Artificial intelligence (AI) is doing wonderful things for many businesses. It’s helping to automate repetitive tasks for efficiency and cost savings. It’s supercharging customer service and coding. And it’s helping to unearth insight to drive improved business decision-making. Way back in October 2023, Gartner estimated that 55% of organizations were in pilot or production mode with generative AI (GenAI). That figure will surely be higher today.

Yet criminal enterprises are also innovating with the technology, and that spells bad news for IT and business leaders everywhere. To tackle this mounting fraud threat, you need a layered response that focuses on people, process and technology.

What are the latest AI and deepfake threats?
Cybercriminals are harnessing the power of AI and deepfakes in several ways. They include:

• Fake employees: Hundreds of companies have reportedly been infiltrated by North Koreans posing as remote working IT freelancers. They use AI tools to compile fake resumes and forged documents, including AI-manipulated images, in order to pass background checks. The end goal is to earn money to send back to the North Korean regime as well as data theft, espionage and even ransomware.
• A new breed of BEC scams: Deepfake audio and video clips are being used to amplify business email compromise (BEC)-type fraud where finance workers are tricked into transferring corporate funds to accounts under control of the scammer. In one recent infamous case, a finance worker was persuaded to transfer $25 million to fraudsters who leveraged deepfakes to pose as the company’s CFO and other members of staff in a video conference call. This is by no means new, however – as far back as 2019, a UK energy executive was tricked into wiring £200,000 to scammers after speaking to a deepfake version of his boss on the phone.
• Authentication bypass: Deepfakes are also being used to help fraudsters impersonate legitimate customers, create new personas and bypass authentication checks for account creation and log-ins. One particularly sophisticated piece of malware, GoldPickaxe, is designed to harvest facial recognition data, which is then used to create deepfake videos. According to one report, 13.5% of all global digital account openings were suspected of fraudulent activity last year.
• Deepfake scams: Cybercriminals can also use deepfakes in less targeted ways, such as impersonating company CEOs and other high-profile figures on social media, to further investment and other scams. As ESET’s Jake Moore has demonstrated, theoretically any corporate leader could be victimized in the same way. On a similar note, as ESET’s latest Threat Report describes, cybercriminals are leveraging deepfakes and company-branded social media posts to lure victims as part of a new type of investment fraud called Nomani.
• Password cracking: AI algorithms can be set to work cracking the passwords of customers and employees, enabling data theft, ransomware and mass identity fraud. One such example, PassGAN, can reportedly crack passwords in less than half a minute.
• Document forgeries: AI-generated or altered documents are another way to bypass know your customer (KYC) checks at banks and other companies. They can also be used for insurance fraud. Nearly all (94%) claims handlers suspect at least 5% of claims are being manipulated with AI, especially lower value claims.
• Phishing and reconnaissance: The UK’s National Cyber Security Centre (NCSC) has warned of the uplift cybercriminals are getting from generative and other AI types. It claimed in early 2024 that the technology will “almost certainly increase the volume and heighten the impact of cyber-attacks over the next two years.” It will have a particularly high impact on improving the effectiveness of social engineering and reconnaissance of targets. This will fuel ransomware and data theft, as well as wide-ranging phishing attacks on customers.

What’s the impact of AI threats?
The impact of AI-enabled fraud is ultimately financial and reputational damage of varying degrees. One report estimates that 38% of revenue lost to fraud over the past year was due to AI-driven fraud. Consider how:

• KYC bypass allows fraudsters to run up credit and drain legitimate customer accounts of funds.
• Fake employees could steal sensitive IP and regulated customer information, creating financial, reputational and compliance headaches.
• BEC scams can generate huge one-off losses. The category earned cybercriminals over $2.9 billion in 2023 alone.
• Impersonation scams threaten customer loyalty. A third of customers say they’ll walk away from a brand they love after just one bad experience.

Pushing back against AI-enabled fraud
Fighting this surge in AI-enabled fraud requires a multi-layered response, focusing on people, process and technology. This should include:

• Frequent fraud risk assessments
• An updating of anti-fraud policies to make them AI-relevant
• Comprehensive training and awareness programs for staff (e.g., in how to spot phishingand deepfakes)
• Education and awareness programs for customers
• Switching on multifactor authentication (MFA) for all sensitive corporate accounts and customers
• Improved background checks for employees, such as scanning resumes for career inconsistencies
• Ensure all employees are interviewed on video before hiring
• Improve collaboration between HR and cybersecurity teams

AI tech can also be used in this fight, for example:

• AI-powered tools to detect deepfakes (e.g., in KYC checks).
• Machine learning algorithms to detect patterns of suspicious behavior in staff and customer data.
• GenAI to generate synthetic data, with which new fraud models can be developed, tested and trained.

As the battle between malicious and benevolent AI enters an intense new phase, organizations must update their cybersecurity and anti-fraud policies to ensure they keep pace with the evolving threat landscape. With so much at stake, failure to do so might impact long-term customer loyalty, brand value and even derail important digital transformation initiatives.

AI has the potential to change the game for our adversaries. But it can also do so for corporate security and risk teams.

The post AI reshaping the fraud landscape and creating new risks appeared first on My Startup World - Everything About the World of Startups!.

Whenever we’re online, we leave a trail of data behind. As our lives are increasingly intertwined with digital technology, our digital footprints continue to grow larger. Some pieces of data that we generate, such as when posting on social media or purchasing products online, could hold immense value to cybercriminals lurking in the shadows of the internet.

Meanwhile, data breaches and leaks remain rampant while cybercriminals hone their craft to exploit the treasure troves of data scattered across the digital landscape. The more online services you use and share your information with, the greater the chance that your data ends up in the wrong hands, for example when one of those companies is compromised by hackers. As each of us potentially faces a range of threats from financial fraud to extortion campaigns, the importance of safeguarding our personal information cannot be overstated.

Understanding the value of personal data
First things first, what exactly do we talk about when we talk about personal data? Put simply, it encompasses any information – such as names, dates of birth, social security numbers, home addresses, phone numbers, email addresses, health data, financial details, photos, biometric information, location data and even IP addresses – that can be used, either on its own or in combination with other information, to identify a specific person.

With that out of the way, what is it exactly that drives criminals to relentlessly target our personal information?

1. Financial fraud
Financial fraud is a most pervasive threat in the digital age. Personal data serves as a gateway to your financial assets, making it a prime target for cybercriminals, who are ever so intent on making a pretty penny. While safeguarding bank card information is common sense, it’s equally crucial to extend this vigilance to any other information that identifies us – and to be proactive in safeguarding any kind of personal information in order to prevent unauthorized access to our bank accounts.

Beyond financial credentials, cybercriminals could exploit a plethora of personal data, including names, addresses, social security numbers, and even our online shopping habits, to devise fraudulent schemes. By piecing together fragments of your personal information, attackers can impersonate you, tamper with your accounts and conduct unauthorized transactions, often with far-reaching consequences.

2. Identity theft
Your identity gives ne’er-do-wells the ability to engage in fraudulent activities under your name, which not only jeopardizes your financial well-being, but ultimately also tarnishes your reputation, credibility and overall well-being. Cybercriminals wielding stolen identities can perpetrate a wide range of fraudulent activities “on behalf of” unsuspecting victims, placing their financial stability and personal integrity in jeopardy.

The more data the crooks acquire, the greater their arsenal for all sorts of malicious actions from deceiving your contacts with fraudulent campaigns, perhaps aided by imposter social media profiles, all the way to committing diverse forms of fraud, including tax, insurance and online shopping fraud.

3. Ransomware and extortion
The menace of ransomware has for years loomed large on the digital landscape. The psychological impact of being suddenly locked out of your devices and data is profound, particularly if it involves personal documents, sensitive business data, and irreplaceable memories.

Faced with such dire circumstances, many victims feel compelled to give in to the demands of the attackers and end up paying hefty ransom fees in the hope that they will regain control over their digital assets. This reality underscores the importance of robust cybersecurity measures and proactive defenses against the ever-evolving threat of ransomware attacks.

4. Dark web sale
Personal data has become a lucrative commodity, both in the seedy underbelly of the internet known as the dark web and in the shadowy recesses of mainstream social media platforms such as Telegram. Everything from pilfered login credentials, social security card details all the way to babies’ personal data is up for grabs –  no information is too sacred for cybercriminals to exploit.

This clandestine marketplace thrives as a hub where illicit data transactions abound, allowing cybercriminals to capitalize on stolen information for further nefarious activities or to peddle it to malicious actors. As they perpetuate this cycle of exploitation, cybercriminals not only profit but also contribute to the flourishing underworld economy of the dark web.

5. Account theft
Account theft is as a direct pathway for criminals to infiltrate various facets of your online presence, including social media sites, email services and other platforms. Once inside, they exploit this access to perpetrate fraudulent activities, spread malware, or compromise your identity. Whether due to a data breach at a company, account or service that stored our data or thanks to the information we willingly share online, attackers can crack our passwords, often simply by using combinations of first names, last names, dates of birth or other data obtained.

To mitigate such risks, it’s imperative to beef up your defenses with robust security measures such as using strong and unique passwords or passphrases and implementing two-factor authentication. These proactive steps serve as crucial safeguards against the perils of account theft and help protect your digital assets from the threats.

6. (Spear)phishing messages
Phishing, especially the targeted variety known as spearphishing, can leverage personal data to craft convincing messages aimed at specific individuals or organizations. Cybercriminals can meticulously research their targets to gather information such as their names, job titles, company affiliations, and even personal interests or activities. With this data in hand, attackers can tailor their ploys to appear legitimate and relevant, increasing the likelihood of success.

For instance, a fraudster armed with knowledge about your online purchases might craft a convincing email posing as a receipt or promotional offer from a familiar retailer. In other scenarios, they might impersonate a colleague or superior within your organization, using insider knowledge gleaned from publicly available information to enhance the credibility of their message.

7. Corporate espionage
Personal data is not only of interest to “run-of-the-mill” cybercriminals; rival companies, governments and other groups also seek this sensitive information. In the realm of corporate espionage, personal data is coveted for its potential to confer strategic advantages and facilitate targeted attacks. Data stolen from employees can become tools for targeted attacks whose ramifications can go way beyond personal privacy.

From industrial espionage aimed at gaining insights into competitors’ operations to state-sponsored campaigns targeting critical infrastructure and sensitive government systems, the stakes are high in the realm of corporate espionage.

7 tips for protecting yourself
There are a few simple measures that will vastly lower the risk of your data ending up in the crosshairs of cybercriminals.

• Be wary of unsolicited emails, messages, or requests for personal information, and avoid clicking on suspicious links or downloading attachments from unfamiliar sources.
• Be prudent when it comes to sharing information online.
• Use strong and unique passwords for each of your accounts.
• Enable two-factor authentication on every account that offers this option.
• Regularly monitor your bank accounts, credit reports, and other financial accounts for any unauthorized activity. Report any suspicious transactions or signs of identity theft immediately.
• Keep an eye on breached password alerts and take immediate action after receiving such a notification.
• Install reputable security software on all your devices.

“I don’t have anything of value for hackers”, “why would anybody care?” or “I have nothing to hide” – statements like these reflect common misconceptions regarding the importance of personal data and cybersecurity. We hope that the rundown above helped illustrate just how valuable even seemingly innocuous information can be to malicious actors.

The post How to protect your personal data appeared first on My Startup World - Everything About the World of Startups!.

One of the reasons for shifts in attack patterns is stricter security policies introduced by Microsoft, particularly on opening macro-enabled files. ESET telemetry data also suggests that operators of the once-notorious Emotet botnet have struggled to adapt to the shrinking attack surface, possibly indicating that a different group acquired the botnet. In the ransomware arena, actors increasingly reused previously leaked source code to build new ransomware variants. During the first half of 2023, sextortion email scams made a comeback, and ESET observed an alarming growth in the number of deceptive Android loan apps.

According to the report, in a new attempt to bypass Microsoft security measures, attackers substituted Office macros with weaponized OneNote files in H1 2023, leveraging the capability to embed scripts and files directly into OneNote. In response, Microsoft adjusted the default setup, prompting cybercriminals to continue exploring alternative intrusion vectors, with intensifying brute-force attacks against Microsoft SQL servers potentially representing one of the tested replacement approaches.

“Regarding the leaked source code of ransomware families such as Babyk, LockBit, and Conti, these allow amateurs to engage in ransomware activities, but at the same time enable us as defenders to cover a broader range of variants with a more generic or well-known set of detections and rules,” says ESET Chief Research Officer Roman Kováč.

While cryptocurrency threats have been steadily declining in ESET telemetry – not even being resurrected by the recent increase in bitcoin’s value – cryptocurrency-related cybercriminal activities continue to persist, with cryptomining and cryptostealing capabilities being increasingly incorporated into more versatile malware strains. This evolution follows a pattern observed in the past, such as when keylogger malware was initially identified as a separate threat, but eventually became a common capability of many malware families.

Looking at other threats focused on financial gain, ESET researchers observed the comeback of so-called sextortion scam emails, exploiting people’s fears related to their online activities, and an alarming growth in deceptive Android loan apps masquerading as legitimate personal loan services and taking advantage of vulnerable individuals with urgent financial needs.

The post Latest ESET Threat Report highlights remarkable adaptability of cybercriminals appeared first on My Startup World - Everything About the World of Startups!.

The latest Kaspersky Threats to SMB report exposed an ongoing and troubling reality as cybercriminals continue to target SMBs with a range of sophisticated tactics. It showed the number of SMB employees encountering malware or unwanted software disguised as legitimate business applications has remained relatively steady year-on-year (2,478 in 2023 compared to 2,572 in 2022), and cybercriminals are persisting in their efforts to infiltrate these businesses.

The fraudsters employ a multitude of methods, including exploiting vulnerabilities, employing phishing emails, deceptive text messages, and even utilizing seemingly harmless YouTube links, all with the aim of gaining unauthorized access to sensitive data. This concerning trend underscores the urgent need for enhanced cybersecurity measures to safeguard SMBs from the relentless onslaught of cyber threats. The report reveals that the total number of detections of these malicious files aimed at SMBs during the first five months in 2023 reached 764,015.

Exploits were the most prevalent threat to SMBs, accounting for 63% (483,980) of all detections during the first five months of 2023. These malicious programs target software vulnerabilities, permitting cybercriminals to run malware, elevate their privileges, or disrupt critical applications without any user interaction.

Phishing and scam threats also pose a significant risk to SMBs, with cybercriminals adeptly tricking employees into divulging confidential information or falling victim to financial scams. Examples of such deceptive tactics include fake banking, delivery, and credit service pages designed to deceive unsuspecting individuals.

Moreover, the Kaspersky report draws attention to a frequently utilized method for infiltrating employees’ smartphones, referred to as “smishing” – a clever combination of SMS and phishing. This technique involves the victim receiving a text message with a link, distributed through various platforms like SMS, WhatsApp, Facebook Messenger, WeChat, and others. If the unsuspecting user clicks on the embedded link, their device becomes vulnerable to the upload of malicious code, compromising its security.

The data used in this report was collected from January to May 2023 via Kaspersky Security Network (KSN), a secure system for processing anonymized cyberthreat-related data voluntarily shared by Kaspersky users. Kaspersky experts scrutinized the most widely used software used by SMBs worldwide, including MS Office, MS Teams, Skype, and others. By cross-referencing this software against KSN telemetry, the researchers determined the extent of malware and unwanted software distributed under the guise of these applications.

“The vulnerabilities faced by SMBs are not to be underestimated. As these businesses are the backbone of most countries’ economies, it is crucial that governments and organizations alike step up their efforts to safeguard these enterprises. Awareness and investment in robust cybersecurity solutions must become a top priority to protect SMBs from evolving cyber threats,” comments Vasily Kolesnikov, a security expert at Kaspersky.

The post SMBs continue to be vulnerable to cyberattacks, reveals Kaspersky appeared first on My Startup World - Everything About the World of Startups!.

Proofpoint researchers observe multiple objectives demonstrated by cybercriminal threat actors relating to digital tokens and finance such as traditional fraud leveraging business email compromise (BEC) to target individuals, and activity targeting decentralized finance (DeFi) organizations that facilitate cryptocurrency storage and transactions for possible follow-on activity. Both of these threat types contributed to a reported $14 billion in cryptocurrency losses in 2021. In fact, Business Email Compromise topped the list of types of attacks CISOs in UAE expect to face in the coming months with 35% of CISO’s being concerned of potential BEC attacks.

While most attacks require a basic understanding of how cryptocurrency transfers and wallets function, they do not require sophisticated tooling to find success. Common techniques observed when targeting cryptocurrency over email include credential harvesting, the use of basic malware stealers that target cryptocurrency credentials and cryptocurrency transfer solicitation like BEC. These techniques are viable methods of capturing sensitive values which facilitate the transfer and spending of cryptocurrency.

There are multiple DeFi applications and platforms – such as cryptocurrency exchanges – that people can use to manage their cryptocurrency. These platforms often require usernames and passwords, which are potential targets for financially motivated threat actors.

Despite public keys being “safe” to share, researchers are seeing actors solicit the transfer of cryptocurrency funds via BEC type emails that include threat actor controlled public keys and cryptocurrency addresses. These email campaigns rely on social engineering to secure the transfer of funds from targeted victims.

Credential Harvesting and Cryptocurrency

In 2022 Proofpoint has observed regular attempts to compromise user’s cryptocurrency wallets using credential harvesting. This method often relies on the delivery of a URL within an email body or formatted object which redirects to a credential harvesting landing page. Notably these landing pages have begun to solicit values utilized in the transfer and conversion of cryptocurrencies.

Crypto Phishing Kits

Credential harvesting landing pages are often built with phish kits that can be used to create multiple landing pages and used in multiple campaigns. Phish kits give threat actors the ability to deploy an effective phishing page regardless of their skill level. They are pre-packaged sets of files that contain all the code, graphics, and configuration files to be deployed to make a credential capture web page. These are designed to be easy to deploy as well as reusable. They are usually sold as a zip file and ready to be unzipped and deployed without a lot of “behind the scenes” knowledge or technical skill. It is no wonder that CISOs around the world consider phishing as one of the most prevalent and challenging cybersecurity threats. A 2021 Proofpoint study found that almost a third of CISOs in the UAE believed they were at risk of suffering a phishing attack.

Proofpoint researchers have observed multiple examples of phishing threat actors create and deploy phishing kits to harvest both login credentials to cryptocurrency related sites and cryptocurrency wallet credentials or passphrases.

Business Email Compromise – But For Crypto

A popular form of financial crime vectored through phishing is business email compromise (“BEC”). In 2022 Proofpoint regularly observes cryptocurrency transfer within the context of BEC attempts. Primarily these requests are observed in the context of employee targeting, using impersonation as a deception, and often leveraging advanced fee fraud, extortion, payroll redirect, or invoicing as themes.

The initial BEC email often contains the safe for public consumption values, including public keys and cryptocurrency addresses. By impersonating an entity known to the user and listing an actor-controlled public key or address, actors are attempting to deceive users into transferring funds from their account willingly based on social-engineering content. This is like the way actors use routing and bank account numbers during BEC phishing campaigns.

Conclusion

Financially motivated threat actor activity attempting to steal or extort cryptocurrency is not new. However, cryptocurrencies, digital tokens, and “Web3” concepts are becoming more widely known and accepted in society. Where once “crypto” was a concept that thrived in certain parts of the internet, it is now a mainstream idea, with cryptocurrency apps and services advertised by professional athletes and celebrities, and major events sponsored by cryptocurrency and block chain companies.

But threat actors are way ahead of general adoption of cryptocurrency, with existing infrastructure and ecosystems long established for stealing and using it. And as mainstream awareness and interest increases, it is more likely people will trust or engage with threat actors trying to steal cryptocurrency because they better understand how DeFi operates or are interested in being a part of “the next big thing”.

Users should be aware of common social engineering and exploitation mechanisms used by threat actors aiming to steal cryptocurrencies.

The post Proofpoint research highlights how cybercriminals target cryptocurrency appeared first on My Startup World - Everything About the World of Startups!.

Commenting on the findings, Kim Grauer, Director of Research at Chainalysis said, “Cybercriminals dealing in cryptocurrency share one common goal: Move their ill-gotten funds to a service where they can be kept safe from the authorities and eventually converted to cash. That’s why money laundering underpins all other forms of cryptocurrency-based crime. If there’s no way to access the funds, there’s no incentive to commit crimes involving cryptocurrency in the first place.”

Researchers from Chainalysis found that while billions of dollars’ worth of cryptocurrency moves from illicit addresses every year, most of it ends up at a surprisingly small group of services, many of which appear purpose-built for money laundering based on their transaction histories. Moreover, for the first time since 2018, centralised exchanges didn’t receive the majority of funds sent by illicit addresses last year, instead taking in just 47%.

DeFi protocols instead make up much of the difference, receiving 17% of all funds sent from illicit wallets in 2021, up from 2% the previous year. That translates to a 1,964% year-over-year increase in total value received by DeFi protocols from illicit addresses, reaching a total of USD 900 million in 2021. Explaining what might have caused the uptick in use of DeFi protocols, Kim said, “Many of the hacks we saw this year were of DeFi protocols, so it makes sense that the funds were sent to DeFi services that can handle large amounts of liquidity from really any token you can imagine. We also know that criminals are always the fastest to adapt to the use of new technologies to evade detections, and this year was no different.”

Another interesting finding that came out from the research is the difference in laundering strategies between the two highest-grossing forms of cryptocurrency-based crime in 2021: Theft and scamming. Addresses associated with theft sent just under half of their stolen funds to DeFi platforms — over USD 750 million worth of cryptocurrency in total. Scammers, on the other hand, sent the majority of their funds to addresses at centralised exchanges. “This may reflect scammers’ relative lack of sophistication. Hacking cryptocurrency platforms to steal funds takes more technical expertise than carrying out most scams observed, so it makes sense that those cybercriminals would employ a more advanced money laundering strategy,” added Kim.

The report does make it clear that although there is a significant uptick in the use of crypto for money laundering, the volume represents a small fraction of the total money laundering market, the large percentage of which is still carried out with traditional, fiat currency. The UN Office of Drugs and Crime estimates that between USD 800 billion and USD 2 trillion of fiat currency is laundered each year — as much as 5% of global GDP. By comparison, money laundering accounted for just 0.05% of all cryptocurrency transaction volume in 2021. “Cryptocurrency presents unprecedented transparency and traceability which can be used to keep the ecosystem safe from abuse. With blockchain analysis tools and Know Your Customer (KYC) information, law enforcement can gain transparency into blockchain activity in ways that aren’t possible in traditional finance, making it harder for bad actors to launder money using cryptocurrency,” Kim noted.

Further details into the crypto-related money laundering activities and trends through 2021 is available in the comprehensive Chainalysis report summary, available here.

The post Cryptocurrency laundering amounts to $8.6 billion in 2021 appeared first on My Startup World - Everything About the World of Startups!.

Loyalty accounts are big business, and hackers and fraudsters are increasingly zeroing in on a potential goldmine. According to one study, the global market for loyalty management is set to grow at an annual growth rate of 12.3% over the coming seven years to reach nearly US$18 billion by 2028. And where there’s money and users, cybercrime inevitably follows.

From British beauty and health retailer Boots, Australia’s supermarket chain Woolworths, to multinational brands like Tesco and Dunkin Donuts, attacks on loyalty card programs are increasingly common. Social media is awash with stories from angry victims who have had their accounts drained.

In fact, there’s an estimated US$48 trillion of unspent loyalty points globally, so it’s no surprise these programs have become an increasingly popular target for cybercriminals over the years, with the COVID-19 pandemic further exacerbating the threat. If you’re a loyal spender, you should take extra precautions to protect your rewards accounts. It’s not just the points you’ll be guarding – the same applies to any sensitive personal information stored with them.

How popular are loyalty programs?
Oracle claims that around three-quarters (72%) of US millennials are either members of their favorite brand’s loyalty program or would join one. Such programs are a popular way to build closer ties with customers online at a time when loyalty is hard won but easily lost. They typically offer discounts and special deals, or even free goods, services and experiences for members who accrue enough points.

These could include:

• Free flights and hotel stays (e.g., air miles)
• Free or subsidised taxi rides (e.g., Uber)
• Free groceries

In return, the companies in question get highly valuable data to track customer purchasing and browsing behavior – with which they then improve their marketing and promotional efforts.

What are the bad guys doing?
There are essentially three potential vectors for loyalty card cyberthreats. On the one hand, brands could be defrauded by legitimate customers who try to game the system by, for example, opening multiple accounts. Another possible risk is of malicious employees at the firm who steal customer personally identifiable information (PII) and points. However, the biggest threat is from external attackers hijacking accounts to steal points, make purchases, transfer points and/or steal customer PII to sell on the cybercrime underground.

How do they do this?

• Phishing emails, texts, phone calls and messages designed to trick the user into handing over their account logins
• Credential stuffing attacks which use previously breached passwords and usernames across other online accounts which shares the same credentials
• Harvesting logins via fake mobile applications on third-party app stores

How bad is it?
There’s surprisingly little recent data detailing the scale of such attacks. However, loyalty card fraud increased 89% year-on-year in early 2020, according to one study. The same research estimates that direct and indirect losses from associated fraud reach around US$1 billion per year.

Separately, there were 100 billion credential stuffing attacks detected between July 2018 and July 2020, 63 billion of which were aimed at the retail, travel, and hospitality sectors. Hotel loyalty accounts can be sold on cybercrime forums for as much as US$850. Some entrepreneurial cybercriminals even operate shady ‘travel agencies’ which combine stolen credit cards and airline and hotel loyalty programs.

How can you protect loyalty points?
What can you do to protect your most important online accounts? It boils down to best practices around password management and awareness of phishing threats.

Here are our top seven tips:

1. Use strong, unique passwordsfor each account and consider storing them in a password manager
2. Switch on multi-factor authentication for all accounts that offer it. This will go a long way towards protecting your accounts from attackers
3. Only install mobile apps from trusted sources
4. Use scanning software to ensure apps are free of malware before downloading
5. Deploy security software from a reputable provider on all devices
6. Never click on links or open attachments in unsolicited emails/texts/social media messages
7. If you’re going to log into a loyalty account, visit the site directly rather than following links

Loyalty and reward card schemes are a mainstay of modern marketing and customer engagement strategies. They’re also a well-established money-maker for cybercriminals and fraudsters. Taking a few best-practice steps can help to secure your account against this activity. Also, with trillions of dollars of unspent reward points languishing in these accounts, another good way to keep points out of the bad guys’ hands is to make sure you actually redeem your rewards.

The post How to protect loyalty points from cybercriminals appeared first on My Startup World - Everything About the World of Startups!.

“Many industry organizations and companies note that ever since the start of the pandemic they noted a significant increase in the cyberattacks. Phishing or scam attempts will usually promise something impossible yet very desired in return for our personal data. Before the user understands what is going on, it is usually too late because some damage has been already done,” says Efi Dahan.

The global chaos is a perfect playing field for cybercriminals who usually do not hesitate to use their advantage in such situations. The fears for the health and safety of families might make the internet users an easier prey for them. But there are some steps that everyone can take in order to avoid unpleasant situations.

Watch out for phishing
The cybercriminals will try to impersonate various companies, delivery couriers, payment methods, e-stores or traditional stores. They might call, send emails, or text messages. Usually, they will state that there’s an incredible opportunity that needs to be taken advantage of very quickly (i.e. a sale or a discount), or highlight that there is some sort of danger, which needs to be fixed quickly (i.e. to prevent your account from being blocked).

If the user is unsure about the authenticity of that email, they might want to avoid clicking links in the message and instead of that, log in to their account directly from their browser or check in with the customer support. Pay attention also to typos, punctuation, or weird grammar – usually, official messages from the company will not contain such omissions. To make sure that everything is alright, it is also worth contacting them directly, i.e. by phone.

Suspicious shop promotions
Many users are exposed to targeted advertisements in social media showcasing unique products or highlighting discounts. Among a variety of really interesting goods offered by many niche shops, it is often difficult for sellers to understand whether they can trust a particular e-store, especially if it’s located abroad.

“In such cases, the user could look up reviews of the store to see what other buyers think about it. It is also helpful to take a look at the return policy and check the quality of its customer support,” advises Efi Dahan, “Payment methods that are available in the e-shop are also a good indicator of its trustworthiness. For example, if the user pays with PayPal and there is something wrong with the product or – worse – it never arrives at all, it is easy to dispute the unsuccessful purchase and receive the money back.”

Other suspicious situations might involve a seller asking the buyer to transfer money through unofficial channels rather than the official payment method available on the website.

The companies also protect their customers
Customers should be careful at all times and be wary of offers that are too good to be true. The importance of the trusted payment method is highlighted in such situations, as the fintech companies not only help their customers in recovering the money when something goes wrong. They also continuously work to ensure the highest protection measures are used for money transfers, such as fraud prevention based on machine learning, throughout the efforts of in-house IT specialists or acquisitions, such as the purchase of Simility by PayPal in 2018, valued at $120 million.

The post How to protect yourself against cybercriminals appeared first on My Startup World - Everything About the World of Startups!.

Social media sites are brimming with instant self-portraits, and children and teens are especially adept at taking and sharing images of themselves online. But it can be just as safely assumed that tweens and teens, and not only they, are far less aware of the risks that profuse and thoughtless sharing of selfies and group selfies can entail.

Here’s what you need to know, and teach your kids, before they hold their smartphones at arm’s length (or enlist the help of a selfie stick) and share photos with the online world. In fact, remember that even sending a picture privately may result in unintended consequences, as once it’s shared, you have no control over what happens to it.

Risks
Tech-savvy cybercriminals can glean enough information from a photo, and your child or their pals needn’t even make any revealing comments after the image goes public.

For one thing, if the phone has geolocation enabled, your child may be giving away his or her whereabouts, since the current location is saved and shared along with the photo. Combined with other seemingly innocuous details from the image or the child’s social media profile, this can be misused by thieves, sexual predators and other ill-intentioned individuals.

Also, even if geolocation is disabled, small details in the background, such as street names or landmarks, may reveal sensitive information about your child’s – and your entire family’s – location or other sensitive things such as precious belongings. This can put all of you in physical danger in the real world.

There are also hazards, such as cyberbullying, that may unfold within the confines of the online world, but with effects that can be far too palpable. Children who appear in images in potentially embarrassing poses or situations – without necessarily posting it online themselves – can become targets for (cyber)bullies at school and around the world. Being the subject of public mockery can be devastating — not only for the target’s online persona.

In fact, selfies can haunt a person years after they were posted and when their subjects are ready to fend for themselves. The internet doesn’t forget and, if worst comes to worst, an ill-considered selfie can stand in the way of a person’s admission to college, application for a scholarship, or landing a dream job. Many employers openly admit to getting the scoop on their applicants’ online presence, and an unflattering image from a booze-soaked party may not help advance one’s education or career.

So, what are some easy ways to help instill safe selfie habits in your kids?

Get involved
The single most important thing is to be involved, although this doesn’t (necessarily) mean putting your foot down. Instead, explain to your children why privacy matters and help them set up privacy settings safely throughout their social media profiles, and review the settings on a regular basis.

When it comes to selfies, show your children how to go over the images with a fine-toothed comb so they can find the smallest sensitive details that bad actors could use. Perhaps you could even make this a game – who can detect the most clues? Teach them about the risks of the internet and especially of social media sharing, ensuring that they’re aware of the kinds of situations that may put them and others at risk.

Walk the talk
The “Do as I say, not as I do!” admonition is unlikely to work. Let’s face it: Words alone may not bring the desired outcome unless they’re supported by actions. Since children are more likely to do what their elders do rather than what they say, you will need to become a role model.

In other words, if you can’t resist the urge to post portraits of yourself and your family or friends, you cannot expect your children to behave differently. Naturally, the same goes for excessive sharing of personal information on social sites. Lead by example.

Trust but verify
At the end of the day, it’s important to have an understanding of what kids are up to online. There are dedicated and reputable apps that give you some control over children’s devices and their online activities, so that you can help them stay away from trouble. In a nutshell, parental control features can filter and block age-inappropriate content, restrict what kind of information is shared, and keep tabs on kids’ screen time. They can also keep activity logs, giving you an insight into what kind of online content your children have accessed.

At any rate, remember to stay engaged with your kids and keep all lines of communication open. Just like in other areas of life, education and communication are vital to preventing trouble.

To learn more about dangers faced by children online as well as about how not only technology can help, head over to https://saferkidsonline.eset.com.

The post Risks associated with sharing selfies appeared first on My Startup World - Everything About the World of Startups!.