Almost every adult has been affected by one or more of these recent breaches
Updated: Dec 28, 2019
As each day passes, more and more privacy and security breaches are revealed. (additional information about each breach can be found in the links below)
NEIGHBOR (CALL) SPOOFING: If your caller ID shows a call is coming from your own number, resist the curiosity and ignore the call. It’s most likely a scammer trying to trick you into giving out personal information.
Scammers know that a lot of people won’t pick up a call from an unknown number so con artists use technology to modify what phone numbers appear on caller ID, impersonating phone numbers from neighbors, friends and local businesses to try to get you to answer the call. In many instances, it is a random number with the same area code and first three digits as your own phone number.
According to the Better Business Bureau "Scammers who get you to answer the phone want to steal your personal information".
GMAIL: It's not news that Google and many top email providers enable outside developers to access users' inboxes. A year ago, Google promised to stop scanning the inboxes of Gmail users, but the company has not done much to protect Gmail inboxes obtained by outside software developers.
What is unclear is how closely these outside developers adhere to their agreements and whether Google does anything to ensure they do, as well as whether Gmail users are fully aware that individual employees may be reading their emails.
SAMSUNG PHONES: The messages are being sent through Samsung’s default texting app Samsung Messages. According to reports, the Messages app does not even show users that files have been sent; many just find out after they get a response from the recipient of the random photos sent to them.
TICKETMASTER: Ticketmaster has admitted that the company has suffered a security breach, warning customers that their personal and payment information may have been accessed by an unknown third-party.
Exactis data leak reportedly contained detailed information on 230 million consumers. While the database apparently does not include credit-card numbers or Social Security numbers, it does include phone numbers, email and postal addresses as well as more than 400 personal characteristics, such as whether a person is a smoker, if they own a dog or cat, their religion and a multitude of personal interests.
HUMANA INSURANCE: Information potentially viewed or accessed as a result of the attacks include medical, dental and vision claims, including services performed, provider name, dates of service, charge and paid amounts; spending account information such as health saving account spending and balance information; and wellness information, including biometric screening information, Humana says.
July 2, 2018: Humana Notifying Victims of 'Identity Spoofing' Attack
Rapid7 found about 13 million internet-exposed databases personally identifying information.
July 2, 2018: Scans Reveal 13 Million Internet-Exposed Databases
CELL PHONE FRAUD: Subscriber fraud and cloning represent some of the more modern ways bad guys are looking to profit.
Subscriber fraud occurs when someone signs up for service with fraudulently obtained customer information or false identification. Lawbreakers obtain your personal information and use it to set up a cell phone account in your name.
Another cell phone scam is cloning which occurs when crooks get a hold of your phone’s unique serial number and 10-digit mobile number. Once your phone’s been cloned, you can be on the hook for all of the crook’s phone calls and data charges.
June 18, 2018: Cell phone fraud warning: How to avoid becoming a victim
BUSINESS EMAIL COMPROMISE (BEC) ATTACKS: Business email compromise (BEC) is a type of phishing scheme in which an attacker impersonates a high-level executive and attempts to trick an employee or customer into transferring sensitive data. This crime is particularly stealthy because it employs social engineering techniques to manipulate users. BEC is on the rise — and it’s often difficult to prevent because it’s so targeted.
The victims of BEC scams range from small businesses to large corporations and come from a variety of industries, with no one sector appearing to be a favored target. According to the FBI, BEC attacks were responsible for more than $5.3 billion in exposed losses between 2013 and 2016 and the problem remains unsolved.
Beware of BEC scams which usually take one of five basic forms:
1) CEO fraud
2) Bogus invoice scam
3) Attorney impersonation
4) Account compromise
5) Data theft
--------- RECENT FACEBOOK PRIVACY & DATA BREACHES ---------
It's been a busy year for Facebook as they rank #5 in the biggest data breaches of 2018.
Facebook revealed that it had still been providing special access to user data to dozens of companies, six months after it had said it had stopped doing so in 2015. The apps had access to users' friends' data, such as name, gender, birthdate, location - i.e. current city or hometown, photos and page likes, Facebook says.
July 2, 2018: Facebook to Congress: We Shared More Data Than We Said
Facebook announced on Monday it will notify 800,000 people about a bug that unblocked accounts those users had previously blocked.
In a 747-page long document delivered to Congress last Friday, Facebook admitted that it continued sharing data with 61 hardware and software makers, as well as app developers after 2015.
A bug bounty hunter and hacker, found that NameTests[.]com website is leaking logged-in user’s detail to the other websites opened in the same browser, allowing any malicious website to obtain that data easily. This issue was due to a simple yet severe flaw in NameTests website that appears to have existed since 2016.
Nearly two months after Zuckerberg explained the Cambridge Analytica controversy to Congress, the company has confessed to tracking our mouse movements.
Facebook also admits to collecting information about users’ reported gender, people users have removed from their friend list and every ad the user has ever clicked on, as well as information about operating systems, hardware, software versions, battery levels, signal strength, available storage space, Bluetooth signals, file names and types, device Ids, browser and browser plugins (which is almost all of the information available on and about your device), from the users’ phones, TV and other connected devices.
June 13, 2018: Facebook admits to tracking our mouse movement for the sake of “personalized content”
For four days in May, around 14 million Facebook users had their default sharing setting changed to “public” for new posts due to a bug, which it called a “technical error.” Yes, folks, 14 million users.
Facebook provided around 60 device makers (including Apple and Samsung) “deep access”, including access to the data of users’ friends without their explicit consent to customer data. AFTER they they assured the Federal Trade Commision (FTC) that it no longer shared your data with third-parties.
Facebook admitted it collected data from people's calls and texts in addition to collecting information on users and their friends by using several methods including tracking users' locations, reading their text messages and accessing their photos on phones, according to the allegations.
----- PROTECT YOURSELF ONLINE -----
A recent survey shows that although 6 out of 10 (64%) had problems with online security breaches and being hacked themselves, only 30% expressed any concern about it or preventing it from happening again.
Americans showed laziness in other forms of digital safety, too. Fourteen percent of the participants never update their phone’s operating system and 10 percent never update the apps. Updating software is critical because the updates often contain fixes to bugs that are vulnerable to hackers.
Here are some preventative actions you can take to avoid becoming a victim:
Never install software or apps you don’t trust, don’t click links without knowing where they lead, and be careful about visiting unfamiliar web sites.
Set software and apps to update automatically.
Some ad blockers and browser extensions say they help defend against cryptojacking, but always do your homework first. Read reviews and check trusted sources before installing any online tools.
Consider closing sites or apps that slow your device or drain your battery.
Make use of the privacy and security settings of your account.
What appears on the internet stays on the internet.
Make a S+R0nG_ P@s$w0rd.
Vary your passwords for different accounts.
Additional information can be found on our website. If you have further questions regarding your internet and/or email security, please contact your IT professional.
While we are, of course, available to provide you with any business, accounting or tax services, the information contained herein is general in nature; any advice regarding those services should not be construed as tax advice and is not intended as a thorough, in-depth analysis of specific issues, a substitute for a legal, accounting or tax advice or opinion, nor is it sufficient to avoid tax-related penalties to the reader. The reader also is cautioned that this material may not be applicable to, or suitable for, the reader's specific circumstances or needs, and may require consideration of non-tax and other tax factors if any action is to be contemplated. The reader should contact Strive Tax & Accounting, LLC or other tax professional prior to taking any action based upon this information. Strive Tax & Accounting, LLC assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.