This is the Shared Security Weekly Blaze for April 30, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions, Silent Pocket and CISOBox. This episode was hosted by Tom Eston.
This is your Shared Security Weekly Blaze for April 30th 2018 with your host, Tom Eston. In this week’s episode: Child Identity Fraud, Tech Support Scams and Amazon Key In-Car Delivery.
The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals which will make your devices instantly untrackable, unhackable and undetectable. Visit silent-pocket.com for more details.
Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
If you like this podcast we would really appreciate you leaving a review in iTunes or your favorite podcatcher app. Reviews really help move us up the podcast ratings list and are greatly appreciated. Shout outs this week to @jandrusk and @privacydivas on Twitter as well as itincloud and pacifictech808 on Instagram and Jason, Johann and Richard on Facebook for commenting, liking and sharing our posts on social media. Thank you for your support of the show!
A sobering report was released last Tuesday which showed that more than 1 million children in the United States were victims of identity theft last year. The study by Javelin Strategy & Research shows that in 2017 more than $2.6 billion in total losses and over $540 million in out-of-pocket costs to families are attributed to child identity fraud. What’s surprising about this study is that it showed more than half (which is 60%) of child identity fraud victims have a personal relationship with the person stealing their identity. This is in stark contrast to adults where only 7 percent of adult fraud victims know the fraudster. Also of note, there was a strong correlation between a child being bullied and identity fraud. Bullied children are more than nine times more likely to be victims of fraud than children who were not bullied.
One of the big problems this study highlights is the challenges we have with the security of credit reports. Given that there have been large breaches like Equifax which highlight how adults can have their identities stolen through the use of their credit reports, I find it disturbing that we don’t give the topic of child identity fraud more attention. Children don’t have credit reports until they are old enough to apply for credit on their own so it’s often overlooked that if the personal information of a child is stolen, it’s much easier for a fraudster to use a fresh, unused credit history to their advantage. Also, given the fact that the fraudsters are people that know these children personally, it makes using their personal information (and credit) much more easier than adult victims.
Some signs or indicators specific to child identity fraud include the child being turned down for benefits, receiving notices from the IRS about unpaid taxes or debit collectors calling about products and other things you or your child has never purchased. If you’re a parent I would highly recommend the following advice from the FTC and others about how to secure your child’s identity such as potentially freezing their credit, determining how they are sharing their personal information, monitoring existing accounts and keeping physical documents like birth certificates and social security cards secure and out of reach of household guests and visitors. Regarding freezing your child’s credit, this is something you should research on your own as not all states allow this and some experts debate if there may be more risk in opening up a credit file before your child is ready to start building their credit. Check out our show notes for links to more advice on this very important topic.
Are you a CISO or Information Security Manager challenged with tracking and managing information security incidents within your organization? If you are, you need to take a look at CISOBox which is a software appliance built for NIST-compliant management of all types of information security incidents. CISOBox secures and protects sensitive incident data using technology accredited by US Federal Intelligence Agencies and gives your organization an efficient and streamlined process for incident handling. No matter if your business is large or small, we highly recommend the CISOBox solution as it’s extremely easy to use, scalable, and a secure way to implement incident handling within your organization. For more information on the CISOBox solution and to schedule a demo visit cisobox.com/sharedsecurity. That’s cisobox.com/sharedsecurity.
Microsoft recently released statistics on tech support scams which have been on the rise in the last few years. Microsoft states that 153,000 reports were made from customers last year that fell victim to tech support scams in which about 15% of those victims lost money. This is a 24% increase in tech support scam reports from the previous year. A tech support scam is typically a social engineering attack where an attacker will call a victim pretending to be Microsoft or other vendors tech support asking them to install a remote administration tool where they can take control of the victim’s computer, show them fake threats or installing malware and then scaring the victim into buying fake support packages. All of this is done in order for money to be sent to the attacker. Unfortunately, many elderly and non-tech savvy people fall victim to these scams. This is why one of the number one ways to combat threats like these is education. While companies like Microsoft are doing all that they can to help prevent attacks like these by working with ISPs, law enforcement and telecom companies, make sure you take the time to educate yourself and others about these scams.
Here are three easy tips to remember. First, vendors like Microsoft will never solicit you via the phone for tech support on your computer. Second, be wary of random calls that seem to be coming from the same local area code that your phone number is in or from other numbers you may not recognize. In fact, our advice is to only pick up calls from people you know in your contact list. If you don’t recognize a number and it’s a call you’re expecting, they will most likely leave you a voice mail if the message is important. Also, we wary of voice mail scams in which attackers use threats to get you to call a number back or visit a website. Lastly, any threats of going to prison for non-payment (like ones we’ve seen with IRS tax scams) or other scare tactics should also indicate that you’re dealing with a scammer. Check out our show notes for a great overview of how these scams work as well as other tips to protect yourself.
How do you feel about giving Amazon access to unlock your car to deliver your order? Well this past week Amazon announced a new service, called Amazon Key In-Car Delivery to deliver packages directly to your car allowing a package carrier to remotely open your trunk or car door to drop a package off. Right now Amazon Key In-Car delivery supports only General Motors brands vehicles such as Chevy, Buick, GMC as well as Volvo that have the OnStar or Volvo On Call service from 2015 model year or newer cars. Amazon Key delivery service is nothing new. You may remember that last year Amazon came out with a delivery service to place packages into your house by using a smart lock and camera which would allow someone to remotely unlock your home to place a package inside. The only difference between Amazon Key In-Car and Amazon Key Home is that Amazon Key Home uses a camera and your home Wi-Fi to track the carrier dropping off your package while the Amazon Key In-Car service does not have a camera involved and uses the car manufacture’s network to unlock your car.
Now one can debate the privacy and security aspects of such technology and if you want someone remotely opening up your home or car remotely to deliver a package. This is a very much “opt-in” service and Amazon is not forcing any of its customers to use this to receive deliveries. In fact, many Amazon customers may not realize this but Amazon has been offering what are called “lockers” in many different locations that can be used to pick up packages that you order in cases where you may not want something delivered to your home or if you may be traveling and want to pick up your order while you’re away. Amazon Locker works by emailing you a 6 digit code and you enter in the code into a locker to take your package. Personally, I think Amazon Locker is a great idea. Especially if you may not be home when an expensive item may be delivered and you need a more secure pickup location. Especially since theft of packages from people’s homes is a crime that has been happening much more frequently. However, many of us probably feel a little weary of letting someone we don’t know open our car or enter our home given that new technology like this could be abused either by someone malicious or by the technology not working as designed. In fact, last year security researchers found a vulnerability in the Amazon Key Home system which would allow someone to knock the camera offline which would then allow a malicious delivery driver to steal or rummage through someone’s home without the camera recording the entry. But like any new technology, vulnerabilities are always going to be discovered and eventually fixed but the privacy concerns will be always be an issue for many of us that may just want to resort to getting our packages the old fashioned way.
That’s a wrap for this week’s show. Please be sure to follow the Shared Security Podcast on all the regular social media channels like Facebook, Twitter and Instagram for frequent posts, commentary and updates. If you have feedback or topic ideas for the show you can email us at feedback[aT]sharedsecurity.net. First time listener to the podcast? Please subscribe on iTunes, Google Play, Stitcher, TuneIn, Spotify or iHeartRadio. Thanks for listening and see you next week for another episode of the Shared Security Weekly Blaze.