Credit card company Capital One sent Rebecca the message on the left because it spotted suspicious charges to her account. (You can see that both were identical charges.)

Eric Ravenscraft at Wired provided this timely article: How to Un-Setup Your Smart Home When Someone Moves Out. It's easy enough to connect most smart gadgets, but what about disconnecting? Eric's article shares tips on how to securely untangle shared devices and accounts securely.

Mailchimp produced an excellent resource for uses and the general public it calls a "Transparency Report." Among other things, it describes how and where the company has changed its data practices year-over-year. We’d love to see more organizations providing annual transparency reports.

Premier Credit Union in our home state of Iowa hosts an annual Electronics Recycling & Shredding Event. We love this. It's a simple-to-organize, yet a hugely impactful, way to keep a community data-secure and privacy-aware.

Researchers at Zimperium reported on how to protect Android phones from new 'System Update' malware. This malicious software is capable of stealing every single personal detail from infected devices.

Acting U.S. Attorney M. Rhett DeHart recently shared advice for keeping families safe online. Among the tips for children: Understand that people can pretend to be anyone online and that images can be altered or stolen.

The AARP & Marc Saltzman have put together a resource for members and the general public called, "The Definitive Guide to Reducing Robocalls." Following the recommended steps will cut back on "calls everybody loves to hate."

Apple is requiring iPhone users to opt-in for receiving ads, a good privacy move. When users do not opt-in, advertisers will still get data about ad performance, but purportedly that data will be aggregated, not associated with specific individuals. This creates a bit of a double-edged sword, however, as advertisers will be receiving even more data about the behavior of the iPhone users who do opt-in. However, being opted-out as a default is a definite win for iPhone users’ privacy.

*Privacy Beacons do not necessarily indicate an organization or person is addressing every privacy protection perfectly. It simply highlights a noteworthy example of privacy-aware practices.

Want to know more about why and how to do wardriving? Get in touch with Rebecca using clientservices@privacysecuritybrainiacs.com.

It's critical to have executive support for programs like wardriving, which involves physically searching for wi-fi networks with vulnerabilities from a moving vehicle or on foot. Over the past year, the number of wi-fi networks has increased significantly, as the majority of the population moved to home offices. This resulted in a huge number of unsecured home wi-fi networks…which also then put the business, and business networks they connect to and the data stored within them, at risk. Wardriving is a useful tool in identifying unsecured remote wi-fi networks.

When you speak with decision-makers, explain the risks that unsecured, remote wi-fi networks create for the business. Help them see why it's important to perform the same types of testing on employees' remote spaces that you perform on business-owned wi-fi networks and connections.

Reiterate that your aim is to protect the business, employees, customers, patients, students and others, and also to ensure compliance with data protection requirements. Hackers love remote wi-fi, including those from the wi-fi networks of home workers. The threat is real.

PRO TIP: Avoiding pushback to activities like wardriving can be simpler if you have remote wi-fi cybersecurity and privacy requirements within your HR and/or information security policies and procedures.

It is also a good idea for work-from-home employees to set up a separate wi-fi network specifically for their smart devices. This way a hacked smart TV, for example, computers will not be compromised at the same time. Your organization’s IT area should be able to help employees do this, or point them to instructions or a contracted service to help if you do not have the IT resources available.

In these circumstances, both education and tools like a VPN or a juice jack blocker can help employees avoid walking into a cyber trap. 

• New Android spyware designed to look like a system update, but was never in the Play Store. Recently, a security firm uncovered a worrisome bit of spyware on Android that disguises itself as a system update.

• Palestinian Hackers Tricked Victims Into Installing iOS Spyware. The groups used social engineering techniques on Facebook to direct targets to a wide range of malware, including custom tools.

• 100 Million More IoT Devices Are Exposed—and They Won’t Be the Last. The Name:Wreck flaws in TCP/IP are the latest in a series of vulnerabilities with global implications.

• Your 'smart home' is watching – and possibly sharing your data with the police. Smart-home devices like thermostats and fridges may be too smart for comfort – especially in a country with few laws preventing the sale of digital data to third parties. ‘The documents and data we access remotely every day can end up in a gray zone outside the clear protections afforded in our homes and offices.’ ‘The documents and data we access remotely every day can end up in a gray zone outside the clear protections afforded in our homes and offices.’

• They Stormed the Capitol. Their Apps Tracked Them. Times Opinion was able to identify individuals from a trove of leaked smartphone location data. Such tracking may be useful to catch criminals. But, just consider how easily this data could be collected to track anyone whose smartphone data has been leaked, for any reasons, including nefarious reasons.

• New Sony technology can read lips. Sony’s new Visual Speech Enablement uses cameras and artificial intelligence to read lips. Are its accessibility benefits overshadowed by the potential for privacy violations? If you’ve seen 2001: A Space Odyssey, you know what could happen…look what happened when the H.A.L. 9000 read the lips of the astronauts!

• Mexico will require new cell phone users to provide biometric data to the government. The nationwide registry of cell phone users will contain the biometric data of the user, along with a long list of other personal data.

• I fell for a dangerous Google Voice scam. This is how it works and how to avoid it.

• State-sponsored cyber warfare is a top concern for tech executives. Is it a concern at your organization?

• Microchip security continues to confound Pentagon. Nearly nine years ago, the Senate Armed Services Committee reported the results of an investigation of counterfeit electronic parts in the U.S. military. The year-long probe found fully 1 million bogus parts, including components for several types of combat aircraft. Worries have only grown since then that technology that was made or modified in China, including everything from computer chips to servers, can be not just counterfeit but also malicious if it carries spyware.

• Hundreds of electric utilities downloaded SolarWinds backdoor, regulator says. About a quarter of roughly 1,500 electric utilities sharing data with the North American power grid regulator said they installed the malicious SolarWinds software used by suspected Russian hackers.

• A 'Worst Nightmare' Cyberattack: The Untold Story Of The SolarWinds Hack. Hackers believed to be directed by the Russian intelligence service, the SVR, used that routine software update to slip malicious code into Orion's software and then used it as a vehicle for a massive cyberattack against America. New information beyond what has been reported to date.

• UK Counterintelligence Campaign Warns Over 10K Targeted on LinkedIn. By Christopher Burgess. A warning is being pushed out to over 450,000 UK civil servants and members of industry and academia carried with it the ominous news that over 10,000 in UK government, business and academia have been targeted within the last five years.

• To hear an interesting discussion about cyber warfare, tune in to Rebecca’s May VoiceAmerica episode with 30-year US CIA veteran Christopher Burgess, the author of the previous article, as he discusses the issues.

• Hackers breach Broward schools’ computer system. They’re demanding millions in ransom. Schools continue to be popular targets. It seems ironic that educational institutions still need more education about ransomware, how to prevent being a victim, how to make their own staff aware of identifying the indicators for ransomware, and how to make frequent backups and follow current disaster recovery plans so they do not have to pay large amounts of money to the cybercrooks. That money could be so much better spent on students’ needs and teachers!

• Apple’s Ransomware Mess Is the Future of Online Extortion. Hackers stole confidential schematics from a third-party supplier and demanded $50 million not to release them.

• Cyber Insurance Firm Suffers Sophisticated Ransomware Cyber Attack; Data Obtained May Help Hackers Better Target Firm’s Customers. Do you have cyber insurance? If so, give them a call and ask them if they have security and training in place to prevent being a victim of this types of ransomware attack.

• A new headache for ransomware-hit companies. Extortionists emailing your customers.

• The agency that controls U.S. nukes had its Twitter account accessed by a child. Twitter users jokingly feared that the agency responsible for the U.S. nuclear arsenal had been overtaken. An unintelligible tweet made by U.S. Strategic Command (USSTRATCOM) was produced by a small child. While this situation was funny, it demonstrates one example of the risks of work-from-home situations.

• “Slack Connect” Direct Messaging Feature Revamped in a Matter of Days Due to Serious Security Concerns. Many organizations have started using Slack as a tool to keep remote and work from home employees and contractors connected and communicating. At the end of March Slack debuted its long-awaited “Connect” direct messaging feature, which allows users to send invites to other users via an email address. Within just a few days it was already in need of major repairs due to a technical oversight that created major security concerns.

• 55% of remote workers have been the target of cybersecurity threats over the past year. Despite two thirds (66%) claiming to be more aware of cybersecurity threats since shifting to home working, they aren’t helping themselves or their companies with their behavior. Work devices are being used for personal habits like connecting to third party apps and are being loaned to friends and family – trends that are putting businesses in jeopardy.

• From the Netherlands: 13% of all people working from home are being constantly monitored by their employers. “Over half a million people working from home are constantly being spied on by their employer. The figure is probably higher because not everyone is familiar with the company software.”

• Cybercriminals Target Remote Workers. FBI warns employers about new wrinkle to old scams.

• Differential Privacy for Complex Data: Answering Queries Across Multiple Data Tables. An interesting new blog post from NIST that readers who work with differential privacy with database queries may find useful. In this post, NIST discusses the challenges of differential privacy for queries with joins, and describe some of the solutions for this setting.

• Tech Firms Train Voice Assistants to Understand Atypical Speech. Voice assistants like Alexa and Siri often can’t understand people with dysarthria or a stutter; their creators say that may change. This certainly sounds useful. However, have they created the AI involved in a way to protect privacy, and to limit, or even ideally prevent, bias, for how the results are used?

• Scammers target loved ones of COVID-19 victims. Government imposters may have hit a new low with a scheme that targets the grieving survivors of people who died of COVID-19 by offering them help paying for their loved one’s funeral expenses. The program just began on April 12, but even before it started, FEMA said it had reports of scammers contacting people and “offering” to register them for assistance.

• 90-year-old Hong Kong woman loses $32 million in phone scam. The woman said she had received a call in August 2020 from someone who claimed to work in law enforcement in mainland China. Then a man who purported to be a mainland law enforcement official visited her home and gave her a cellphone with which to communicate with them. The woman then made a series of transactions to two bank accounts as instructed by the criminals.

• What Is Logic Bomb Malware and How Can You Prevent It? A logic bomb attack can delete data or send it to a malicious hacker. Fortunately, you can take steps to prevent logic bombs.

• A former employee of a water district plant in Ellsworth, Kansas, allegedly logged in and attempted to tamper with the public drinking water system. This is just one of several recent hacks on water systems throughout the US.