Source: What is your phone telling your rental car? | Consumer Information

August 30, 2016

by 

Lisa Weintraub Schifferle

Attorney, FTC, Division of Consumer & Business Education

When I rent a car, it’s fun to get all the bells and whistles – like navigation, hands-free calls and texts, streaming music and even web browsing. But did you know that cars with these features might keep your personal information, long after you’ve returned your rental car? Here are some things to keep in mind when renting a connected car.

What happens when you rent a connected car? When you use the car’s infotainment system, it may store personal information. It may keep locations you entered in GPS or visited when travelling in the rental car – like where you work or live. 

If you connect a mobile device, the car may also keep your mobile phone number, call and message logs, or even contacts and text messages. Unless you delete that data before you return the car, other people may view it, including future renters and rental car employees or even hackers.

If you decide to rent a connected car, here are some steps you can take to protect your personal information:

• Avoid connecting your mobile phones or devices to the infotainment system just for charging. It’s safer to use a cigarette lighter adapter to charge devices, instead of the car’s USB port. Why? In some cases, the USB connection may transfer data automatically.  

• Check your permissions. If you do connect your device to the car, the infotainment system may present a screen that lets you specify which types of information you want the system to access. Grant access only to the information you think is necessary – if you just want to play music, for example, you don’t need to okay access to your contacts.

• Delete your data from the infotainment system before returning the car. Go into the infotainment system’s settings menu to find a list of devices that have been paired with the system. Locate your device and follow the prompts to delete it. The owner’s manual and the rental car company may have more information about how to delete your data.

Want to learn more about how your personal information is shared and used every day? Watch this short video.

Sharing Information: A Day in Your Life

Every day, you share information about yourself with businesses and their affiliates. In fact, you might not realize just how often it happens.

Tagged with: car, online safety, privacy, technology, Wi-Fi

Blog Topics: 

Privacy, Identity & Online Security

Source: Inside ‘The Attack That Almost Broke the Internet’ — Krebs on Security

In March 2013, a coalition of spammers and spam-friendly hosting firms pooled their resources to launch what would become the largest distributed denial-of-service (DDoS) attack the Internet had ever witnessed. The assault briefly knocked offline the world’s largest anti-spam organization, and caused a great deal of collateral damage to innocent bystanders in the process. Here’s a never-before-seen look at how that attack unfolded, and a rare glimpse into the shadowy cybercrime forces that orchestrated it.

The following are excerpts taken verbatim from a series of Skype and IRC chat room logs generated by a group of “bullet-proof cybercrime hosts” — so called because they specialized in providing online hosting to a variety of clientele involved in spammy and scammy activities.

Gathered under the banner ‘STOPhaus,’ the group included a ragtag collection of hackers who got together on the 17th of March 2013 to launch what would quickly grow to a 300+Gigabits per second (Gbps) attack on Spamhaus.org, an anti-spam organization that they perceived as a clear and present danger to their spamming operations.

The attack –a stream of some 300 billion bits of data per second — was so large that it briefly knocked offline Cloudflare, a company that specializes in helping organizations stay online in the face of such assaults. Cloudflare dubbed it “The Attack that Almost Broke the Internet.”

The campaign was allegedly organized by a Dutchman named Sven Olaf Kamphuis(pictured above). Kamphuis ran a company called CB3ROB, which in turn provided services for a Dutch company called “Cyberbunker,” so named because the organization was housed in a five-story NATO bunker and because it had advertised its services as a bulletproof hosting provider.

Kamphuis seemed to honestly believe his Cyberbunker was sovereign territory, even signing his emails “Prince of Cyberbunker Republic.” Arrested in Spain in April 2013 in connection with the attack on Spamhaus, Kamphuis was later extradited to The Netherlands to stand trial. He has publicly denied being part of the attacks and his trial is ongoing.

According to investigators, Kamphuis began coordinating the attack on Spamhaus after the anti-spam outfit added to its blacklist several of Cyberbunker’s Internet address ranges. The following logs, obtained by one of the parties to the week-long offensive, showcases the planning and executing of the DDoS attack, including digital assaults on a number of major Internet exchanges. The record also exposes the identities and roles of each of the participants in the attack.

The logs below are excerpts from a much longer conversation. The entire, unedited chat logs are available here. The logs are periodically broken up by text in italics, which includes additional context about each snippet of conversation. Also please note that the logs below may contain speech that some find offensive.

Read more here.

Source: The top three ways to avoid fraud | Consumer Information

August 26, 2016

by 

Jennifer Leach

Assistant Director, Division of Consumer and Business Education

In pretty much every article and blog post we put out, you’ll find tips to help you avoid scams. The idea is that, if you can spot a scam, and know how to avoid it, you and your money are more likely to stay together.

Today, we’re releasing a brochure that distills those tips down to the top 10 ways to avoid fraud. This brochure – available online and in print – is your one-stop resource to help you spot imposters, know what to do about robocalls, and how to check out a scammer’s claims.

Here are three things that can help you avoid scammers who try to call you:

1. Hang up on robocalls. If you pick up the phone and hear a recorded sales pitch, hang up and report it to the FTC. These calls are illegal. And plentiful. Don’t press 1, 2 or any number to get off a list or speak to a person. That just means you’ll get even more calls.
2. Don’t trust your caller ID. Scammers can make caller ID look like anyone is calling: the IRS, a business or government office…even your own phone number. If they tell you to pay money for any reason, or ask for your financial account numbers, hang up.  If you think the caller might be legitimate, call back to a number you know is genuine – not the number the caller gave you.
3. Talk to someone. Before you give up money or information, talk to someone you trust. Scammers want you to make decisions in a hurry. Slow down, check out the story, search online – or just tell a friend. We find that people who talk to someone – anyone – are much less likely to fall for a scam.

For seven more tips to help protect yourself and loved ones from fraud, read on – or order your free copies of 10 Things You Can Do to Avoid Fraud to share in your community. And if you spot something that looks like a scam, report it to the FTC.

Tagged with: imposter, robocall, scam, telemarketing

Blog Topics: 

Money & Credit, Jobs & Making Money, Privacy, Identity & Online Security

Source: Big banks join forces to fight cyber crime | Imperva Cyber Security Blog

Source: Big banks join forces to fight cyber crime | Imperva Cyber Security Blog



August 15, 2016

Big banks join forces to fight cyber crime

Wall Street Journal and Fortune recently reported that eight of the largest U.S. banks are forming an alliance to better combat the growing threat of cyber-attacks targeting the financial services industry. The new group, which is in the early stages of development, includes J.P. Morgan Chase, Bank of America and Goldman Sachs.

Specifically, the group will share threat information with each other, develop comprehensive cyber-attack response plans and conduct cyber war games that simulate attacks. The group will operate under the umbrella of the larger Financial Services Information Sharing and Analysis Center (FS-ISAC).

Cyber Security a Top Priority

This new group underscores the importance of cyber security for the financial services industry, which has long been in the cross-hairs of cyber-attacks. Consider the following:

• The financial services industry was the most breached industry last year, accounting for 35% of data breaches – Verizon 2016 Data Breach Investigations Report (DBIR)
• Financial services ranked third in attacks last year – IBM 2016 Cyber Security Intelligence Index
• 68% of financial services firms experienced multiple successful attacks – 2016 Cyberthreat Defense Report

While this new alliance consists of big banks, who have more complex environments, smaller financial service firms are not immune to cyber-attacks. As larger banks and financial institutions strengthen their defenses, cyber criminals will move downstream seeking easier targets. Regional banks, credit unions and smaller investment houses must make cyber security a top priority as well.

Sharing Threat Information Improves Security

Let’s face it. The financial services industry (one could argue all industries) is fighting an asymmetric cyber war. The threats are ever-present and ever-changing. Cyber-attacks have become more sophisticated andindustrialized with attackers selling their services on the Dark Web. Security professionals are constantly a step behind attackers.

To get in front of growing cyber threats, financial services organizations must make a concerted effort to share cyber threat information. Sharing threat intelligence helps the financial services industry stay on top of new attacks, limit the causalities from emerging threats, and shortens the useful lives of attacks against banks and other financial firms.

Imperva recognizes the power of leveraging threat intelligence to improve security. We arm ourindustry-leading web application firewall with real-time threat intelligence. These threat intelligence feeds combine globally crowd-sourced data and research from the Imperva Defense Center.

Crowd-sourcing threat intelligence is vital because no single security team can stay abreast of today's dynamic threat landscape. Pooling the collective resources and knowledge across the financial services industry helps prioritize the threats to your institution, alleviates thecybersecurity skills shortage and significantly improve your institution’s security posture.

As a market leader in data and web application security, Imperva helps financial services organizations around the world protect against escalating cyber threats. Learn more about how our industry-leading data and web application security solutions can help your institution.

Authors & Topics: Narayan Makaram | Financial Services | Cheryl Tang | Perspectives