Cyber Crooks Show their True Colors
We've always known cyber crooks and other scammers to be opportunists. But, never before have we seen them stoop to this low of a low. As people around the planet suffer through health, financial and other stresses related to the cornoavirus pandemic, they continue to plague us with an additional layer of dread.
Personally, I received more phishing email attempts in the first 5 days of April than I'd gotten from January through March!
This is the current trend; the FBI says cybercrime reports have quadrupled during COVID-19 pandemic. While it may not be surprising to see the underbelly of society activate during a chaotic time, it's still as disheartening.
But, we have some very big protections on our side. Awareness is among the most effective among them. By reading this newsletter and staying up to date with legitimate news sites, you are doing one of the best things you can do to stop COVID-19 scammers in their tracks.
You can help others by also forwarding this to them, so they are kept up to date, as well
.
As you scroll through this month's issue, I hope you'll enjoy the springtime pictures. A little hope that fresh air and renewal is just around the corner!
|
|
Data Security & Privacy Beacons
|
People and places making a difference**
Have you seen an organization or individual taking actions to improve privacy? Send me a note to nominate a privacy beacon of your own!
The U.S. Federal Trade Commission (FTC)
has really stepped up its efforts to provide warnings about COVID-19 cons. Just a few they've released in recent weeks, include:
The last of these (grandparents scam) was visited on me a few weeks ago when I received an email that my 80-year-old aunt was "requesting to follow me on Facebook." However, she and I have been connected on Facebook for many years. The scammers used my aunt's current profile photo and her profile info to create a look-alike account. I can only imagine what kinds of requests "my aunt" would have made of me had we actually connected through this phone profile. It's not difficult to see how people fall for this when it looks so legitimate.
BBB Scam Tracker
of is another wonderful resource for anyone concerned about communication coming their way via email, text, phone or other means. In addition to providing a repository of reported scams (complete with a heat map), the Scam Tracker gives people a simple, easy way to report a business or offer that sounds like an illegal scheme or fraud
.
Red Folder
is an downloadable tool that helps users create a plan for their digital identity during a life interruption, be it a natural disaster, illness or accident or memory loss. Have you considered what would happen to your social media pages or who would take care of all your banking and online passwords if something happened to you? Right now, Red Folder founders Christopher and Kathy are generously offering this truly thoughtful and comprehensive downloadable tool at no charge. Red Folder is a terrific resource for anyone who wants to ensure their life is remembered, and appropriately closed out, the way they want it to be.
**Privacy beacon shout-outs do not necessarily indicate an organization or person is addressing every privacy protection perfectly throughout their organization (no one is). It simply highlights a noteworthy example that is, in most cases, worth emulating.
|
|
Virtual conference apps keep work (and cyber attacks) moving
Employees are not the only ones benefiting from the increased use of virtual conferencing. Cyber criminals love them, too. Zoom, in particular, has been a favorite target of a very wide range of cyber crime schemes, including credential stuffing. Every type of technology has security, and privacy, challenges, and virtual conferencing tools are no exception.
Below are some quick tips for securing your meetings and protecting the privacy of yourself, your colleagues -- and if you're working out of a home office -- your roommates or family members.
Secure your space before the conference starts. Remove personal or confidential information that could be seen from your webcam and shut down external listening and viewing devices, such as Alexa or Siri, security cameras or smart speakers; close the door or shut the blinds to prevent those around you from eavesdropping or seeing confidential information.
or log out when not in use.
Secure your network. Require ID and password authentication to get onto your home wireless network; use the strongest level of encryption, such as a VPN; keep wireless networks, as well as remote and online meeting tools, patched and updated.
Follow your security and privacy policies. Your employer should have these in place. If they don't, please review and download the complimentary set of work-from-home, remote working and mobile computing device security and privacy policies available at Privacy Security Brainiacs. A policy on virtual conferencing tools in included.
|
|
|
The Dangers of Integrating Robots into Daily Life
|
As lifelike as it may seem, AI is not human.
Alexa and similar devices have been built to emulate human interaction. They've gotten so close to that ideal some may believe they have more capabilities than they actually do.
AI-powered devices become increasingly intelligent.
You may recall I purchased an
Amazon Echo
to perform some research with throughout this year to report on for Data Privacy Day 2021. That Echo has since learned of my preference for jazz, especially music performed by Ella Fitzgerald. And, the device will kindly ask if I'd like to hear similar songs. Convenient, yes. But, this type of interaction presents a bigger issue.
For instance, I've been discussing topics in the vicinity of the Echo that I usually wouldn't... topics like race car tires... and now the Echo is playing occasional ads for tires and servicing. Coincidence? Hardly.
Not only can we come to appreciate a device for convenience and entertainment, we can start to feel like it understands us. A line of code that generates a "Good morning" or "Sweet dreams," can lull us into believing this is a true personal human connection we've built.
It can be easy to form a bond with "someone" who seems to be there for you 24x7 and who responds (even anticipates) your every beck and call.
It might sound a little silly, but a great listener who remembers what we like, has answers to many of our questions, will do most of what we ask while also employing common courtesy can feel like a friend. AI has the potential to set us up for a dangerous emotional connection to our technology. Just ask Joaquin Phoenix who played Theodore in Her, the futuristic love story in which Theodore falls in love with his computer's operating system. Such emotional connections can lead to people revealing a lot more to their Echo-like device than they would to the actual people at Amazon who listen in on a large number of those conversations.
Although these devices are
always listening (Yes, even when you haven't said the trigger word...
they have to be listening to hear that trigger!
), we can't depend on them for everything. The fact of the matter is they are voice-enabled databases with the ability to collect, catalog and analyze your information
, as well as everything that can be heard in the vicinity of the device. Selecting your music is one thing, but clearly, Alexa, Google Assistant or Siri can't take away your physical pain.
|
|
A Right to Privacy: Sharing Personal COVID-19 Test Results
|
To share or not to share - that is the question
With social distancing measures ramping up and most states on total lockdown, many of us are trying our best to avoid contact with others. We just don't know where it could be lurking. Everyone presents a potential threat.
While staying healthy
may be easier if we knew exactly which individuals to avoid
, that kind of intelligence comes at a massive privacy cost.
And, here's the other complication: Without widespread testing, few people know for certain they have the virus
; a large number of the infected are asymptomatic. Therefore, demanding that those who actually do receive a positive test result disclose that information is asking them to carry a disproportionate load of the responsibility. The ramifications for these folks could be devastating and long lasting. Imagine someone who is sick recovers fully but is then d
iscriminated against when he goes to apply for a job.
Currently, there are no set guidelines for disclosing a positive COVID-19 test result. Worse, there's no coordination between doctors and testers or any government authority.
And, there are many initiatives beyond COVID-19 to track our health records and the places we've been.
Imagine the wide variety of harms all that data could bring to the associated individuals, especially when the use goes beyond COVID-19 tracking and management.
I'm curious to see what changes we may see to HIPAA privacy laws following the pandemic crisis. Right now, the law is the U.S.'s only safeguard against public scrutiny of our health records. There have already been what have been described as temporary allowances from the HHS OCR for sharing health data during the pandemic.
Some may feel a moral obligation to share a positive result, especially if they have a high likelihood of infecting others.
If it helps others
who are at risk, I agree it would be a good thing... so long as the information was shared only with those who actually need to know, and if the information could not be used for anything else beyond the purpose of managing the COVID-19 spread.
At the end of the day,
the entire health record for every person is not necessary to track and control COVID-19. Knowing the number of people in each geographic area should be enough for any publicly used statistics. Healthcare workers caring for the infected will still be the ones who generally should have detailed personal information and healthcare records, and they already know from complying with HIPAA for two decades how to release de-identified summaries.
Ultimately the decision for sharing personal information, along with detailed health data, should remain with the individual, not with the state or federal government. And, as history shows us, that can happen.
Consider "duty to warn" and other laws enacted around the discovery of AIDS and HIV. Lawmakers may decide that mandating the public disclosure of a positive COVID-19 test result serves a greater good. However, we can't forget the large number of lives damaged, and lost, after the AIDS and HIV records outed specific individuals. We should learn from history and not allow that to happen again.
|
|
|
Algorithms Making Decisions Formerly Assigned to Humans
|
| |