Author Archives: RKN Global

Home / Articles posted by RKN Global

Social Media: The Silver Platter for Identity Thieves

Why Not to Share Too Much about Kids on Social Media

It turns out that kids don’t like it when their parents share pictures or information about them on social media.  This is especially true for teens.  So say the reports of a recent poll taken by Microsoft.

While interesting, children’s preferences are not the main reason that parents should be careful with social media posts.  Security is.

Criminals and fraudsters look to many sources to collect information about potential victims. These sources include hacks of company databases (like Yahoo, Equifax, eBay), which yield sensitive information about their users.  They can involve low-tech methods like sifting through people’s mailboxes or trash for private information like social security number.

Serving Personal Information on a Silver Platter

In other cases, people hand over their personal information directly to criminals.  For example, a fake email can lead unsuspecting recipients to click or log in.  This could give thieves direct access to the victim’s computers or online accounts.

Social media is a shining example of handing information straight to criminals. People often overshare information on sites like Facebook, Twitter and Instagram.  As a result, identity thieves can gather profiles on victims piece by piece.  One post might show a birthday.  Another might list all the members of the family. Another might mention a hometown or even an address. Slowly, enough of a profile comes together for a criminal to commit identity theft.

This is in addition to the dangers of predators who might use social media information to find victims.

Of course, safety is a significant reason for why parents should be very careful when posting about their children online. Extreme caution is a tool for parents to make sure they are not handing their own children’s private information to scammers or to others who would harm them.

Parents cannot control whether a major company gets hacked.  But they can take care not to hand over their own and their children’s personal information on a silver platter.

 

How to Prevent Cyber Attacks Effectively

Computer hacker silhouette of hooded man with binary data and network security terms

In a recent destructive phishing attack, a cybercriminal initially hacked the email of an exhibitions firm and then used a spoofed email to trick its client into wiring money to an overseas bank.

This is just one recent example of the many cyber-attacks around the world, and it is certainly not the last.  What can organizations big and small do to  prevent such attacks?

Email: the deadly gateway

Over 91% of all cyber attacks are triggered by email, according to a recent study.  PwC asked 3.5 thousand IT and business leaders worldwide about resilience in order to find out which organizations are prepared to face and recover quickly from a cyber attack, and to and understand their operations.

Organizations deemed to be high “RQ” (resilience quotient)  have shifted their approach from a model of disaster recovery followed by business continuity to one of “resilience by design”. The newer approach involved having real-time views of higher-priority processes in order to allow responders and decision makers to react to incidents with a unified front.

To fight cyber attacks, companies must know in advance, before any actual cyber attack, the severity, nature and length of the disruptions that it can endure. The company must plan for the worst, including getting cyber insurance, putting all its security operations and personnel in place, and leaving no area unguarded– especially its email system.

Tabletop tests

The PwC report stresses that organizations must proactively test their level of preparation, including through “tabletop tests” which are simulations in which to rehearse important communications during attacks and to identify gaps and dependencies in several essential processes.

 

 

Fighting Misinformation, and Editorial Discretion

In September, Twitter closed down thousands of accounts globally which it said were spreading fake news and misinformation.  Twitter’s safety team said that it suspended many accounts in Europe and South America, as well as accounts from China.  Twitter’s move follows a trend among social media companies.  Previously, Facebook removed many fake accounts originating in the Middle East and China as well, on the grounds that they propagated fake news and misinformation.

The Balance: Fighting Misinformation, and Editorial Discretion

One of the significant external challenges that Twitter faces is the rise of political misinformation in advance of national elections in countries around the world.  As a result, the company has increased its focus on removing accounts that spread this misinformation.  Facebook and other social media companies also face this challenge.  The popularity of social media and the ease with which information can be shared on it makes it a prime area for those who wish to “win hearts and minds” with false information designed to look real.  Misinformation like this can threaten the integrity of elections by misleading voters in countries around the world.

As a result, social media platforms find themselves in a quandary:  They find themselves with a moral, and even in some cases, legal, responsibility to prevent their platforms from being used for such malicious purposes.  On the other hand, they claim to be platforms and not editors of information.  The process of weeding out and banning propagators of fake news challenges this definition, as these activities can cross the line into editorial discretion.

 

 

 

Third Party Consultants and Watchdogs: The Highs and the Lows

 

Companies, especially social media companies which navigate heretofore uncharted waters relating to politics, racial tension, and free speech, often benefit from association with independent, third-party organizations that can help keep their policies ethical and steer them in the direction of responsible stewardship.

Twitter was already facing censure and backlash from the government as well as from users when it announced the formation of the Trust and Safety Council in 2016. The Trust and Safety Council was an independent, external group with more than 40 outside experts and groups whose main task was to help “ensure that people feel safe expressing themselves on Twitter.”

Recently, however, some of the safety consultants revealed that Twitter has not been consulting them.

Twitter Trust and Safety Council wants more communication with company executives

Reportedly, the Twitter Trust and Safety Council had a good relationship with the company’s executives during the first two years of its formation, but subsequently, communication between them decreased. They did not have regular calls, or meetings with CEO Jack Dorsey to discuss new policies at the company annual summit.

Some members of the Trust and Safety Council sent a letter sent to Twitter’s leadership, highlighting that they have gone months without any updates from the company.  They wrote that the council had received no warnings about any changes in policy or about product changes, and concluded with a request to discuss the future of the council with the company’s CEO.

Twitter responds to the letter

Twitter responded to the letter stating that its leadership had been discussing ways to improve how the company works with advocates, partners, and experts, and arguing that one small group is not reflective of Twitter’s role worldwide, which is why the company was working to hear from a more diverse range of voices.

Ramifications

When companies like Twitter engage with external groups like the Trust and Safety Council, they get two major benefits:  independent counsel that can steer them away from abusive or damaging policies or practices, thus protecting the public as well as the company; and the public relations benefit of being able to tout these relationships as evidence of the company’s openness and dedication to social responsibility.

Of course, the voluntary nature of the relationship means that the degree of influence that the third parties have can vary greatly.

 

The Massive Scope of Cryptocurrency Fraud and Scams

Cryptocurrency fraud and scams may hit $4.3 billion in 2019

 

A blockchain security company, CipherTrace, reported on the large scale of cryptocurrency scams and hacks in the past several years.   These included over $125 million in stolen cryptocurrencies in the 2nd quarter of 2019, and $227 million lost to hacking in the first half of 2019.  It also included other scams, thefts and misappropriations totaling as much as $3.1 billion dollars.

On the heels of this comes a theft of $2.9 billion in deposits in an alleged scam involving a cryptocurrency exchange and wallet provider called PlusToken.   While six suspects allegedly affiliated with the scam have been arrested by Chinese police, the main operators of the scam are still out and running.  A loss of $2.9 billion would constitute the largest cryptocurrency exit scam to date.

CipherTrace estimated that cryptocurrency fraud and scams may reach $4.3 billion this year.

 

The Conditions for Fraud and Scams

As in all areas, criminals are attracted to opportunity and are deterred by risk.  The world of cryptocurrency is new, exciting and largely unregulated.  Investors don’t fully understand the product, and legal and technological protections are few.  This provides opportunity.

Similarly, the lack of strong regulatory schema worldwide, the proliferation of cryptocurrencies, ICOs, and exchanges, and the still not-fully-developed ability of law enforcement to catch the perpetrators, combine to minimize the risks to those who want to perpetrate cryptocurrency-related scams and crimes.

These factors make the circumstances ripe for cryptocurrency-related crime.

 

 

 

 

The Trend towards Transparency and Control

Control of Personal Data

New fields often develop in stages.   A few years ago, cryptocurrency made its grand entrance, tokens proliferated, and speculation ran high in an unregulated wild-west.  As the industry continues in its growth, regulators are beginning to step in and many see the need for order.

A similar phenomenon happened in social media.  For years, users shared data with social media companies without a real awareness of what those companies were doing with their data.  Much ink has been spilled about how the price we pay for the convenience of social media is our very privacy.

As data has grown to be one of the most valuable commodities of our era, its unbridled collection and use by social media companies has begun to attract public scrutiny.  We are just beginning to understand the importance of giving people control of their own data.

The growing awareness of the importance of control of personal data has reached the point that even big social media companies are beginning to respond.

Example: Control Over Personal Data on Facebook

For example, Facebook is tentatively rolling out an “Off-Facebook Activity” feature, which it claims will give users better control over some of their data which Facebook controls.  In particular, the feature refers to data shared with Facebook by other companies which Facebook can use to identify its own users.

To illustrate, imagine a shoe company sends Facebook information that someone browsed its website from a particular device.  Facebook then scans its databases and identifies that the individual attached to that device is one of its users.  It can then send more shoe-related ads to that user.

The “Off-Facebook Activity” feature is supposed to allow users to see which companies have sent identifying data about them to Facebook which Facebook has subsequently linked to their account.  It further enables users to disconnect the data from their personal account.

As a result, Facebook will no longer use the “shoe-store—user” connection to tailor ads towards the user, but will rely on more generic ads.

Regardless of how meaningful a nod it is to consumer privacy and control of data, Facebook’s new product certainly reflects the zeitgeist of the times:  Users’ control of their own personal data is important.