Hiya has detected the newest scam call tactic, the eavesdropping scam. The new scam aims to get users to call back by leaving vague voicemail messages where an unknown voice is heard talking about the potential victim.If the victim calls back, the scammers attempt to steal personal information or money by offering fraudulent tax relief services.

How it works – The eavesdropping scam is quite sophisticated. First, the scammer calls a potential victim from an unknown number and, since 79% of unknown calls go unanswered, leaves a voicemail. In the message, the scammer is heard talking to another person about the potential victim, claiming: “I’m trying to get ahold of them right now.”

Similar to the Wangiri Scam, the eavesdropping scam relies on the victim being so interested that they choose to call back. Once the victim returns the call, the scammer can run a variety of scams, most commonly offering fraudulent tax relief services.

…

Organizations’ failure to properly manage the servers they lease from cloud service providers can allow attackers to receive private data, research my colleagues and I conducted has shown.Cloud computing allows businesses to lease servers the same way they lease office space. It’s easier for companies to build and maintain mobile apps and websites when they don’t have to worry about owning and managing servers. But this way of hosting services raises security concerns.

Each cloud server has a unique IP address that allows users to connect and send data. After an organization no longer needs this address, it is given to another customer of the service provider, perhaps one with malicious intent. IP addresses change hands as often as every 30 minutes as organizations change the services they use.

When organizations stop using a cloud server but fail to remove references to the IP address from their systems, users can continue to send data to this address, thinking they are talking to the original service. Because they trust the service that previously used the address, user devices automatically send sensitive information such as GPS location, financial data and browsing history.

An attacker can take advantage of this by “squatting” on the cloud: claiming IP addresses to try to receive traffic intended for other organizations. The rapid turnover of IP addresses leaves little time to identify and correct the issue before attackers start receiving data. Once the attacker controls the address, they can continue to receive data until the organization discovers and corrects the issue.

…

Topic: Cloud

As officials within the Department of Homeland Security’s Office of the Inspector General, they were supposed to be alerting the public to nefarious activity, but a former acting branch chief of the department’s information technology division is guilty—along with two others—of stealing federal property and government workers’ personal information, a jury found.Murali Y. Venkata, 56, of Aldie, Virginia, who was, “convicted of conspiracy to defraud the U.S. government, theft of government property, wire fraud, aggravated identity theft, and obstruction,” according to a Department of Justice press release Monday, “executed a scheme to steal confidential and proprietary software from the government along with the personally identifying information (PII) of hundreds of thousands of federal employees.”

The plan, according to court documents and the indictment from March, 2020, was to create a commercial version of a case-management system to sell back to government agencies from a company Venkata’s accomplice and former boss Charles K Edwards founded in 2015. Edwards, who was DHS’ acting inspector general at the time, pleaded guilty to the charges in January. Another DHS OIG official—Sonal Patel—entered a guilty plea for related charges in April, 2019.

The three stole Microsoft products worth almost $350,000 by using activation keys managed by the DHS OIG office and the PII for about 246,167 DHS employees and 6,723 postal workers, according to the charges.

…

Topics:

• Insider Threats
• Oversight

Filed: https://fcw.com/security/

“It turns out, in the vast majority of cases, when you mute yourself, these apps do not give up access to the microphone,” says Fawaz. “And that’s a problem. When you’re muted, people don’t expect these apps to collect data.”

After their initial testing, Fawaz and Yang, along with colleagues from Loyola University Chicago, conducted a more formal investigation of just what happens when videoconferencing software microphones are muted. They will present their results at the Privacy Enhancing Technologies Symposium in July.

They found that all of the apps they tested occasionally gather raw audio data while mute is activated, with one popular app gathering information and delivering data to its server at the same rate regardless of whether the microphone is muted or not.

Whether or not the data is being accessed or used, the findings raise privacy concerns.

…

[I wonder how this applies to telephone desksets and headsets? /pmw1]

Movement patterns of people you know contain 95% of the information needed to predict your location.Turning off your data tracking doesn’t mean you’re untraceable, a new study warns.

Data about our habits and movements are constantly collected via mobile phone apps, fitness trackers, credit card logs, websites visited, and other means. But even with it off, data collected from acquaintances and even strangers can predict your location.

“Switching off your location data is not going to entirely help,” says Gourab Ghoshal, an associate professor of physics, mathematics, and computer science at the University of Rochester.

Ghoshal and colleagues applied techniques from information theory and network science to find out just how far-reaching a person’s data might be. The researchers discovered that even if individual users turned off data tracking and didn’t share their own information, their mobility patterns could still be predicted with surprising accuracy based on data collected from their acquaintances.

“Worse,” says Ghoshal, “almost as much latent information can be extracted from perfect strangers that the individual tends to co-locate with.”

FRIENDS AND STRANGERS

By applying information theory and measures of entropy—the degree of randomness or structure in a sequece of location visits—the researchers learned that the movement patterns of people who are socially tied to an individual contain up to 95% of the information needed to predict that individual’s mobility patterns.

However, even more surprisingly, they found that strangers not tied socially to an individual could also provide significant information, predicting up to 85% of an individual’s movement.

…

Topics:

• Surveillance
• Artificial Intelligence
• Social Media

Facial recognition identification verification technology can potentially protect government resources and personal information.But some cities have banned the technology, the IRS dropped a requirement to use it to access individual tax accounts, and a congressional committee is investigating the IRS facial recognition contractor over concerns about privacy, security, and the technology’s potential to discriminate.

Use of the facial recognition technology is now optional for taxpayers.

A handful of agencies use facial recognition to control building access. Agencies like the Department of Homeland Security use the technology for domestic law enforcement, including for leads in criminal investigations, and border security. Beyond the IRS, some federal agencies are moving ahead with facial recognition technology and 10 plan to expand its use by 2023.

“Ten years from now, we’ll look back on this problem and say, ‘Well, that was the beginning when people were nervous,’” says John Koskinen, a former IRS commissioner and current board member at the National Academy of Public Administration. “The purpose of all this is to protect [people] and protect their data.”