  are drawn in by the chance to create a  heightened  sense of division among voters in the U.S. They  believe their craft will help influence the outcomes of the country's elections. 

ListenAre US Voting Systems
and Voter Registration Data Secure?

Some social platforms are taking steps to minimize these incidents. Twitter, for instance, is  removing tens of millions of accounts it suspects are fake. 

A word of warning 

ANYONE can use a hashtag. Just because the hashtag is present in a social post does not mean the individuals who started the campaign support the message. Nor do thousands of likes or retweets add to its legitimacy. In fact, the "people" doing the retweeting and liking may not even be real. 

To prevent the spread of bogus content, always check the authenticity of a story before sharing it. 

Read more

This article provides a view of the topic from the UK perspective...

worldScammers Pose as Celebrities Online
NY Times counts 9,000 fake celebrity accounts
It's easy to pretend you're someone else online... even a celebrity. Several high-profile incidents point out just how frequently this type of scam is deployed:

  • A scammer posing as singer Justin Bieber solicited nude photos from minors. 
  • Someone posing as TV star and actress Oprah Winfrey was soliciting money from people on Twitter. 
The New York Times recently dug into the problem. They conducted a study to see how many social media impersonators they could find for the 10 most followed people on Instagram.  They  found nearly 9,000 accounts across Facebook, Instagram and Twitter! 

Before you get involved with a proclaimed celebrity online, remember the person may be a scammer. If they ask for money, illicit photos, personal data or something else that could ultimately hurt you and/or your family and friends, be extremely wary. 

youScammers Pose as You!
A very real call I got after someone faked my phone number

Have a listen to this call I recorded after a stranger called me asking why I'd called her... only I didn't. My phone number had been spoofed. 
Phone scammers have access to many easy-to-use tools that make their calls appear to be coming from a legitimate number. 

Even from the other side of the world, they can use a number with an area code local to you. And it works really well; that local number is often enough to convince people to answer calls from numbers they otherwise don't recognize.

youngRansomware Delivered by Phony Accounts
Phishing from fake accounts responsible for much of the world's malware crime

Ransomware has become a worldwide problem predicted to generated more than $8 billion in global damages this year. That number is expected to rise to nearly $12 billion in 2019. 

In certain incidents, ransomware is putting lives at risk by threatening health care providers and electric grids.  

Not only is the crime spreading geographically, it's also becoming more sophisticated as the ransomware artists (and the bots they architect) learn more with each deployment. 

Even as the crime evolves, one thing seems to remain constant, and that's the delivery method. A great number of these incidents begin with a phishing email. The strategy works because  humans are often the weakest link in an organization's cyber security strategy. 

The phony communications fooling people these days are not your father's phishing attempts... they are incredibly convincing. I've seen (and shared here in this Tips message) several incidents that could trick even the most cautious individual. 

One of the reasons so many of these phishing emails work so well is because they are delivered from look-alike accounts. As email recipients, we've all been cautioned against opening emails from "people we don't know or trust." 

Well, that advice has, in a sense, back fired. 

Because ransomware artists have gotten so good at impersonating the people we know and trust, they have also gotten good at convincing us to open their emails, click on their links and download their attachments. 

I'll continue to share examples of phishing emails here in the Tips, and I would also love if you'd share any you get with meThe FTC also advises forwarding all phishing emails to  spam@uce.gov, as well as  to the person or organization impersonated in the email. 

By impersonating business partners, scammers make big money

You've heard of whaling, phishing attacks that target a company's "big fish," such as the CEO. The email often appears to be from a trusted employee and asks the executive to perform some sort of financial transaction, like a wire transfer. Believing the request to be legitimate, the executive complies, and there goes the company's money. 

Not to be outdone, catphishers are following in their whaling counterparts' footsteps by targeting executives with their own scams. They are similar, in that the catphisher pretends to be someone he or she is not, but the catphisher is more of a long-game scammer. The goal of the catphisher is to develop trust over time, often so the payout is larger. 

We've seen a lot of catphishing in consumer circles,particularly on dating websitesNow we're seeing the catphishing scam move into business circles throughout the world , and increasingly, into the IT profession

It's becoming such a problem, I decided to dedicate an entire episode of my radio show to the issue. Take a listen to my conversation with senior intelligence analyst and security researcher Allison Wikoff to  get educated about how you can steer clear of these scam artists. 

Curious Cases of Catphishing
Executives and IT Pros

rippedRipped from the Headlines   
Three major brands make news with privacy blunders

Here are just three of the news-making privacy and security stumbles hitting the press. 

Walmart created a surveillance tool to eavesdrop on workers, including the conversations they have with customers. The idea is to  judge an employee's productivity based on sounds the tool collects.  Walmart is not the only company deploying this type of technology. Many retail stores and public locations are using microphones combine with speech recognition and artificial intelligence to learn more about you. Keep public conversations low if you don't want them picked up!

Facebook stock took a tumble after its privacy blunders became water cooler talk. Had the social media giant addressed privacy from the start, it probably wouldn't be taking such a huge hit now. Would they have been slower to grow? Possibly. However, if they had implemented privacy protections correctly from the very beginning, it may have actually been a way to grow faster.

The TSA has been monitoring passengers without terrorist ties. Under a domestic surveillance program called "Quiet Skies," the agency has kept a close watch on what it considers suspect behavior from all passengers. This news broke just this weekend, so we'll dig into it a bit more and come back with more about it in the September Tips issue. 

PPInewsWhere to Find the Privacy Professor  

In the classroom... 

After years of  providing a regularly updated set of online employee training modules for my SIMBUS business clients,  and on-site certification teaching for IAPP, I'm excited to now also be teaching online IAPP-approved CIPP certification classes. 

As an instructor for AshleyTrainingOnline, an IAPP-registered certified training partner, I will host a full schedule of classes

Do you have a team or group you'd like to coordinate training for? We can often arrange a discounted price for organizations and associations based on the number you have participating.

Hope to see you in the virtual classroom sometime soon!
Next Class: August 23 - 24, 2018

 ** I also teach CIPM and CIPP/US classes, so if you are interested in those, let me know!**

On the road...

One of my favorite things to do is visit with leaders in different industries - health care and managed systems providers to insurance and energy (and beyond!). Below are a few of the events I have scheduled for the upcoming season.

September 5: Giving keynote, "Understanding the Privacy Impact of Cloud Services & Social Media," at Spotlight on Security Speaker Series hosted by ISSA, ISACA, Women in Security, netskope and Sprint. Event is at the Sprint World Headquarters in Overland Park, Kansas.

September 19-20: Giving keynote and workshop at Data Privacy Asia, Manila, Philippines.

October 10-11: Giving keynote at SecureWorld Dallas in Texas. 

November 7-8: Giving keynote at SecureWorld Seattle in Washington. 

On the air... 


I'm so excited to be hosting the radio show  Data Security & Privacy with The Privacy Professor on the  VoiceAmerica Business network . All episodes are available for on-demand listening on the VoiceAmerica site, as well as iTunes, Mobile Play, Stitcher, TuneIn, CastBox, Player.fm and similar apps and sites. 

Hear the perspectives of incredible guests as they talk through a wide range of hot topics. We've addressed identity theft, medical cannabis patient privacy, cybercrime prosecutions and evidence, government surveillance, swatting and GDPR, just to name a few. Several episodes provide career advice for cybersecurity, privacy and IT professions.

Please check out some of my recorded episodes, and let me know what you think! I truly do use what I hear from listeners.

SPONSORSHIP OPPORTUNITIES: Are you interested in being a sponsor or advertiser for my show? It's quickly growing with a large number of listeners worldwide. Please get in touch! There are many visual, audio and video possibilities.

In the news... 

CPO Magazine

Credit Union Times

Health Care Info Security

Secure World

CWIowa Live

The morning TV broadcast regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes.

On June 6,we talked about what every consumer needs to understand about digital assistants and Facebook, namely that what you share with these places is collected, analyzed and shared, possibly with hundreds of third parties. 

Keep an eye on my YouTube channel, where you can catch up on many of my visits to CWIowa Live. 

Questions? Topics?

Have a topic I should discuss on the  CWIowa Live morning show or on my Voice America radio show? Or, a question I can answer in my next monthly Tips? Let me know!
3 Ways to Show Some Love

The Privacy Professor Tips of a Month is a passion of mine and something I've offered readers all over the world for since 2007 (Time really flies!). If you love receiving your copy each month, consider taking a few moments to...

1) Tell a friend! The more readers who subscribe, the more awareness we cultivate.

2) Donate! T here are time and hard dollar costs to producing the Tips each month, and every little bit helps. 

3) Share the content. All of the info in this e mail is sharable (I'd just ask that you follow

Sorry, no wolves or sheep in our album. Would you settle for llamas? Here they are with my sons circa 2012.
As you settle into the end of summer, be on the lookout for the data wolves in sheep's clothing. They are everywhere, just waiting for you to come close. Help others spot them, too, by sharing stories and passing along information as you learn of it. 

Best of luck, and certainly get in touch if I can answer any questions or help you get better at spotting the crooks!
Rebecca Herold, The Privacy Professor

Need Help?

share2Permission to Share

If you would like to share, please forward the Tips message in its entirety. You can share  excerpts, as well, with the following attribution:

Source: Rebecca Herold. August 2018 Privacy Professor Tips. www.privacyprofessor.com.

NOTE: Permission for excerpts does not extend to images.

Privacy Notice & Communication Infoprivpolicy

You are receiving this Privacy Professor Tips message as a result of:

1) subscribing through PrivacyGuidance.com
2) making a request directly to Rebecca Herold; or 
3) connecting with Rebecca Herold on LinkedIn

When LinkedIn users initiate a connection with Rebecca Herold, she sends a direct message stating that in the spirit of networking and in support of the encouraged communications by LinkedIn, she will send those asking for LinkedIn connections her Tips message monthly. If they do not want to receive the Tips message, LinkedIn connections are invited to let Rebecca know by responding to that LinkedIn message or contacting her at rebeccaherold@rebeccaherold.com. 

If you wish to unsubscribe, just click the SafeUnsubscribe link below.
The Privacy Professor
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564

Visit my blog    Follow me on Twitter