Pete Recommends – Weekly highlights on cyber security issues, May 13, 2023

Subject: How to control your privacy settings on Venmo
Source: Android Central

The PayPal-owned payment app Venmo is a popular service for sending money between friends, as well as paying small business owners for services or even purchasing stuff on Amazon. But unlike a credit card statement that only you can see, your Venmo transaction history is visible to pretty much anyone by default.We’re here to help you find the Venmo privacy controls so you know how to make Venmo payments private, how to block specific users or remove friends that are pestering you for money, ensure that others with access to your phone can’t use your Venmo, and other useful tricks.


Subject: The A.I.-PR Industrial Complex: Artificial intelligence hype is impressively meaningless.
Source: Big Technology, via Slate

This article is from Big Technology, a newsletter by Alex Kantrowitz.

Introducing the A.I.-PR Industrial Complex. You can already see the machine at work. Corporations, politicians, threadbois, and “thought leaders” are probing and prodding, searching desperately for ways to use surging curiosity about all things artificial intelligence to mask problems, gain favor with the public, and monetize attention. Amid real technological progress in the field , they’re forging a broad, cynical, and craven A.I.-PR industrial complex that’s just now coming into focus.

This A.I.-PR industrial complex is growing larger and worse than its predecessors—even crypto!—because the technology is making anything seem possible. With so much opportunity, vacuousness fills the gaps, and exploitation follows.

Take IBM, for example. Just this week its CEO Arvind Krishna said his company would pause hiring for back-office roles that A.I. might replace, suggesting AI could take over as many as 7,800 positions. Technology this powerful should be able to make workers more productive, not unnecessary. And IBM itself sells that very idea to those who buy its Watson A.I. service. In its marketing materials, it says Watson helps “free up employees to focus on higher value work.” The incongruity is revealing.

Plenty of A.I. announcements have real substance to them, but the A.I.-PR industrial complex will grow exponentially as the technology pushes forward. There’s just too much attention that comes with saying the term “A.I.” for anyone to stop now. ChatGPT isn’t the only part of the A.I. boom that sometimes just makes stuff up.


Subject: He wrote a book on a rare subject. Then a ChatGPT replica appeared on Amazon
Source: Washington Post

Washington Post: “From recipes to product reviews to how-to books, artificial intelligence text generators are quietly authoring more and more of the internet. Chris Cowell, a Portland-based software developer, spent more than a year writing a technical how-to book. Three weeks before it was released, another book on the same topic, with the same title, appeared on Amazon.. The book, titled “Automating DevOps with GitLab CI/CD Pipelines,” just like Cowell’s, listed as its author one Marie Karpos, whom Cowell had never heard of. When he looked her up online, he found literally nothing — no trace. That’s when he started getting suspicious. The book bears signs that it was written largely or entirely by an artificial intelligence language model, using software such as OpenAI’s ChatGPT. (For instance, its code snippets look like ChatGPT screenshots.) And it’s not the only one. The book’s publisher, a Mumbai-based education technology firm called inKstall, listed dozens of books on Amazon on similarly technical topics, each with a different author, an unusual set of disclaimers and matching five-star Amazon reviews from the same handful of India-based reviewers. InKstall did not respond to requests for comment…”

Subject: Your voice could be your biggest vulnerability
Source: Help Net Security

AI technology is fueling a rise in online voice scams, with just three seconds of audio required to clone a person’s voice, according to McAfee. McAfee surveyed 7,054 people from seven countries and found that a quarter of adults had previously experienced some kind of AI voice scam, with 1 in 10 targeted personally and 15% saying it happened to someone they know. 77% of victims said they had lost money as a result.

In addition, McAfee Labs security researchers have revealed their insights and analysis from an in-depth study of AI voice-cloning technology and cybercriminal use.

Scammers are using AI technology to clone voices – Everybody’s voice is unique, the spoken equivalent of a biometric fingerprint, which is why hearing somebody speak is such a widely accepted way of establishing trust.

AI voice cloning protection:

  • Set a verbal ‘codeword’ with kids, family members or trusted close friends that only they could know. Make a plan to always ask for it if they call, text or email to ask for help, particularly if they’re older or more vulnerable.
  • Always question the source. If it’s a call, text or email from an unknown sender, or even if it’s from a number you recognize, stop, pause and think. Does that really sound like them? Would they ask this of you? Hang up and call the person directly or try to verify the information before responding and certainly before sending money.
  • Think before you click and share. Who is in your social media network? Do you really know and trust them? Be thoughtful about the friends and connections you have online. The wider your connections and the more you share, the more risk you may be opening yourself up to in having your identity cloned for malicious purposes.
  • Identity monitoring services can help make sure your personally identifiable information is not accessible or notify you if your private information makes its way to the Dark Web. Take control of your personal data to avoid a cybercriminal being able to pose as you.

Subject: QR codes used in fake parking tickets, surveys to steal your money
Source: Bleeping Computer

Striking while you’re asleepA Singapore-based woman lost $20,000 to an stealthy scam after visiting a bubble tea shop.

The 60-year old woman who has not been named, saw a sticker on the bubble tea shop’s glass door encouraging visitors to scan a QR code and fill out a survey for a “free cup of milk tea.”

To an average person and even fairly technically savvy one, this alone may not raise red flags considering loyalty and rewards programs often tout such offers, and use QR codes to do so.

“Enticed by what seemed like a good deal, the 60-year-old scanned the QR code on the sticker and downloaded a third-party app onto her Android phone to complete the ‘survey,'” reports Straits Times.

As she went to bed at night, her phone suddenly lit up. The bogus “survey” app she’d downloaded siphoned out $20,000 from her bank account.

Mr. Beaver Chua, head of anti-fraud at OCBC Bank’s group financial crime compliance department, who relayed the news of the victim to local media calls the scam particularly “insidious.”

“This scam is so insidious because scammers take over the victim’s phone. And because victims lose control of their Internet banking account, they won’t even know when their savings have been completely wiped out,” says Mr. Chua.

Fake parking tickets and QR codes – Meanwhile, cases of scammers leaving fake parking tickets on drivers’ windshields have been observed across the US and UK. Last week, a Reddit user spotted fake parking ticket claiming to have been issued from San Francisco’s city government.

“This time thieves in San Fran are leaving fake parking tickets on cars w/ malicious QR codes that, when scanned, take mobile phones to a fake web site to pay fine.”



Subject: City council accuses NYC privacy chief over agency biometric use
Source: StateScoop

City council members accused the chief privacy officer of providing false information during a hearing about how the city uses biometric data.

Tensions ran high last week during a New York City Council hearing on the use of biometric surveillance and data collection across the city, and it ended with council members accusing the city’s chief privacy officer of providing false information during his testimony about how the city and its agencies use facial recognition software.

During the hearing on May 3, council members asked Michael Fitzpatrick, who has been the city’s top privacy official since last April, about the city and its agencies’ practices of engaging with private entities — which are not subject to the same regulations as the city agencies — to obtain data.

He testified that he didn’t know of any city agencies that purchased information from private entities, such as Madison Square Garden and its parent company MSG Entertainment, which came under scrutiny at the end of 2022 for its use of facial recognition software to ban people from their venues that were engaged in litigation against its parent company.

“I can’t speak to specific instances on the purchasing side, but on the converse, but if we’re thinking about the sale of data held by city agencies, that is not something that I’m aware of as occurring, and in fact our standard contracting language prohibits the sale of information to the extent we’re using a city vendor for example that vendor reselling that information,” Fitzpatrick responded when asked for an example of city agencies buying data from private organizations.

Subject: Government Begins to Ask: When Do We Leave Twitter?
Source: GovTech Technology:

“For years, Twitter has been an indispensable piece of government communications — especially during emergencies, public officials turn often to the app as one of the fastest options for telling people what’s happening. But last week at the annual Government Social Media Conference in Reno, Nev., a government communications professional stood up and in front of a room of her peers and called Twitter a “hellscape,” asking the panelists on stage: When do you know it’s time to pull the plug on Twitter?…”

Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.

Subject: Neighborhood Watch Out
Source: EFF

EFF – Cops Are Incorporating Private Cameras Into Their Real-Time Surveillance Networks: Police have their sights set on every surveillance camera in every business, on every porch, in all the cities and counties of the country. Grocery store trips, walks down the street, and otherwise minding your own business when outside your home could soon come under the ever-present eye of the government. In a quiet but rapid expansion of law enforcement surveillance, U.S. citie  s are buying and promoting products from Georgia-based company Fusus in order to access on-demand, live video from public and private camera networks. … police officers have been asking the public to buy into a Fusus-fueled surveillance system, at times sounding like eager pitchmen trying to convince people and businesses to trade away privacy for a false sense of security…”–

Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.

Subject: Some Google Drive files may land in the new Spam folder soon
Source: gHacks Tech News

Google’s file storage and synchronization service Google Drive will get a dedicated Spam folder later this month. Google announced the change during its Google I/O 2023 event.The Spam folder works similarly to Gmail’s spam folder. Google Drive may push files to the Spam folder automatically, but users of the service may also mark or unmark spam on Google Drive once the feature becomes available.The Spam folder will host files “containing spam or abusive content” that are shared with Google Drive users and it may also contain files that a Google Drive user marks manually as spam.Google explains that files marked as spam prevent certain interactions from reaching the user; this includes comments, sharing or push notifications. Google says: “When an unsolicited file is moved to the spam folder, you will be unsubscribed, preventing all comment, sharing, and mobile push notifications for the file.”

The Spam folder is listed on Google Drive in the sidebar, just above the Trash folder. It will also be available in the official Google Drive applications for Android and iOS, and the Google Drive desktop application….

Posted in: AI, Copyright, Cybercrime, Cybersecurity, Financial System, Privacy