Blog | Sentrya

LG Smart TVs Now Use Emotionally Intelligent Ads with Zenapse AI Technology

In a bold move shaping the future of connected TV advertising, LG Electronics has partnered with artificial intelligence company Zenapse to introduce emotionally intelligent advertising to its smart TVs. This AI-driven innovation uses advanced emotional analytics to deliver personalised ads based on viewers’ psychological and emotional profiles. <h2 class= "text-heading">What Is Emotionally Intelligent Advertising?</h2> Emotionally intelligent advertising is the next evolution in personalised marketing. Rather than just targeting users based on demographics, browsing behaviour, or viewing history, this method leverages emotion-based data to tailor content more precisely. At the center of this technology is Zenapse’s Large Emotion Model (LEM), a proprietary AI system that maps out psychological patterns and emotional states across various audiences. When integrated into LG’s Smart TV platform, this model works in tandem with the TVs’ first-party viewership data to identify how users feel while watching content—and delivers ads that resonate on a deeper level. <h2 class= "text-heading">How LG’s Smart TV AI Works with Zenapse</h2> LG’s smart TVs already employ Automatic Content Recognition (ACR), a tool that gathers data about the content viewers consume, including shows and apps accessed through external devices. This gives LG valuable insight into a household’s viewing preferences. By combining ACR data with Zenapse’s emotion-detection AI, advertisers can now deliver highly relevant, emotionally-tuned ad experiences that reflect the viewer’s mindset. For example: • A user showing patterns of stress may see wellness or mindfulness ads. • A family engaging in uplifting content might receive vacation or family-focused brand messages. This is far beyond traditional contextual advertising—it’s what experts are calling emotionally-aware targeting. <h2 class= "text-heading">Data Privacy and Ethical Considerations</h2> As with all AI-powered personalisation, privacy is a major concern. LG’s smart TVs collect data through ACR, and while users can opt out, this type of emotionally aware targeting requires even more granular behavioural data. Consumer advocacy groups warn that technologies which infer mental or emotional states could cross ethical boundaries if not regulated properly. Transparency, consent, and data control will be key for LG and Zenapse to maintain user trust. LG has stated that all data used is anonymised and consent-based, but the introduction of emotion-based ads will likely renew calls for updated privacy legislation in the smart home and streaming ecosystem. <h2 class= "text-heading">What’s Next for Smart TV Advertising?</h2> This partnership signals a major shift in how ads are delivered on smart TVs. With emotionally intelligent AI models now in play, we can expect: • More platforms to adopt emotion-based personalisation • Expanded use of machine learning for real-time emotional detection • Regulatory scrutiny over AI and mental-state inference For now, LG and Zenapse are pioneering a new frontier in AI-driven, emotion-aware media experiences—one that could redefine the relationship between brands and consumers in the living room. Read more

How Data Brokers and AI Shape Digital Privacy: The Role of Publicis and CoreAI

In the digital age, vast amounts of personal data are being collected, analysed, and sold by data brokers—companies that specialise in aggregating consumer information. These entities compile data from various sources, creating highly detailed profiles that are then sold to advertisers, businesses, and even political organisations. One of the key players in this evolving landscape is Publicis Groupe, a global advertising and marketing leader, which has developed CoreAI, an advanced artificial intelligence system designed to optimise data-driven marketing strategies. This article explores how data brokers operate, the privacy concerns they raise, and how AI-powered marketing technologies like CoreAI are transforming digital advertising. <h2 class= "text-heading">What Are Data Brokers?</h2> How They Operate Data brokers collect and process personal data from a variety of sources, including: • Public Records: Government databases, voter registration files, and real estate transactions. • Online Behaviour: Website visits, search history, and social media activity. • Retail Purchases: Credit card transactions and loyalty program memberships. • Mobile Data: Location tracking from smartphone apps. This information is aggregated into comprehensive consumer profiles that categorise individuals based on demographics, behaviour, interests, and financial status. These profiles are then sold to companies for targeted advertising, risk assessment, and even hiring decisions. Privacy Concerns The mass collection and sale of personal data raise significant privacy issues, including: • Lack of Transparency: Most consumers are unaware that their data is being collected and sold. • Potential for Misuse: Personal information can be exploited for identity theft, scams, or discriminatory practices. • Limited Regulation: Many countries lack strict laws governing the data brokerage industry, allowing companies to operate with minimal oversight. In response to these concerns, regulatory bodies such as the Consumer Financial Protection Bureau (CFPB) are considering restrictions on data brokers, including banning the sale of Social Security numbers without explicit consent. <h2 class= "text-heading">Publicis Groupe: A Major Player in AI-Driven Marketing</h2> What is Publicis? Publicis Groupe is a global marketing and communications firm offering advertising, media planning, public relations, and consulting services. The company operates in over 100 countries and works with major brands across industries, leveraging advanced data analytics to enhance marketing campaigns. Introduction of CoreAI To further solidify its position as a leader in AI-driven marketing, Publicis introduced CoreAI in January 2024. CoreAI is an intelligent system designed to analyse and optimise vast datasets, including: • 2.3 billion consumer profiles • Trillions of data points on consumer behaviour This AI-powered tool integrates machine learning and predictive analytics to help businesses make data-driven marketing decisions, improve targeting accuracy, and enhance customer engagement. How CoreAI Uses Data CoreAI uses AI-driven insights to: • Enhance media planning: Optimising ad placements and improving ROI. • Personalise advertising: Delivering hyper-targeted ads based on individual behaviour. • Improve operational efficiency: Automating marketing tasks, reducing costs, and streamlining campaigns. Publicis has committed €300 million over the next three years to further develop its AI capabilities, reinforcing its goal of leading the AI-driven transformation of digital marketing. <h2 class= "text-heading">The Intersection of Data Brokers and AI in Advertising</h2> The combination of data brokers and AI-powered marketing platforms like CoreAI is reshaping how businesses interact with consumers. By leveraging massive datasets and machine learning, companies can: • Predict consumer behaviour with greater accuracy. • Refine targeted advertising to reach the right audience at the right time. • Enhance customer experiences through personalised content. However, this technological evolution also raises ethical and privacy concerns regarding consumer data rights, AI bias, and the potential misuse of personal information. <h2 class= "text-heading">How Consumers Can Protect Their Data</h2> Individuals concerned about data privacy can take several steps to protect their information: 1. Opt-out of data collection: Many data brokers offer opt-out options, though the process can be tedious. 2. Use privacy-focused services: Platforms like <a href= "https://sentrya.net" class= "content-link">Sentrya</a> help remove personal data from public databases. 3. Limit data sharing: Adjust privacy settings on social media, browsers, and mobile apps. 4. Stay informed: Keep track of legislation and regulations surrounding data privacy. The growing influence of data brokers and AI-driven marketing technologies is transforming the digital landscape. Companies like Publicis Groupe are pioneering AI solutions like CoreAI, offering advanced data-driven insights while raising concerns about consumer privacy. As regulations evolve, businesses and consumers alike must navigate the fine line between innovation and ethical data use. Read more

Amazon Will Save All Your Conversations with Echo

Starting 28th March, 2025, Amazon will discontinue the “Do Not Send Voice Recordings” feature on select Echo devices, resulting in all voice interactions being processed in the cloud. This change aligns with the introduction of Alexa Plus, Amazon’s enhanced voice assistant powered by generative AI. <h2 class= "text-heading">Background on the “Do Not Send Voice Recordings” Feature</h2> Previously, Amazon offered a feature allowing certain Echo devices to process voice commands locally, without sending recordings to the cloud. This feature was limited to specific models—namely, the Echo Dot (4th Gen), Echo Show 10, and Echo Show 15—and was available only to U.S. users with devices set to English. Its primary purpose was to provide users with greater control over their privacy by keeping voice data confined to the device. <h2 class= "text-heading">Transition to Cloud Processing</h2> In an email to affected users, Amazon explained that the shift to cloud-only processing is necessary to support the advanced capabilities of Alexa Plus, which leverages generative AI technologies requiring substantial computational resources. The email stated: “As we continue to expand Alexa’s capabilities with generative AI features that rely on the processing power of Amazon’s secure cloud, we have decided to no longer support this feature.” Consequently, all voice interactions with Alexa will be transmitted to Amazon’s cloud servers for processing, enabling more sophisticated and personalised responses. <h2 class= "text-heading">Privacy Controls and User Options</h2> Despite this change, Amazon emphasises its commitment to user privacy. Users will retain the ability to manage their voice recordings through the following options: • Automatic Deletion: Users can configure settings to ensure that voice recordings are not saved after processing. • Manual Deletion: Users can review and delete specific voice recordings via the Alexa app or the Alexa Privacy Hub. These measures allow users to maintain a degree of control over their data, even as cloud processing becomes standard. <h2 class= "text-heading">Implications for Users</h2> The move to mandatory cloud processing reflects Amazon’s strategy to enhance Alexa’s functionality through advanced AI capabilities. While this transition promises more dynamic interactions, it also raises concerns about data privacy and security. Users are encouraged to familiarise themselves with Alexa’s privacy settings to tailor their experience according to their comfort levels. As Amazon phases out local voice processing in favor of cloud-based AI enhancements, users must navigate the balance between embracing new technological advancements and managing their privacy preferences. Staying informed about these changes and proactively adjusting privacy settings will be crucial in this evolving landscape. Read more

Italy Data Protection Authority Blocks Chinese AI App DeepSeek Over Privacy Concerns

Italy’s Data Protection Authority, known as the Garante, has taken decisive action against the Chinese artificial intelligence application DeepSeek, citing significant concerns over user data privacy. The regulator has ordered an immediate block on the app’s operations within Italy and initiated a comprehensive investigation into its data handling practices. <h2 class= "text-heading">Background on DeepSeek</h2> Developed by Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence, DeepSeek is an AI-powered chatbot that has rapidly gained global popularity. Notably, it has surpassed U.S. competitor ChatGPT in downloads from Apple’s App Store, attracting attention from both users and regulatory bodies. <h2 class= "text-heading">Regulatory Actions and Concerns</h2> The Garante’s intervention was prompted by DeepSeek’s failure to provide adequate information regarding its data collection and processing methods. Specifically, the authority sought clarity on: • The types of personal data collected • The sources of this data • The purposes and legal basis for data processing • Whether user data is stored in China DeepSeek’s responses were deemed “completely insufficient,” leading to the immediate suspension of the app’s data processing activities concerning Italian users. The Garante emphasised the potential risk to the data of millions of individuals in Italy as a primary concern driving this decision. <h2 class= "text-heading">International Scrutiny</h2> Italy is not alone in its apprehensions regarding DeepSeek’s data practices. Data protection authorities in France, Ireland, and South Korea have also initiated inquiries into the app’s handling of personal information. These investigations reflect a growing global vigilance over the privacy implications of rapidly advancing AI technologies. <h2 class= "text-heading">Company’s Position and Market Impact</h2> DeepSeek has asserted that it does not operate within Italy and is therefore not subject to European legislation. However, the Garante proceeded with its investigation due to the app’s significant global download rates and potential impact on Italian users. The emergence of DeepSeek’s new chatbot has intensified competition in the AI industry, challenging established American AI leaders with its lower costs and innovative approach. The actions taken by Italy’s Data Protection Authority underscore the critical importance of transparency and compliance in the handling of personal data by AI applications. As AI technologies continue to evolve and proliferate, regulatory bodies worldwide are increasingly vigilant in ensuring that user privacy is safeguarded. The ongoing investigations into DeepSeek will serve as a significant benchmark for the enforcement of data protection standards in the AI industry. Read more

How Scam Emails Exploit Weaknesses in SMTP and Why It Is So Easy to Fake Emails

Email is one of the most widely used communication methods in the world, but it was designed in an era when security concerns were not a priority. This has led to a fundamental flaw in the way email works: it is incredibly easy to forge sender information, making it a powerful tool for scammers, spammers, and cybercriminals. <h2 class= "text-heading">The Problem: Email Headers Are Not Secure</h2> Most people assume that the “From” field in an email accurately represents the sender. However, due to the way the Simple Mail Transfer Protocol (SMTP) works, this is not necessarily true. SMTP is the protocol used to send emails, and it allows for the manipulation of sender and recipient information in a way that is not verified by default. Here’s how SMTP operates when sending an email: 1. The sending mail server introduces itself with a HELO (or EHLO for extended SMTP). 2. A MAIL FROM command specifies the sender’s email address. 3. A RCPT TO command specifies the recipient(s). 4. A DATA command sends the actual email, including headers and body. <h2 class= "text-heading">Why This is a Security Issue</h2> SMTP does not enforce validation of sender information. The email headers—such as To, Cc, and From—are not actually used to direct email delivery. Instead, they are just cosmetic fields added for user convenience. The actual routing is handled separately by the MAIL FROM and RCPT TO commands, which are not necessarily the same as what appears in the visible email headers. This means that a malicious actor can: - Send an email with a fake “From” address—making it appear as though it came from a trusted source. - Spoof the recipient fields—misleading users about who else received the email. - Make phishing emails look completely legitimate—tricking users into clicking malicious links or providing sensitive information. <h2 class= "text-heading">How Scammers Exploit This Weakness</h2> Because SMTP does not verify sender identities, scammers and attackers can send emails that appear to come from legitimate companies, government agencies, or even a victim’s coworkers or friends. Here are some common scams that take advantage of this: • Phishing Attacks: Emails appearing to be from banks, PayPal, or other trusted institutions ask recipients to “verify” their information by entering credentials on a fake website. • Business Email Compromise (BEC): Attackers impersonate executives or managers, instructing employees to wire money or send confidential data. • Fake Support Emails: Cybercriminals pretend to be customer service representatives from major companies, tricking users into handing over their login credentials. • Extortion and Blackmail: Scammers send emails pretending to be law enforcement or hackers, demanding payment in cryptocurrency to avoid consequences. <h2 class= "text-heading">Why Fixing This is Difficult</h2> The biggest challenge in securing email is that it was designed as a decentralised system, meaning there is no single authority that controls email security globally. Implementing a security solution without breaking existing email infrastructure is difficult. One possible solution would be for email clients to ignore unverified headers, but this would make email inconvenient because: • Users would lose the ability to see who an email was addressed to. • The “From” field might have to be removed entirely unless verified, which could disrupt email usability. Because of these trade-offs, email providers continue to display headers even though they can be falsified. <h2 class= "text-heading">Attempts to Fix Email Spoofing: SPF, DKIM, and DMARC</h2> To improve email security, modern email services use a combination of three protocols: 1. SPF (Sender Policy Framework) – Allows domain owners to specify which mail servers are allowed to send emails on their behalf. 2. DKIM (DomainKeys Identified Mail) – Uses cryptographic signatures to verify that an email was not altered after being sent. 3. DMARC (Domain-based Message Authentication, Reporting & Conformance) – Builds on SPF and DKIM to allow domain owners to specify how to handle emails that fail authentication. While these protocols help prevent domain-based spoofing, they do not verify the recipient fields (To, Cc) or fully prevent email impersonation. <h2 class= "text-heading">How Users Can Protect Themselves</h2> Because email spoofing remains a major issue, users need to be vigilant when handling emails: 1. Check the Email Headers • Many email clients allow users to view “raw” email headers. If the “Return-Path” or “Received” headers do not match the “From” address, it could be a spoofed email. 2. Be Wary of Urgent Requests for Information • Legitimate companies and banks will never ask for sensitive information via email. 3. Look for Authentication Indicators • Major providers like Gmail and Outlook display indicators when an email is verified through SPF, DKIM, and DMARC. 4. Use Cryptographic Email Verification (PGP) • Pretty Good Privacy (PGP) or S/MIME encryption can be used to digitally sign emails, ensuring they have not been tampered with. 5. Enable Two-Factor Authentication (2FA) on All Accounts • Even if credentials are stolen, 2FA can prevent unauthorised access. Email is inherently insecure when it comes to sender verification, and scammers continue to exploit this weakness to launch phishing and impersonation attacks. While security measures like SPF, DKIM, and DMARC help verify domain authenticity, they do not fully eliminate the risk of email spoofing. Until email protocols are fundamentally redesigned, users must remain cautious and employ security best practices to avoid falling victim to these scams. Understanding the limitations of email security can help individuals and businesses better protect themselves against cyber threats. Read more

Surveillance Pricing: How Your Data Influences Online Prices

In today’s digital marketplace, the prices you encounter online may be tailored specifically to you, influenced by factors such as your location, browsing history, and personal characteristics. This practice, known as “surveillance pricing,” involves companies leveraging detailed consumer data to set individualised prices for goods and services. <h2 class= "text-heading">Understanding Surveillance Pricing</h2> Surveillance pricing utilises advanced algorithms and artificial intelligence to analyse a myriad of data points, including: • Geographical Location: Your physical location can affect the prices you see, with variations based on regional demand or perceived purchasing power. • Browsing Behaviour: Data such as your mouse movements, time spent on specific pages, and items left in your shopping cart can inform dynamic pricing strategies. • Demographic Information: Details like age, gender, and income level may influence the pricing models applied to your online shopping experience. By analysing these factors, companies can adjust prices in real-time, potentially leading to higher costs for certain consumers. <h2 class= "text-heading">Regulatory Scrutiny and Consumer Protection</h2> The Federal Trade Commission (FTC) has expressed concern over the implications of surveillance pricing on consumer rights and market fairness. In July 2024, the FTC initiated an inquiry into this practice, seeking information from eight companies that offer surveillance pricing products and services. The investigation aims to shed light on the “shadowy ecosystem” of pricing intermediaries and their methods. FTC Chair Lina M. Khan emphasised the importance of this inquiry, stating, “Americans deserve to know whether businesses are using detailed consumer data to deploy surveillance pricing.” The investigation focuses on understanding the types of products and services involved, the data sources utilised, the target customers, and the overall impact on consumer pricing. <h2 class= "text-heading">Potential Risks and Ethical Considerations</h2> While personalised pricing can offer benefits such as discounts tailored to individual preferences, it also raises significant ethical and privacy concerns: • Privacy Invasion: The extensive collection and analysis of personal data can infringe upon individual privacy rights. • Economic Discrimination: Surveillance pricing may lead to unfair price disparities, with certain consumers paying more based on their personal data. • Exploitation of Vulnerable Populations: There is a risk of targeting susceptible individuals, such as those with specific health conditions, with overpriced or ineffective products. <h2 class= "text-heading">Protective Measures for Consumers</h2> To safeguard against potential exploitation through surveillance pricing, consumers can adopt several strategies: • Use Privacy Tools: Employ browser extensions and privacy-focused search engines to minimise data tracking. • Regularly Clear Cookies: Deleting cookies can prevent websites from storing and utilising your browsing history for pricing decisions. • Be Cautious with Personal Information: Limit the amount of personal data you share online, especially on e-commerce platforms. • Compare Prices: Utilise multiple websites and tools to compare prices before making a purchase, ensuring you receive the best available deal. As the FTC continues its investigation, the findings are expected to inform future regulations aimed at protecting consumers from unfair pricing practices. In the meantime, staying informed and proactive can help consumers navigate the complexities of surveillance pricing in the digital age. Read more

UnitedHealth Confirms Massive Data Breach Affecting 190 Million Americans

In a significant cybersecurity incident, UnitedHealth Group has confirmed that a data breach at its technology subsidiary, Change Healthcare, has compromised the personal information of approximately 190 million Americans. This event marks the largest healthcare data breach in U.S. history, surpassing previous records and raising substantial concerns about data security in the healthcare sector. <h2 class= "text-heading">Details of the Breach</h2> The breach occurred in February 2024, targeting Change Healthcare, a key technology unit within UnitedHealth Group responsible for processing insurance claims and managing patient data. The cyberattack was attributed to the ransomware group known as ALPHV, also referred to as BlackCat. This group infiltrated the company’s systems, leading to significant disruptions in claims processing and other critical operations nationwide. <h2 class= "text-heading">Scope of Compromised Data</h2> The compromised information includes a wide range of sensitive data: • Health insurance member identification numbers • Patient diagnoses • Treatment details • Social Security numbers Although there have been no confirmed reports of misuse of the affected information to date, the potential risks associated with such a vast amount of sensitive data being exposed are significant. <h2 class= "text-heading">Regulatory Compliance and Notifications</h2> In compliance with the Health Insurance Portability and Accountability Act (HIPAA), UnitedHealth has undertaken efforts to notify the majority of impacted individuals individually. Additionally, the company has issued a public notice to inform the broader community about the breach. These steps are crucial in mitigating potential harm and ensuring that affected individuals can take necessary precautions. <h2 class= "text-heading">Financial and Operational Impact</h2> The breach has had substantial financial implications for UnitedHealth Group. The company has projected a business disruption impact of $705 million for the year, stemming from various factors including: • Issuance of billions in loans to healthcare providers to manage the disruption • Costs associated with notifying affected individuals • Implementation of enhanced security measures Despite these challenges, UnitedHealth has maintained its full-year profit forecast, projecting an adjusted profit of $27.50 to $28.00 per share. The company has also resumed share buybacks, contributing to a 6% rise in its share price to $544.32. <h2 class= "text-heading">Industry-Wide Implications</h2> This incident underscores the critical importance of robust cybersecurity measures within the healthcare industry. The exposure of such a vast amount of sensitive patient information highlights vulnerabilities that can have far-reaching consequences for both individuals and organisations. In response to the increasing frequency and severity of cyberattacks, the Biden administration has proposed new cybersecurity regulations for healthcare organisations. These proposed measures aim to prevent significant data breaches and protect sensitive information through: • Implementation of encryption measures • Regular compliance checks under updated HIPAA standards The proposed regulations are expected to incur costs of $9 billion in the first year and $6 billion annually from the second to fifth years. This initiative reflects a proactive approach to addressing the escalating cybersecurity threats facing the healthcare sector. The UnitedHealth data breach serves as a stark reminder of the vulnerabilities present in the healthcare industry’s digital infrastructure. It highlights the necessity for continuous investment in cybersecurity measures and the development of comprehensive strategies to protect sensitive patient information. As the industry moves forward, it is imperative that organisations prioritise data security to maintain trust and safeguard the well-being of the individuals they serve. Read more

FTC Files Complaint Against Gravy Analytics and Venntel Over Misuse of Location Data

The Federal Trade Commission (FTC) has filed a detailed complaint against Gravy Analytics, Inc., and its subsidiary Venntel, Inc., accusing the companies of unfair and deceptive practices involving consumer geolocation data. This case highlights how companies handling sensitive location data can exploit it for profit, raising serious privacy concerns. <h2 class= "text-heading">Key Allegations in the Complaint</h2> The FTC’s complaint focuses on the following critical points: 1. Massive Collection and Sale of Location Data Gravy Analytics and Venntel allegedly collected precise geolocation data from billions of mobile devices daily without consumer consent. This data was sold to third parties, including government entities and private businesses. The companies used mobile advertising IDs (MAIDs) to identify and track individual users. 2. Tracking to Sensitive Locations The companies are accused of tracking consumers to sensitive locations such as religious institutions, political events, medical facilities, and domestic violence shelters. These practices revealed private details about individuals’ lives, such as their health conditions, political affiliations, and religious beliefs. 3. Creation of “Audience Segments” Gravy Analytics allegedly categorised individuals into over 1,100 audience segments based on their location data. Examples include “New Parents/Expecting,” “Political Activists,” and “Women’s Health.” These audience segments, tied to specific MAIDs, were then sold to customers, enabling invasive targeted advertising and profiling. 4. Failure to Verify Consent The complaint alleges that Gravy Analytics and Venntel did not take reasonable steps to verify whether consumers had consented to the collection and sale of their location data. In some cases, the companies used data from suppliers who failed to provide clear information on how consumer consent was obtained. 5. Impact on Privacy and Security The FTC argues that the data practices of Gravy Analytics and Venntel caused significant harm to consumers by invading their privacy and exposing them to risks of stigma, discrimination, and physical harm. <h2 class= "text-heading">Business Practices That Fuelled Privacy Violations</h2> According to the FTC, Gravy Analytics and Venntel’s practices were particularly invasive: • Raw Location Data Sales: Gravy Analytics sold raw location data, including precise latitude and longitude coordinates, along with timestamps and IP addresses. • Geo-Fencing Tools: The companies offered geo-fencing capabilities that allowed customers to identify and target users present at specific locations during designated timeframes. • Continuous Tracking: Venntel provided tools to continuously monitor a single device’s movement over time, revealing users’ daily routines and social associations. These practices enabled customers to track individuals, even linking their movements to specific events or characteristics like political affiliation or health conditions. <h2 class= "text-heading">FTC’s Charges and Violations</h2> The FTC outlined three major violations of Section 5 of the FTC Act: 1. Unfair Sale of Sensitive Location Data The sale of geolocation data tied to sensitive locations caused substantial harm, such as privacy invasions and the risk of discrimination. 2. Unverified Collection of Location Data Gravy Analytics and Venntel failed to ensure consumers were informed about how their data was collected and used, often repurposing the data for government and commercial purposes beyond the original consent. 3. Sale of Sensitive Inferences Gravy Analytics categorised users based on sensitive characteristics inferred from their location data. For example, individuals attending breast cancer support groups were tagged as “Women’s Health,” which was then sold to marketers. <h2 class= "text-heading">Consumer and Societal Impact</h2> The misuse of geolocation data poses significant risks to individuals, including: • Privacy Violations: The collection of precise geolocation data without consent enables intrusive monitoring of individuals’ daily lives. • Discrimination: Audience segments like “Political Activist” or “Women’s Health” could lead to discriminatory practices in employment, healthcare, or insurance. • Stigma and Harm: Individuals tracked to sensitive locations, such as LGBTQ+ events or domestic violence shelters, could face stigma or physical harm if their information is leaked or misused. The FTC also highlighted cases where precise location data led to harmful outcomes, such as the exposure of a Catholic priest’s private activities and the tracking of “abortion-minded women” for targeted ads. <h2 class= "text-heading">FTC’s Demands and Next Steps</h2> The FTC seeks to hold Gravy Analytics and Venntel accountable for their violations by demanding: • Ceasing Data Sales: Prohibit the sale of sensitive geolocation data. • Reforms to Consent Practices: Implement strict measures to verify consumer consent. • Consumer Protections: Introduce safeguards to prevent harm from the misuse of location data. This case underscores the growing need for stricter regulations on the collection and sale of location data. The FTC’s actions highlight the importance of transparency, consent, and accountability in the data economy. As the surveillance economy continues to expand, this case may serve as a precedent for holding other companies accountable for invasive data practices. Read more

Sophisticated Phishing Scam Exploiting Google Calendar Invites

Cybersecurity experts are warning Gmail users about a sophisticated phishing scam that exploits Google Calendar invites to gain unauthorised access to sensitive information. This new tactic preys on user trust, using seemingly legitimate calendar events as a gateway for cybercriminals to steal personal details and financial information. Here’s a deep dive into how this scam operates, what makes it so effective, and the steps Gmail users can take to protect themselves. <h2 class= "text-heading">The Mechanics of the Scam</h2> The phishing scam begins with attackers sending fake Google Calendar invitations to users. These invites often appear legitimate, mimicking the style and tone of calendar events created by trusted individuals or organisations. Once the recipient accepts the invite, they are redirected to malicious links embedded within the event description. These links may lead to: • Fake Google Forms or login pages asking for sensitive information. • Fraudulent reCAPTCHA verifications designed to trick users into confirming their credentials. • Spoofed customer support pages prompting users to share payment details or other personal data. What makes this scam particularly dangerous is the impersonation of trusted sources. Reports indicate that over 300 reputable brands have been spoofed in these attacks, with more than 4,000 phishing emails distributed in just a month. The scammers manipulate the sender information, making the invites seem like they originate from genuine contacts or organisations, further increasing the likelihood of user interaction. <h2 class= "text-heading">Why It’s Effective</h2> Phishing attacks that exploit built-in features of widely used services like Google Calendar are exceptionally effective. Many users are accustomed to receiving legitimate calendar invites for meetings, appointments, or events. This creates a false sense of security, as people are less likely to question the authenticity of an event that appears directly in their calendar. Additionally, the use of calendar invites allows attackers to bypass traditional email filters, making these phishing attempts even harder to detect. <h2 class= "text-heading">Google’s Response: The ‘Known Senders’ Setting</h2> To help combat this threat, Google has introduced a feature in Google Calendar called the ‘known senders’ setting. This setting allows users to restrict the automatic addition of events to their calendar based on the sender’s credibility. Here’s how to enable it: 1. Access Google Calendar Settings: Open Google Calendar in your browser and click on the gear icon in the top-right corner to access the Settings menu. 2. Go to Event Settings: Under the ‘General’ tab, select ‘Event Settings.’ 3. Adjust Invitation Preferences: In the ‘Add invitations to my calendar’ section, choose the option ‘Only if the sender is known’. This ensures that events are only automatically added to your calendar if the sender is in your contacts, part of your organisation, or someone you’ve interacted with before. <h2 class= "text-heading">Other Security Measures to Protect Yourself</h2> While enabling the ‘known senders’ setting is a critical step, it’s not the only measure users should take. Here are additional tips to stay safe from phishing scams: • Examine Unexpected Invites: Be cautious of unsolicited calendar invites, especially those from unknown senders. If you receive an invite you don’t recognise, investigate its source before interacting with it. • Avoid Clicking Suspicious Links: Never click on links or download attachments from unfamiliar sources, even if they appear in calendar invites. • Enable Two-Factor Authentication: Adding an extra layer of security to your Gmail account can help prevent unauthorised access, even if your credentials are compromised. • Stay Up-to-Date: Regularly update your security settings and monitor for new features or advisories from Google and cybersecurity experts. • Use Antivirus Software: Install reliable antivirus software to protect against malware that may be delivered through phishing links. <h2 class= "text-heading">Why This Matters</h2> Phishing scams like this one underscore the importance of being proactive about online security. By exploiting trusted platforms like Google Calendar, cybercriminals can effectively bypass traditional security measures and target unsuspecting users. This highlights the need for increased awareness and vigilance among internet users. As phishing tactics become increasingly sophisticated, taking simple steps to secure your digital environment can make all the difference. Enabling the ‘known senders’ setting, staying alert to suspicious activity, and educating yourself on common cyber threats are all critical to keeping your personal information safe. This latest phishing campaign serves as a stark reminder of the ever-evolving tactics used by cybercriminals. Gmail users must take the threat seriously and implement the recommended security measures to safeguard their accounts. By remaining vigilant and leveraging Google’s security features, you can significantly reduce the risk of falling victim to such scams. Read more

How Online Behavioural Ads Power the Surveillance Industry and Threaten Your Privacy

Online behavioural advertising has revolutionised the digital marketing landscape, allowing businesses to tailor ads to individual users based on their online activities. While this personalisation is often touted as beneficial for consumers and advertisers alike, the reality is more troubling. The intricate systems that enable targeted advertising are also fueling a global surveillance industry that undermines privacy and exacerbates digital vulnerabilities. <h2 class= "text-heading">What Are Online Behavioural Ads?</h2> Online behavioural advertising relies on data collected from users’ online activities, such as browsing habits, search queries, location data, and even device information. This data is used to build detailed profiles of users, allowing advertisers to deliver highly personalised ads. While this approach improves ad relevance, it comes at a cost: extensive tracking and data sharing. One of the key technologies driving this system is Real-Time Bidding (RTB). RTB is an automated process in which advertisers bid for ad space in milliseconds, targeting specific users based on their profiles. Every time a user visits a webpage, an auction takes place behind the scenes, and the winning bidder’s ad is displayed. However, this process involves sharing user data with a multitude of third parties—advertisers, data brokers, and other intermediaries. <h2 class= "text-heading">Privacy Risks Associated with Behavioural Ads</h2> The Electronic Frontier Foundation (EFF) has highlighted significant concerns about the privacy implications of online behavioural advertising. The sheer volume of data collected for ad targeting creates a treasure trove for companies and bad actors alike. This data can be misused in various ways: 1. Mass Surveillance: Governments and intelligence agencies can exploit the vast datasets generated by online advertising systems for surveillance purposes. The extensive tracking of user behaviour creates opportunities for unwarranted monitoring and profiling. 2. Data Breaches: The more data that is collected and shared, the greater the risk of breaches. Sensitive user information, such as browsing history and location data, can be exposed in cyberattacks, leading to identity theft and other security issues. 3. Discrimination and Bias: The profiling enabled by behavioural advertising can reinforce biases and lead to discriminatory practices. For example, certain groups may be unfairly excluded from job or housing ads based on inferred characteristics. 4. Erosion of Consent: Many users are unaware of the extent of data collection happening in the background. Even when consent is sought, it is often buried in lengthy and opaque privacy policies, making it difficult for users to make informed decisions. <h2 class= "text-heading">The Role of Real-Time Bidding (RTB)</h2> RTB is a central concern in the debate over online behavioural advertising. Every RTB auction involves broadcasting user data to potentially hundreds of third parties. This data often includes sensitive information, such as browsing behaviour, location, and device details. Once shared, this data can be stored, analysed, and even sold to other entities, creating a sprawling web of surveillance. Despite assurances from tech companies that user data is anonymised, researchers have repeatedly demonstrated that anonymised data can often be re-identified with minimal effort. This undermines the argument that RTB systems are privacy-safe. <h2 class= "text-heading">How the Surveillance Industry Benefits</h2> The surveillance industry thrives on the data collected for behavioural advertising. Data brokers, who buy and sell user data, are key players in this ecosystem. These entities aggregate data from multiple sources, creating comprehensive profiles that can be used for purposes far beyond advertising, including law enforcement surveillance and political manipulation. For example, during election seasons, political campaigns can leverage data collected through advertising systems to micro-target voters with tailored messages. Similarly, insurance companies might use data about users’ browsing habits to assess risk and adjust premiums. <h2 class= "text-heading">The Need for Stronger Regulations</h2> The EFF and other privacy advocates are calling for robust regulatory measures to address the privacy risks posed by online behavioural advertising. Key recommendations include: 1. Restricting Data Collection: Companies should be limited in the amount and type of data they can collect for advertising purposes. 2. Ensuring Transparency: Users should be clearly informed about how their data is being collected, used, and shared. 3. Banning RTB Systems: The inherently invasive nature of RTB has led some privacy advocates to call for its outright ban. 4. Empowering Users: Tools like browser extensions and privacy-focused search engines should be promoted to help users regain control over their data. <h2 class= "text-heading">What Users Can Do</h2> While systemic changes are necessary, individuals can take steps to protect their privacy in the meantime: • Use Privacy Tools: Browser extensions like uBlock Origin and Privacy Badger can block trackers and ads. • Opt Out of Tracking: Many platforms offer options to limit tracking. Users should explore these settings and opt out wherever possible. • Be Cautious Online: Avoid clicking on suspicious links or sharing unnecessary personal information. • Educate Yourself: Understanding how data collection works can help users make more informed choices. Online behavioural advertising is a double-edged sword. While it offers undeniable benefits in terms of ad relevance and user engagement, it also fuels a vast surveillance apparatus that erodes privacy and threatens security. As the EFF emphasises, it is crucial for regulators, companies, and individuals to work together to create a digital ecosystem that respects user privacy. Until then, users must remain vigilant and proactive in protecting their data. Read more

Nearly 1 Million Americans Affected in Major Data Breach: Sensitive Medical and Personal Records Exposed

In one of the most significant healthcare-related data breaches this year, sensitive personal and health records of nearly 1 million Americans have been exposed. ConnectOnCall, a doctor-patient communications platform owned by health tech company Phreesia, disclosed that the breach affected 914,138 users. The exposed data includes an alarming range of sensitive information, such as names, phone numbers, dates of birth, medical conditions, treatments, medications, and even Social Security numbers. <h2 class= "text-heading">Details of the Breach</h2> The breach was discovered earlier this year, with ConnectOnCall determining that between February 16, 2024, and May 12, 2024, an unauthorised third party accessed data stored within its application. This application, used for communications between healthcare providers and patients, handles critical interactions such as prescription inquiries, lab result discussions, and telehealth consultations. ConnectOnCall took immediate action by taking its platform offline upon detecting the breach. The company has since been working to restore the product in a more secure, updated environment. In a statement addressing the incident, ConnectOnCall explained: “ConnectOnCall’s investigation revealed that… an unknown third party had access to ConnectOnCall and certain data within the application, including certain information in provider-patient communications… ConnectOnCall took the ConnectOnCall product offline and has been working through a phased restoration of the product in a new, more secure environment.” <h2 class= "text-heading">What Was Exposed?</h2> The breached database reportedly included the following types of sensitive information: • Full names • Phone numbers • Dates of birth • Health conditions and diagnoses • Treatments and medications • Social Security numbers This comprehensive data set makes the breach particularly devastating, as it not only exposes individuals to identity theft but also to healthcare fraud and other forms of cybercrime. <h2 class= "text-heading">How ConnectOnCall Is Responding</h2> The company has taken measures to notify affected users of the breach. Earlier this month, ConnectOnCall sent letters to impacted individuals, explaining the scope of the security incident and providing details on the types of data exposed. To help mitigate the potential fallout, ConnectOnCall is offering identity and credit monitoring services to those whose Social Security numbers were compromised. The company has also urged users to remain vigilant and to report any suspicious activity, including unauthorised healthcare claims or attempts at identity theft. <h2 class= "text-heading">Broader Implications of the Breach</h2> Healthcare data breaches are especially concerning because of the high value of medical information on the dark web. Unlike financial data, which can be canceled or changed, healthcare records are immutable and can be exploited for long-term fraud schemes. For instance, stolen Social Security numbers and medical histories can be used to: • Commit medical identity theft, such as filing fraudulent insurance claims. • Craft convincing phishing attacks targeting individuals with known medical conditions. • Open fraudulent accounts or obtain loans using compromised personal data. The breach highlights the persistent vulnerabilities in the healthcare sector’s digital systems, particularly in platforms handling sensitive patient-provider communications. <h2 class= "text-heading">What Affected Individuals Should Do</h2> If you believe you were impacted by this breach or received a notification from ConnectOnCall, consider taking the following steps to protect your personal and financial information: 1. Enroll in Identity Protection Services If your Social Security number was exposed, use the credit monitoring services provided by ConnectOnCall. These services can alert you to signs of fraud and help restore your identity if it is stolen. 2. Monitor Financial and Medical Accounts Keep a close eye on your credit reports, bank accounts, and insurance statements for any unusual activity. Promptly report suspicious transactions or unauthorised claims to your financial institution or insurer. 3. Be Cautious of Phishing Scams Cybercriminals may use your exposed information to craft phishing emails or messages. Avoid clicking on suspicious links or providing additional personal information unless you are certain of the sender’s authenticity. 4. Freeze Your Credit Placing a credit freeze with the three major credit bureaus (Experian, TransUnion, and Equifax) can prevent anyone from opening new accounts in your name. 5. Change Your Passwords If you used similar passwords across multiple platforms, update them immediately and consider using a password manager to generate and store strong, unique passwords. <h2 class= "text-heading">A Call for Stronger Cybersecurity in Healthcare</h2> This breach underscores the critical need for stronger cybersecurity measures in the healthcare sector. With sensitive patient data at stake, healthcare providers and tech firms must adopt more robust security protocols, including: • Regular penetration testing and security audits. • Enhanced employee training to recognise phishing attacks. • Strong encryption for data both in transit and at rest. • Implementation of multi-factor authentication for all systems. Regulatory frameworks like the Health Insurance Portability and Accountability Act (HIPAA) in the United States provide guidelines for safeguarding patient data, but compliance alone is not enough. Organisations must go above and beyond to stay ahead of increasingly sophisticated cyber threats. The ConnectOnCall breach affecting nearly 1 million Americans is a sobering reminder of the vulnerabilities in our digital healthcare systems. For individuals, the breach presents a significant risk to personal and financial security, emphasising the importance of vigilance and proactive protection measures. For the healthcare industry, this incident serves as a call to action to prioritise data security and prevent future breaches. Read more

French Records Exposed by Mysterious Data Hoarder

A concerning data breach has recently come to light, revealing over 90 million records of French citizens. This exposed database contains a wealth of personal information, including phone numbers, email addresses, and partial payment details, putting millions at risk of identity theft, fraud, and targeted cyberattacks. The breach was uncovered by cybersecurity researchers who discovered the unsecured Elasticsearch server hosting this sensitive data. What makes this breach even more alarming is its mysterious origins and wide-ranging implications. <h2 class= "text-heading">The Discovery: An Unsecured Treasure Trove of Data</h2> The exposed server, totaling over 30.1 GB and containing more than 95 million documents, was found accessible without authentication or security controls. This indicates a severe misconfiguration that left the data open to public access. Researchers investigating the breach identified the server as being hosted by a small French company, raising questions about compliance with European data protection laws such as the General Data Protection Regulation (GDPR). Even more concerning is the origin of the data itself. The database appears to be an aggregation of information from at least 17 prior data breaches, spanning industries such as telecommunications, e-commerce, and social media. Files within the database were labeled with names suggesting associations with well-known entities like Lycamobile, Discord, Snapchat, Darty, and Pandabuy. However, the exact connection between these companies and the leaked data remains unverified. <h2 class= "text-heading">The Impact: Increased Risks for French Citizens</h2> This breach is particularly devastating because it exposes a combination of personal and financial information, which is highly valuable to cybercriminals. The exposed data can be weaponised in various ways, including: • Phishing Attacks: Personalised phishing emails, calls, or messages that exploit the leaked data to appear credible and trick individuals into revealing additional sensitive information. • Identity Theft: Fraudsters can use the stolen details to impersonate victims and carry out unauthorised activities, such as opening credit accounts or committing tax fraud. • Social Engineering Scams: With access to personal details, attackers can manipulate victims into compromising their own security further. Given the prolonged period during which the server was publicly accessible, it is highly likely that malicious actors have already accessed and potentially misused this data. <h2 class= "text-heading">Who Is Behind the Breach?</h2> The identity of the individual or group responsible for compiling and exposing the data remains unknown. Dubbed a “mysterious data hoarder,” the perpetrator’s motive is unclear. The act of aggregating data from multiple breaches suggests a deliberate and organised effort, possibly for monetisation on dark web marketplaces or to orchestrate large-scale attacks. <h2 class= "text-heading">Lessons Learned: How to Prevent Such Breaches</h2> This incident underscores the importance of robust cybersecurity measures for organisations handling personal data. Below are key lessons and best practices for preventing such breaches in the future: 1. Implement Strong Authentication: Ensure all databases require robust authentication protocols to prevent unauthorised access. 2. Conduct Regular Security Audits: Frequent reviews of cloud infrastructure and other digital assets can help identify and fix vulnerabilities. 3. Adhere to GDPR and Other Regulations: Organisations operating within the EU must comply with strict data protection laws to avoid legal penalties and safeguard user privacy. 4. Data Minimisation: Companies should collect only the information essential for their operations and securely dispose of outdated records. 5. Penetration Testing: Regular penetration tests simulate cyberattacks to identify weaknesses before malicious actors can exploit them. <h2 class= "text-heading">Steps for Affected Individuals</h2> For the 90 million French citizens whose data may have been exposed, immediate action is crucial to mitigate potential risks: 1. Monitor Financial Accounts: Keep a close eye on bank and credit card statements for any unauthorised transactions. 2. Be Cautious with Communications: Watch for suspicious emails, messages, or calls that could be phishing attempts. 3. Enable Alerts: Activate security alerts on your financial accounts to receive immediate notifications of unusual activities. 4. Use Identity Theft Protection: Consider enrolling in an identity theft monitoring service that tracks the misuse of personal information. The exposure of over 90 million French records serves as a grim reminder of the vulnerabilities inherent in the digital age. As cybercriminals become increasingly sophisticated, organisations must prioritise cybersecurity, enforce compliance with data protection regulations, and adopt proactive measures to protect sensitive data. Meanwhile, individuals must remain vigilant and take necessary steps to protect their personal information. Only through collective effort can we mitigate the risks posed by such breaches. Read more

Fake Captcha: A Growing Threat for Online Users

In a disturbing new trend, cybercriminals have been exploiting fake captcha forms to distribute malicious software, leading to an increase in infostealer infections. These attacks, which bypass traditional security measures, affect thousands of unsuspecting users and steal sensitive data, such as login credentials, Social Security numbers, and other personal details. Here’s a detailed breakdown of how these attacks work, their potential consequences, and what users can do to protect themselves. <h2 class= "text-heading">What Are Fake Captcha Attacks?</h2> Captchas, or Completely Automated Public Turing tests to tell Computers and Humans Apart, are used across the internet to differentiate between human users and automated bots. While captchas serve a vital purpose in preventing automated attacks, they have become an increasingly popular tool for cybercriminals. In this new wave of attacks, hackers create fake captcha forms that appear legitimate but are actually designed to trick users into downloading malicious software. The fake captcha pages are typically disguised as a routine part of a website’s authentication process. The user is prompted to solve a captcha, which, when clicked, activates a chain of malicious activities. The most common malware spread by these fake captchas is the Lumma infostealer malware. Once installed, this malware steals personal and financial data from the user’s device. <h2 class= "text-heading">How Do Cybercriminals Exploit Captchas?</h2> To maximise the success of their attack, hackers use ad networks to place these fake captcha forms on over 3,000 legitimate websites. These ad networks, which are often used to monetise web traffic, are infiltrated by malicious actors who inject harmful scripts into otherwise trustworthy pages. Because the forms are hosted on legitimate sites and appear to be part of the regular user experience, they evade detection by traditional security measures, including ad blockers. Cloaking techniques are often employed to further avoid detection. These techniques involve modifying the malicious content so that security systems and automated crawlers see only safe content while real users are shown the harmful scripts. This allows the malware to spread rapidly without being blocked by antivirus or anti-malware systems. <h2 class= "text-heading">The Role of Malvertising</h2> The technique used in these fake captcha campaigns is part of a larger trend known as malvertising. Malvertising is the use of online advertising networks to distribute malware. By leveraging large ad platforms that serve ads across thousands of websites, attackers can target vast numbers of users. Since many websites rely on third-party ad services to display ads, they are often unaware that malicious scripts are running on their sites. These kinds of attacks can be devastating for both users and businesses. For users, the risks are high, with stolen data leading to identity theft, fraud, and financial losses. For businesses, the consequences can include damaged reputations, legal ramifications, and a loss of consumer trust. <h2 class= "text-heading">The Impact of the Lumma Infostealer</h2> The malware at the center of this campaign is the Lumma infostealer, a type of data-stealing malware that can extract highly sensitive information from compromised devices. Once installed, Lumma quietly operates in the background, collecting data such as usernames, passwords, banking details, and even health records. Given that this malware is often spread through seemingly harmless interactions with online ads, users may not realise they have been infected until the damage is already done. One of the most troubling aspects of Lumma infections is that they primarily target sensitive financial and personal data. With this kind of access, cybercriminals can launch more sophisticated attacks, including identity theft, fraud, and unauthorised transactions. Additionally, the stolen information can be used for future phishing attacks, where the attackers impersonate legitimate organisations to trick victims into revealing more personal information. <h2 class= "text-heading">Protecting Yourself from Fake Captcha Attacks</h2> There are several steps users can take to protect themselves from falling victim to these malicious captcha schemes: 1. Be cautious with captcha forms: If a captcha seems out of place or asks for unnecessary personal information, do not engage with it. 2. Use reliable ad blockers: Installing ad-blocking software can prevent malicious ads from loading on your device. 3. Update security software regularly: Ensure that antivirus and anti-malware programs are always up to date to detect and prevent threats like Lumma. 4. Verify websites: Before entering sensitive information or interacting with captcha forms, make sure the website is legitimate and uses HTTPS for secure transactions. 5. Educate yourself and others: Stay informed about common cyber threats, and educate your friends and family on how to spot phishing scams and suspicious pop-ups. <h2 class= "text-heading">The Need for Stronger Regulation in Digital Advertising</h2> While the focus is often on individual users’ security practices, there is a broader need for stronger regulation and monitoring of ad networks. These platforms are essential to the operation of many websites, but they are often inadequately monitored for malicious content. The success of campaigns like this highlights the vulnerabilities in the digital advertising industry and underscores the need for more stringent measures to detect and block malicious ads before they reach users. The rise of fake captcha ads as a vector for malware infections is a stark reminder of the ever-evolving nature of cyber threats. As cybercriminals continue to exploit vulnerabilities in the online ad ecosystem, users must remain vigilant and take proactive steps to safeguard their personal information. By recognising the signs of phishing and malware attacks, and by using the latest security tools, individuals can reduce their risk of falling victim to these types of sophisticated cyberattacks. Read more

Thousands of Children Exposed in Major Breach

In a troubling cybersecurity incident, the health IT company Datavant suffered a data breach in May that exposed sensitive information about over 11,000 children. Hackers gained access to an employee’s email account through a phishing attack, obtaining personal and financial details such as names, addresses, Social Security numbers, and even health records. The breach, lasting just two days, revealed highly sensitive data stored in the compromised email inbox. While Datavant acted quickly to secure the account, the exposed information poses significant risks, including identity theft, medical fraud, and targeted scams. Unlike breaches targeting adults, this incident has uniquely severe implications. Stolen data related to minors can be used for years to commit fraud before being detected, as children’s financial histories are typically unchecked. In particular, medical identity theft could result in false insurance claims and harm families. <h2 class= "text-heading">Datavant’s Response</h2> Datavant has bolstered its cybersecurity protocols, training employees to recognize phishing emails. It is also offering affected families two years of free identity theft protection services through Kroll. These services include credit monitoring, fraud consultation, and identity restoration support. Families whose children’s data may have been compromised should receive breach notification letters with details on how to enroll in the protection program. <h2 class= "text-heading">Protecting Your Family</h2> If you suspect your child’s data has been exposed, take proactive measures to minimise potential risks: 1. Sign Up for Identity Monitoring: Enroll in the free Kroll services provided by Datavant. 2. Monitor Financial Activity: Look for unusual transactions or credit activities associated with your child’s identity. 3. Be Alert for Phishing Emails: Watch for suspicious emails from unknown senders or those urging immediate action. 4. Use Antivirus Software: Protect devices with reputable antivirus tools to prevent malware infections. 5. Educate Your Family: Teach children how to recognise phishing scams and avoid sharing sensitive information online. <h2 class= "text-heading">Implications for Online Safety</h2> This incident underscores the growing trend of hackers targeting organisations handling sensitive data. Parents, in particular, must remain vigilant about their family’s online presence and take precautions to safeguard children’s personal information. As hackers continue to exploit vulnerabilities through phishing and other attacks, staying informed and adopting robust security practices is vital for preventing future breaches. Families are encouraged to educate themselves about cybersecurity threats to protect against identity theft and fraud. Read more

917,000 User Records Exposed in Dating App Data Breach

Two dating platforms, Senior Dating and Ladies.com, have suffered significant data breaches, exposing personal records of over 917,000 users. Cybersecurity experts revealed that the breaches stemmed from unprotected Firebase databases that allowed unauthorised access to sensitive user information, including email addresses, personal photos, geographic locations, and other identifying details. <h2 class= "text-heading">Details of the Breach</h2> The issue was traced to poor security configurations that left the databases publicly accessible. Despite being alerted to these vulnerabilities months ago, the platform operators failed to act promptly. By the time the databases were secured, sensitive information had already been compromised, leaving users at risk of identity theft, fraud, and phishing attacks. The breaches also raise significant concerns about accountability, as both apps are now defunct, leaving no clear avenues for affected users to seek support. This lack of responsibility highlights a common problem in the dating app industry, where insufficient resources are often allocated to user data protection. <h2 class= "text-heading">Risks for Affected Users</h2> The leaked data puts users in a vulnerable position. Threat actors can exploit exposed information in several ways: 1. Phishing and Fraud: Scammers may target users with convincing messages to extract more personal or financial information. 2. Identity Theft: Personal details like names and locations can be used for malicious impersonation. 3. Reputational Harm: The sensitive nature of dating app profiles could be exploited for extortion or public embarrassment. <h2 class= "text-heading">Best Practices for Protection</h2> For individuals affected by the breaches—or anyone concerned about their online security—taking these steps is crucial: • Update Passwords: Change passwords for all accounts linked to the affected email addresses. • Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts. • Monitor Financial Activity: Keep an eye out for unauthorized transactions. • Be Wary of Phishing: Avoid clicking on suspicious links or sharing sensitive information with unknown senders. • Remove Unused Accounts: Regularly delete unused profiles to minimise exposure risks in future breaches. <h2 class= "text-heading">Industry-Wide Implications</h2> This breach highlights the broader issue of inadequate security practices in the online dating sector. With personal data being a cornerstone of these platforms, robust cybersecurity measures should be non-negotiable. Yet, this breach demonstrates that many platforms still fall short, leaving users exposed to significant risks. Governments and regulatory bodies are increasingly holding companies accountable for breaches under data protection laws like GDPR and CCPA. However, the incident involving defunct apps shows the difficulty of ensuring compliance and accountability when operators abandon their platforms. As digital interactions increasingly move online, especially for vulnerable groups like seniors, maintaining rigorous data security standards is essential. While Senior Dating and Ladies.com have secured their databases too late, users must remain proactive about their digital privacy. This incident serves as a stark reminder to vet the legitimacy of any platform handling sensitive information and to adopt best practices for online security. Read more

Fake Loan Apps Target 8 Million Android Users

A new cybersecurity threat has emerged, targeting Android users with apps disguised as financial tools but designed to exploit users through malicious practices. These predatory loan applications, dubbed “SpyLoan” apps, have infiltrated over 8 million devices worldwide, according to McAfee’s latest mobile research. They pose significant risks, including extortion, harassment, and severe financial losses. <h2 class= "text-heading">What Are SpyLoan Apps?</h2> SpyLoan apps are intrusive mobile applications that promise quick, easy, and low-interest loans with minimal requirements. While they may appear legitimate, their true intention is far from providing financial assistance. These apps exploit users by creating a sense of urgency through time-sensitive offers, preying on vulnerable individuals. Once installed, they request excessive permissions, allowing them to collect sensitive personal data and exert control over devices. Unlike traditional malware, SpyLoan apps operate in a legal gray area. They avoid detection by exploiting permission loopholes and sidestepping malicious code definitions. Consequently, many of these apps manage to bypass app store vetting processes, including those of the Google Play Store, further enhancing their credibility. <h2 class= "text-heading">The Scale of the Threat</h2> McAfee’s research uncovered 15 dangerous apps that collectively garnered over 8 million downloads globally. While Google has removed some of these apps from its Play Store, others were updated by their developers to appear legitimate. The persistence of these apps demonstrates the need for heightened vigilance among Android users. <h2 class= "text-heading">Risks Posed by SpyLoan Apps</h2> The consequences of downloading and using SpyLoan apps can be severe. Users risk falling victim to: • Data Theft: Personal information such as contacts, messages, and even financial details may be exfiltrated. • Privacy Violations: Collected data may be used to harass or extort users. • Financial Loss: False loan agreements can trap users in cycles of debt. Moreover, these apps exploit the lack of awareness surrounding cybersecurity threats. Their presence on the Play Store creates a false sense of security among users, further amplifying the problem. <h2 class= "text-heading">Symptoms of a Compromised Device</h2> Google has provided guidance to help Android users identify whether their devices have been compromised by malicious apps. Warning signs include: • A sudden decrease in device performance or storage capacity • Unexpected pop-ups and ads during browsing sessions • Changes to browser settings, such as altered homepages or search engines • Suspicious social media or email activity originating from your account If you notice these symptoms, immediate action is required to secure your device. <h2 class= "text-heading">How to Protect Yourself</h2> Google and cybersecurity experts recommend several steps to protect against SpyLoan apps and similar threats: 1. Turn On Google Play Protect: This feature helps identify harmful apps on your device. 2. Avoid Third-Party App Sources: Only download apps from trusted platforms like the Play Store. 3. Update Your Device: Ensure your Android operating system and security features are up to date. 4. Remove Suspicious Apps: Delete any unverified or untrusted applications. 5. Conduct Regular Security Checkups: Use available tools to identify vulnerabilities on your device. The rise of SpyLoan apps serves as a stark reminder of the evolving nature of cybersecurity threats. While the promise of quick financial assistance may be tempting, users must exercise caution, verifying the legitimacy of apps before installation. Staying informed and following best practices for device security are critical in protecting against these predatory tactics. If you suspect your device has been compromised, take immediate action to safeguard your information and prevent further exploitation. Read more

PropertyRecs Data Breach Exposes Over 600,000 Property and Personal Records

In a concerning cybersecurity incident, over 600,000 sensitive records were exposed due to a misconfigured database associated with PropertyRecs, an information service provider catering to real estate professionals. The breach highlights growing vulnerabilities in data security, leaving personal information of thousands at risk of exploitation. <h2 class= "text-heading">The Scope of the Data Exposure</h2> The exposed database contained detailed records, including property information, background checks, and vehicle details. Disturbingly, the compromised data also included sensitive personal identifiers such as: • Full names • Contact details (phone numbers and email addresses) • Home addresses • Criminal history Experts have identified that the root cause was a failure to secure an online database properly, rendering it accessible without authentication. While it is unclear if malicious actors accessed this data, the breach has sparked significant concern among cybersecurity experts and the affected individuals. <h2 class= "text-heading">Risks to Individuals and Businesses</h2> The exposure of sensitive data poses numerous risks, including identity theft, financial fraud, and reputational damage. Criminals often exploit such information to create convincing phishing schemes, impersonate individuals, or even target victims for scams. For businesses like PropertyRecs, the consequences extend beyond reputational harm. Companies responsible for safeguarding customer data face potential legal action and financial penalties under data protection laws such as the General Data Protection Regulation (GDPR) in Europe or state-specific laws like California’s CCPA. <h2 class= "text-heading">Lessons for Companies</h2> The PropertyRecs incident underscores the importance of prioritising cybersecurity, particularly for organisations handling vast amounts of personal data. Key measures that companies must adopt include: 1. Securing Databases: Implementing authentication protocols and encryption to ensure only authorised users can access sensitive data. 2. Routine Security Audits: Conducting regular vulnerability assessments to identify and address weak points in IT systems. 3. Employee Training: Equipping staff with the knowledge to recognise and mitigate potential cybersecurity threats. Experts also recommend a proactive approach, including data minimization, where only essential information is collected and stored. This reduces the volume of sensitive data at risk if a breach occurs. <h2 class= "text-heading">How to Protect Yourself</h2> If you suspect your information may be compromised in a data breach like this, there are several immediate steps to take: 1. Monitor Your Accounts: Keep a close eye on financial transactions and look for unusual activity. 2. Change Passwords: Update passwords for your accounts, especially if you reuse them across platforms. 3. Enable Two-Factor Authentication (2FA): Strengthen your account security by requiring additional verification methods. 4. Check for Phishing Attempts: Be vigilant about unsolicited emails or messages requesting sensitive information. Individuals affected by the PropertyRecs breach should also consider signing up for credit monitoring services to detect unauthorized activities linked to their identity. As investigations into the PropertyRecs data breach continue, this incident serves as a stark reminder of the growing threat of cybersecurity lapses. With cyberattacks and data breaches on the rise, both companies and individuals must remain vigilant, adopting measures to secure sensitive information. Read more

Google New Temporary Email Feature Aims to Reduce Spam and Enhance Privacy

In a bid to enhance user privacy and improve inbox management, Google is reportedly testing a new feature called Shielded Email. This tool is designed to allow users to generate temporary email aliases that help safeguard their primary email address from spam and unsolicited messages. The feature, currently in its development phase, promises to integrate seamlessly with Gmail and the broader Google ecosystem, offering a streamlined approach to tackling spam while bolstering data security. <h2 class= "text-heading">Understanding Shielded Email</h2> The concept behind Shielded Email is simple yet powerful. Users can create temporary email addresses that act as intermediaries, forwarding messages to their primary Gmail accounts. This eliminates the need to disclose one’s actual email address when signing up for services or newsletters, reducing the likelihood of spam, phishing attempts, and other privacy violations. Unlike third-party email aliasing tools such as Apple’s “Hide My Email,” Google’s solution appears to prioritize native integration and ease of use. This feature is reportedly accessible through the “Autofill with Google” settings, making it particularly user-friendly. By leveraging Google’s extensive platform, Shielded Email could become a go-to solution for millions of users already embedded in the Google ecosystem. <h2 class= "text-heading">How It Works</h2> The leaked information suggests that the feature will allow users to generate and manage these temporary email addresses directly within their Google account settings. Emails sent to these aliases will be seamlessly forwarded to the user’s primary inbox, ensuring continuity of communication without compromising privacy. Users can delete or deactivate these aliases at their discretion, providing a flexible way to manage their digital footprint. Additionally, Shielded Email may include options to limit the validity of an alias, such as setting expiration dates or restricting usage to specific contacts or services. These features would give users granular control over how their email addresses are shared and used. <h2 class= "text-heading">Benefits for Users</h2> The advantages of this feature are clear: 1. Reduced Spam: By shielding the primary email address, users can avoid unwanted emails from marketers or spammers. 2. Enhanced Privacy: Temporary email addresses limit exposure to phishing attempts and potential data breaches. 3. Convenience: Seamless integration into Gmail and Google’s Autofill settings simplifies the process of creating and using aliases. 4. Control: Users can deactivate or delete aliases at will, giving them greater control over their communication channels. While tools like Apple’s “Hide My Email” and third-party platforms such as ProtonMail offer similar capabilities, Google’s Shielded Email stands out due to its deep integration with Gmail, the world’s most popular email service. By eliminating the need for external apps or services, Google’s approach could make email aliasing more accessible to a broader audience. Although Shielded Email is still under development, its potential impact on email privacy and spam reduction is significant. If successfully implemented, this feature could redefine how users manage their online interactions, paving the way for a more secure and clutter-free email experience. As users become increasingly concerned about data privacy and digital security, features like Shielded Email underscore Google’s commitment to innovation in protecting user information. While no official release date has been announced, the anticipation for this feature is already high among Gmail users. Read more

Debt Relief Firm hit by Data Breach Exposing 1.5 Million People

Debt relief firm Set Forth, Inc. recently reported a significant data breach that exposed the personal information of over 1.5 million clients. The breach, identified in May 2024, compromised highly sensitive client details, including names, birth dates, Social Security numbers, and financial information. While specific methods used by attackers are unclear, Set Forth confirmed the breach through routine security monitoring, sparking immediate steps to contain and investigate the incident. The exposed information carries serious risks, with Social Security numbers and birth dates being particularly valuable to cybercriminals who may use such data for identity theft, fraudulent loans, and other malicious activities. Affected clients face potential long-term financial and reputational impacts. To address these risks, Set Forth has partnered with Cyberscout, a cybersecurity firm, offering identity monitoring services to affected clients free of charge. In response to the breach, Set Forth employed a team of forensic cybersecurity experts to analyze the scale of the incident, assess potential entry points exploited by the attackers, and determine the nature of the compromised data. The company also implemented cybersecurity enhancements to its systems, promising a stronger security framework and greater protection against future cyber threats. Further details on the specific measures were not disclosed, though the company highlighted ongoing efforts to bolster its security infrastructure. Data breaches have been on the rise, with companies that store sensitive financial and personal data becoming primary targets. For debt relief firms like Set Forth, whose clientele often includes individuals already navigating financial challenges, a breach can heighten stress and create additional financial hurdles. In light of this, experts recommend that impacted clients take immediate steps to protect their identities, such as placing fraud alerts on credit reports, setting up multi-factor authentication on financial accounts, and closely monitoring bank statements for unusual transactions. This incident highlights the vulnerability of financial services firms and the far-reaching consequences of cybersecurity failures. Experts note that data protection is paramount, especially in industries handling sensitive information. They urge financial institutions to prioritize proactive cybersecurity strategies, including robust encryption, regular audits, and employee training on phishing and malware threats. The case of Set Forth also underscores the value of transparency in addressing breaches, as prompt and honest communication helps clients take necessary precautions. Moving forward, Set Forth aims to rebuild client trust and reinforce its commitment to data security. While the identity protection services offered provide some assurance, it remains uncertain how soon affected clients will feel safe from potential threats. Set Forth’s experience serves as a reminder that even well-established firms can face significant cyber risks, emphasizing the need for ongoing diligence in the ever-evolving landscape of digital security. Read more

Extortion Scams: How to Protect Yourself When Scammers Use Your Personal Data

Cybercriminals are escalating their tactics, using personal data in extortion scams to frighten people into sending them money. In a particularly concerning scam, individuals report receiving emails from unknown senders that include alarming details like their name, address, phone number, and even an image of their home. This type of highly targeted scam, known as spear-phishing, is designed to make the threat feel personal, increasing the likelihood that the recipient will comply with the scammer’s demands. In these spear-phishing emails, scammers typically claim to have gained full access to the recipient’s device, often through malware. They may assert that they control the device’s microphone, camera, and keyboard and have downloaded sensitive data, like photos, browsing history, messages, and social media contacts. Finally, the scammer demands a ransom, typically in cryptocurrency, threatening to release the data or compromising photos unless payment is made. While these emails can be unsettling, understanding how scammers obtain this information — and knowing what to do if you’re targeted — can help you stay safe. <h2 class= "text-heading">Where Do Scammers Get This Information?</h2> Scammers gather personal information from multiple sources. Public records, data breaches, and social media accounts can all provide personal data that scammers then use to build a profile on their targets. When people share their location, family relationships, or frequent activities on social media, scammers can use these details to make their threats seem more credible. In some cases, scammers even use Google Maps’ street view to find an image of a person’s home after locating their address. Other tactics include purchasing compromised data on the dark web, where entire databases of personal information are frequently traded. <h2 class= "text-heading">What to Do If You’re Targeted</h2> 1. Stay Calm: The fear tactic is central to the scam. Staying calm can help you assess the legitimacy of the claims. Remember that scammers often use outdated or publicly accessible information and do not have control over your device. 2. Don’t Engage: Responding to the email can validate your contact information for scammers, potentially leading to further targeting. Avoid replying or paying any ransom. 3. Strengthen Your Security: If the email includes accurate information, take this as an opportunity to update your security practices. Visit sites like HaveIBeenPwned to check if your email or phone number has been part of a breach. If so, change your passwords immediately and consider using a password manager to maintain unique passwords across accounts. Enabling two-factor authentication (2FA) is also highly effective for preventing unauthorized access. 4. Report the Scam: In the UK, you can report phishing emails to report@phishing.gov.uk. Reporting these scams helps authorities track and address fraudulent activity. 5. Be Mindful of Online Sharing: Keep your social media profiles private, avoid sharing overly personal details publicly, and consider using temporary email addresses for website registrations. Tools like Apple’s “Hide My Email” can help minimize exposure. In a digital age, where our personal data is more accessible than ever, remaining vigilant is essential. Taking precautions, such as limiting public sharing, using strong passwords, and knowing how to react to extortion attempts, can help you safeguard your data and feel confident against online threats. If you suffer financial loss from a scam, contact your bank immediately and report the incident to authorities for further assistance. Read more

What is Vishing and How to Protect Youself

In today’s digital world, scammers are always evolving their tactics to deceive individuals, and one of the most alarming methods is “vishing.” This sophisticated attack preys on the trust and vulnerability of individuals by using voice calls to steal sensitive information, and it’s becoming increasingly common. But what exactly is vishing, and why is it so dangerous? More importantly, how can you protect yourself from these fraudsters? <h2 class= "text-heading">What is Vishing?</h2> Vishing, short for “voice phishing,” is a type of social engineering attack where criminals use voice calls to trick victims into divulging personal information, such as passwords, credit card details, or social security numbers. Just like email-based phishing attacks, vishing relies on creating a sense of urgency or fear in the victim, pushing them to act quickly without verifying the legitimacy of the request. The attackers usually impersonate trusted institutions like banks, tech companies, government agencies, or even popular services such as Google or Microsoft. They might claim there’s a problem with your account, warn you about suspicious activity, or offer a refund, all to manipulate you into providing sensitive information over the phone. These calls can appear incredibly convincing, often using technologies like caller ID spoofing to make it seem like they’re calling from legitimate numbers. <h2 class= "text-heading">The Dangers of Vishing</h2> Vishing attacks can be highly damaging for several reasons: 1. Trust and Authority: Attackers often pose as representatives of legitimate organisations, making the victim more likely to trust them. They might even use the official phone numbers of banks, tech companies, or government agencies, creating a sense of authority that pushes the target to comply. 2. Real-Time Interaction: Unlike phishing emails, which can be flagged or ignored, vishing involves real-time interaction. This puts pressure on the victim to act immediately, often leaving little time for second thoughts or fact-checking. 3. Sensitive Information: Scammers are often after highly sensitive information, such as financial details, account login credentials, or even access to computer systems. In many cases, victims may not realise they’ve been scammed until after their accounts have been compromised, at which point it may be too late. 4. Emotional Manipulation: Vishing attackers often use emotional manipulation to scare their targets. They might claim that if the victim doesn’t act immediately, they could lose money, be fined, or face legal trouble. This fear-based approach is highly effective, particularly with vulnerable individuals, such as the elderly. <h2 class= "text-heading">Real-Life Example: Spoofing Google’s Phone Number</h2> One particularly alarming vishing technique involves scammers spoofing Google’s phone number and domain, making their attacks seem even more believable. Here’s how such a scam typically unfolds: The victim is alerted that someone wants to access or has already accessed their Gmail account. The prompt is followed shorty by a phone call with Google’s legitimate number. On the phone, the victim will discuss with a “Google representative”, which in reality is just an AI voice following a script set by the scammer. To make the situation more convincing, the scammer might refer the victim to a fake Google support website (which looks identical to the real one) to “verify” the details. They might ask the victim to confirm their account information, give out a one-time verification code, or even provide remote access to their device for “security” purposes. In this heightened state of fear, the victim may comply without thinking, effectively handing over full control of their account. This type of vishing scam is particularly dangerous because of how closely it mimics a legitimate interaction with a trusted company. The attackers take advantage of the fact that Google is a company millions of people interact with every day, and most users are already wary of cybersecurity threats. By spoofing Google’s phone number and directing victims to a near-perfect replica of its website, scammers add a veneer of authenticity that makes it incredibly difficult to detect the fraud. <h2 class= "text-heading">How to Protect Yourself from Vishing</h2> Protecting yourself from vishing requires a combination of skepticism and practical steps: 1. Verify the Caller: If you receive an unexpected call from a company or organisation, don’t provide personal information right away. Hang up and call the official customer service number found on the company’s website to verify the legitimacy of the request. 2. Don’t Rely on Caller ID: Caller ID can be easily spoofed. Even if the number appears to be from a legitimate source, always double-check before giving away sensitive information. 3. Avoid Immediate Action: Scammers often create a sense of urgency. If a caller demands immediate action or asks for sensitive information, it’s a red flag. Take your time to verify the request. 4. Do Not Share Sensitive Information: Never share passwords, bank details, or one-time verification codes over the phone unless you’re absolutely sure who you’re speaking to. 5. Report Suspicious Calls: If you suspect you’ve received a vishing call, report it to the company the scammer was impersonating, as well as to your local fraud reporting agencies. This helps authorities track and mitigate these scams. Vishing is a serious and growing threat in the digital age, with scammers using ever more convincing tactics to trick people into revealing sensitive information. By being aware of how vishing works, understanding the dangers, and following best practices for avoiding these scams, you can better protect yourself from falling victim to such attacks. Always stay vigilant, question unexpected calls, and prioritize your privacy and security above all. Read more

Job Scams on the Rise: Fake Headhunted Job Offers Target Job Seekers

In recent months, cybercriminals have developed a new way to scam job seekers by impersonating recruiters or headhunters, offering fake job opportunities that turn out to be traps. These schemes involve phishing emails, fake job postings, and fraudulent recruitment processes, all designed to steal personal information or money from unsuspecting applicants. <h2 class= "text-heading">How the Scam Works</h2> It starts when a job seeker receives an unsolicited job offer from what appears to be a legitimate recruiter or hiring manager from a well-known company. These offers often come through professional networking sites like LinkedIn or via email, making them seem even more convincing. The scammers present an opportunity that is hard to resist, typically offering high salaries or prestigious roles, even though the applicant may not have applied for the position. After the initial contact, the scam proceeds with a “recruitment” process that may include interviews, forms, or requests for personal information. In some cases, the scam involves fake job portals or websites that resemble those of real companies. Victims may be asked to provide sensitive personal details such as their Social Security number, bank account information, or other identification. Some scammers go even further, asking for payment to cover costs for things like background checks, training materials, or application fees. Once the payment is made, or sensitive information is shared, the victim is left with nothing—no job offer and, in many cases, stolen funds or compromised identities. <h2 class= "text-heading">Impact on Job Seekers</h2> The emotional and financial toll on victims can be significant. Many job seekers invest considerable time and effort in the process, only to realise too late that they’ve been tricked. Beyond the loss of money, victims may also face identity theft or financial fraud, which can take months or even years to recover from. This can have lasting effects on their credit scores and financial well-being. In addition to the direct harm to job seekers, these scams also damage the reputation of legitimate companies that are impersonated by scammers. The presence of fake job offers makes it harder for genuine recruiters to reach potential candidates, as job seekers become more cautious about responding to unsolicited offers. <h2 class= "text-heading">Protecting Yourself From Job Scams</h2> To avoid falling victim to these fraudulent schemes, it’s important for job seekers to be vigilant. Here are some tips to protect yourself: 1. Verify the Job Posting: If you receive an unsolicited offer, always check the company’s official website or contact them directly to confirm that the offer is real. 2. Avoid Sharing Personal Information: Never share sensitive details like your Social Security number, bank account information, or personal identification until you have verified the legitimacy of the job offer. 3. Research the Recruiter: If you’re contacted by a recruiter, look them up on LinkedIn or other professional platforms to ensure they are genuine. 4. Be Skeptical of Fees: Legitimate companies will not ask you to pay for background checks or application processes. If you’re asked to send money for any reason, it’s likely a scam. 5. Check for Red Flags: Be cautious of job offers that seem too good to be true, use poor grammar, or come from generic email addresses. Job scams are becoming increasingly sophisticated, targeting those who are actively looking for work or even those who aren’t but appear to be a good fit for fake job opportunities. Always be cautious when responding to unsolicited job offers, and remember that if something seems too good to be true, it probably is. By staying informed and vigilant, you can protect yourself from falling into a trap set by these cybercriminals. Read more

Scammers Target Florida Hurricane Victims with Fake FEMA Aid and Malware

In the wake of devastating hurricanes in Florida, scammers are exploiting victims by posing as FEMA officials. These cybercriminals are sending fraudulent emails and text messages that claim to offer disaster relief assistance, but instead, they trick recipients into downloading malware or sharing sensitive personal information. <h2 class= "text-heading">How the Scam Works</h2> The scammers start by sending out emails or text messages that appear to be from FEMA or other official disaster relief organizations. These messages promise financial aid, housing assistance, or other forms of relief. Often, they contain links that claim to direct victims to official FEMA websites or forms to apply for disaster relief. However, instead of leading to legitimate government resources, the links download malware or redirect users to phishing websites. Once the malware is downloaded, it can infect the victim’s computer or smartphone, stealing sensitive data like passwords, credit card information, and bank account details. In other cases, the phishing websites ask victims to enter their personal information, such as Social Security numbers, addresses, and financial details, which are then harvested by scammers for identity theft or financial fraud. <h2 class= "text-heading">Why Victims Are Vulnerable</h2> Hurricane victims are particularly vulnerable to these scams due to the urgency and confusion surrounding disaster relief efforts. Many people are desperate for assistance and may not think twice before clicking on a link that promises help. Additionally, in times of crisis, people are more likely to trust communications that appear to come from trusted organizations like FEMA. Scammers exploit this trust and take advantage of the chaos that follows natural disasters. <h2 class= "text-heading">How to Protect Yourself</h2> It’s essential for hurricane victims and those in disaster-stricken areas to be cautious when receiving unsolicited communications, especially if they contain links or ask for personal information. Here are some tips to protect yourself from these scams: 1. Verify the Source: Always verify that the communication is from a legitimate source. FEMA and other government agencies will never ask for personal information via unsolicited emails or text messages. Instead, visit their official website directly. 2. Don’t Click on Suspicious Links: If you receive an email or text with a link to apply for disaster relief, avoid clicking it. Instead, go directly to the official FEMA website to find out how to apply for assistance. 3. Watch Out for Red Flags: Be cautious of urgent messages that claim you need to act immediately. Scammers often create a sense of urgency to push people into making quick decisions without thinking. 4. Use Trusted Communication Channels: Always apply for disaster relief using official channels. FEMA will provide information through legitimate websites or phone numbers. If you’re unsure, call FEMA’s official hotline to verify any communication. 5. Report Fraudulent Activity: If you suspect you’ve been targeted by a scam, report it to the Federal Trade Commission (FTC) or your local law enforcement. To further protect people from being taken advantage of, <a href= "https://sentrya.net" class= "content-link">Sentrya</a> offers free email protection which blocks scams and phishing emails from reaching your inbox. If you, or someone you know has been affected by the hurricane, and want to take steps into keeping your email secure, reach out to me <a href= "mailto:claudiu@sentrya.net" class= "content-link">here</a> to get a free upgrade on your Sentrya account. As hurricane victims try to rebuild their lives, it’s unfortunate that scammers are looking to exploit their vulnerability. By staying informed and cautious, individuals can protect themselves from falling victim to these fraudulent schemes. Always verify the legitimacy of any offers for assistance, and never share personal information with unverified sources. Read more

MoneyGram Confirms Data Breach: Sensitive Customer Information Exposed

MoneyGram, a global leader in the money transfer industry, recently confirmed a serious data breach that exposed sensitive customer information, including Social Security numbers (SSNs) and other personal data. This alarming development has raised concerns over the company’s data security measures and the potential risks for identity theft and fraud faced by affected customers. <h2 class= "text-heading">Details</h2> The breach, which was discovered by MoneyGram’s security team, involved unauthorized access to the company’s systems. Although the full scope of the breach is still being investigated, it’s clear that a significant amount of customer data was exposed. Among the information compromised were Social Security numbers, addresses, and details of money transfer transactions. These are all highly sensitive data points that, when in the wrong hands, can be used for a variety of malicious activities such as identity theft, opening fraudulent accounts, or even financial manipulation. <h2 class= "text-heading">MoneyGram’s Response</h2> Upon discovering the breach, MoneyGram quickly notified affected customers and began collaborating with cybersecurity experts to contain and investigate the situation. The company has also launched an internal investigation to understand how the breach occurred and to prevent future incidents. In the meantime, they are providing customers with credit monitoring services and identity theft protection tools at no cost, encouraging users to remain vigilant and monitor their financial accounts closely. To strengthen its security infrastructure, MoneyGram has implemented several new security measures aimed at preventing unauthorized access in the future. These measures include enhanced encryption, more rigorous authentication protocols, and stricter access controls for employees handling sensitive data. <h2 class= "text-heading">The Growing Threat of Cyberattacks on Financial Institutions</h2> This breach is part of a larger trend of increasing cyberattacks targeting financial institutions, where sensitive data such as personal identification and financial transactions are highly prized by cybercriminals. With the rise of sophisticated hacking methods, companies like MoneyGram are constantly being targeted due to the vast amount of personal and financial information they handle daily. Experts warn that financial institutions need to be proactive in their cybersecurity efforts by continuously updating their security protocols, educating employees on potential threats, and investing in advanced security technologies. Failing to do so can result in more breaches, eroding customer trust and exposing the institution to significant financial and legal repercussions. <h2 class= "text-heading">What You Can Do</h2> If you were affected by the breach, it’s important to take immediate steps to protect your personal data. This includes changing passwords for online accounts, signing up for credit monitoring, and watching out for suspicious activity or transactions. It’s also a good idea to place a fraud alert or credit freeze on credit reports to prevent identity theft. You should also be wary of phishing attempts in the wake of the breach, as attackers may use stolen information to craft convincing fraudulent emails or phone calls. To protect against these potentials attacks, you can use services like <a href= "https://sentrya.net" class= "content-link">Sentrya</a>, which can block all types of scam and phishing emails from reaching your inbox. The MoneyGram data breach is a stark reminder of the vulnerability of financial institutions to cyberattacks. While the company is taking steps to address the breach and protect customers, the incident highlights the importance of strong cybersecurity measures in today’s digital world. As threats continue to evolve, both businesses and consumers need to remain vigilant to protect sensitive data from falling into the wrong hands. Read more

Bringing Permission Based Emailing Rules to Gmail

My name is Claudiu, a Data Protection Specialist and founder of Sentrya, a web app that helps people eliminate spam, scams, phishing, and junk emails through permission-based emailing rules. It also simplifies the process of removing personal information from the web and from data brokers. <h2 class= "text-heading">Why I Started Sentrya</h2> I remember my first email from over 15 years ago – a cringe-worthy Yahoo! account I made for Yahoo Messenger. By 18, I switched to Gmail for a more professional email but soon found myself flooded with spam, including the infamous Nigerian Prince scams. Even though I always unsubscribed from unwanted emails, spam kept coming, and I became obsessed with checking and deleting emails constantly. In 2019, after entering the Data Protection industry, I learned how companies mishandle user data, selling or sharing it cheaply with third parties, including scammers. That’s when my passion for protecting personal data grew, and Sentrya was born. <h2 class= "text-heading">How Sentrya Differs</h2> All email providers have spam filters, but it’s a never-ending "cat and mouse" game. Spammers continually find ways around filters, no matter how advanced they are. Gmail, for example, updates its filters regularly, but spammers change tactics just as fast. Realising this wasn’t sustainable, I sought a simpler solution. The key insight? Most people only need emails from a handful of contacts; the rest are redundant. That’s how <a href= "https://sentrya.net" class= "content-link">Sentrya</a>’s permission-based email filtering (whitelisting) was developed to stop junk at the source. <h2 class= "text-heading">How Sentrya Works</h2> Sentrya’s core feature is permission-based emailing rules. It scans your inbox, identifies your contacts, subscriptions, and interactions, and allows you to whitelist only the senders you need. To counter new scams, even from legitimate providers like Gmail or Yahoo, <a href= "https://sentrya.net" class= "content-link">Sentrya</a> also lets users whitelist personal contacts. The result? I went from 250 emails (and 60 spam) a week to just 20 important emails and zero spam. It’s been over a year, and now I only get notified for important messages. <h2 class= "text-heading">Can You Set Up Permission Rules Yourself?</h2> Yes, you can. I’ve shared the steps on my blog, but here’s the gist: - List the services and subscriptions you still need - In Gmail, use the filter icon to input this list in the "Doesn’t have" field (format: {(from:sender1 OR from:sender2 OR from:sender3)}) - Set the filter to delete any emails not from these whitelisted senders While this works, it can be time-consuming. Sentrya simplifies the process, saving you hours of research, manual filtering, and maintenance. With <a href= "https://sentrya.net" class= "content-link">Sentrya</a>, it takes just 15 minutes to set up a comprehensive and automated system. <h2 class= "text-heading">A Long-Term Solution</h2> Spam, scams, and junk can overwhelm your inbox, causing many people to give up on email altogether. Permission rules give you the space to regain control of your inbox. Additionally, companies often sell or share users’ data, increasing your risk of being exposed in a breach. A long-term solution involves sending deletion requests to companies holding your data to ensure they have nothing to sell or expose. Removing your info from data brokers is another step to protect your digital footprint. Sentrya offers three plans: - Free: For setting up basic permission rules - Base ($12/month or $72/year): Offers comprehensive permission rules and helps remove personal data from the web - Pro ($15/month or $96/year): Includes everything in Base, plus data removal from over 200 brokers and monthly breach reports Both paid plans include a 14-day free trial, so you can try it risk-free. To learn more, visit <a href= "https://sentrya.net" class= "content-link">sentrya.net</a>. Thank you❤️ Read more

New Email Scam Uses Pictures of Your House

There is a new type of scam out there, and things are getting scarier. And since our personal information continues to float freely on the web, personalised scams are even easier to conduct, this time including pictures of our houses. <h2 class= "text-heading">What’s This Scam About?</h2> Scammers send emails that claim they’ve hacked into your computer or phone. They say they’ve stolen important personal information and threaten to leak it or do something harmful unless you pay them money. These scammers are sneaky because they often ask for payment in cryptocurrency, which makes it harder to trace. But what makes this scam even scarier is that the emails now include pictures of your actual house! They use publicly available information or data exposed in data breaches, and take pictures from online sources, like Google Street View. All this information is used to make the scam look like a successful hack, in order to frighten you into thinking they really have access to your private life. <h2 class= "text-heading">Why This Scam Is So Scary</h2> Getting an email like this can feel very personal and threatening. After all, seeing a picture of your own home in a scam email makes it seem like the scammer knows a lot about you. It might make you worry that they’ve actually hacked into your devices or have dangerous information. However, it’s important to remember that these scammers are just using tricks to scare you. The truth is that these scammers don’t have any control over your devices, and the picture of your house is something anyone can find on the internet. This is just another way they try to fool people into paying them money. <h2 class= "text-heading">How to Stay Safe</h2> Even though this scam can feel scary, there are a few simple things you can do to protect yourself: 1. Don’t Respond: If you get an email like this, don’t reply to it. The scammers are hoping that by contacting them, you’ll fall deeper into their trap. 2. Don’t Pay: No matter what they say, don’t send them money. These scammers lie, and paying them won’t make the problem go away. Instead, it might make them try to scam you again. 3. Don’t Click on Any Links: These emails might have links or attachments. Don’t click on them! They could be dangerous and might infect your computer with malware. 4. Report It: You should report the email to the proper authorities, like the Federal Trade Commission (FTC), to help spread the word about the scam. 5. Be Careful with Public Information: Remember that a lot of information about you, like pictures of your house, is available online. While you can’t control everything on the internet, it’s important to know what’s out there. <h2 class= "text-heading">What to Do If You’re Worried</h2> If you’re feeling nervous after getting an email like this, talk to someone you trust. It could be a family member or friend who can help you stay calm and think clearly. There are also many sources online which can help you figure out if an email is legitimate or a scam attempt. It’s always a good idea to check your online security settings and make sure your devices are protected with strong passwords and updated software. Scammers are always coming up with new ways to trick people, but by staying alert and knowing what to look out for, you can keep yourself safe. If you ever get a suspicious email, remember that you don’t have to deal with it alone. Stay safe ❤️ Read more

Sniper DZ Phishing as a Service

Cybercriminals are increasingly using a service called Sniper Dz to launch phishing attacks, which trick people into giving away personal information like usernames and passwords. Sniper Dz offers free phishing tools (Phishing as a Service or PaaS), making it easy for anyone - even those without strong technical skills - to set up fake websites that look like real ones, such as Facebook, PayPal, and Netflix. Phishing is a type of cyberattack where criminals create fake login pages to steal personal information when people try to log in. Once attackers collect the details, they can use them to hack into real accounts and commit further crimes. Sniper Dz operates mainly through Telegram channels, offering easy access to phishing templates that users can customise and deploy in their attacks. One reason this platform is so concerning is that it allows almost anyone to become a cybercriminal. Since the phishing kits are pre-built, attackers don’t need to know how to code or build their own websites. They simply copy the provided templates and trick unsuspecting people into handing over sensitive information. This has led to over 140,000 attacks, affecting users all around the world. The creators of Sniper Dz not only give away free phishing kits but also sell premium versions for more advanced attacks. They regularly update their phishing templates to stay ahead of security measures, making it harder for companies to protect their users. The growing use of these tools highlights the importance of staying vigilant online. People should always double-check website URLs before entering login information, especially if they arrive at a site through a suspicious link. Companies can also help by educating their users and using stronger security measures like two-factor authentication to make it harder for hackers to gain access to accounts. Read more

Spam Bombs Everything You Need to Know

Spam bombs, also known as spam attacks, are a type of attack where a scammer sends you 100s or 1000s of emails in a matter of seconds or minutes, in an attempt to flood your inbox. <h2 class= "text-heading">How do they work?</h2> Scammers will either gather your personal information from publicly available sources, or will simply buy this information from hackers. They will gather information like your full name, email address, phone number, physical address and bank details. Besides all this, they will also collect information about your PayPal account, Amazon, eBay or any other e-commerce account they can get their hands on. <h2 class= "text-heading">What happens next?</h2> Once they have all your info available, the next step is simple and obvious - they will go on a shopping spree with your money. This really depends on what info they found, so let’s take them one by one. In case they got access to your PayPal account, they will use it at the checkout on whatever retail website they want. If they got into your Amazon, eBay or other shopping account, it’s most likely you have your payment info saved there, so this will make it even easier for them to shop. <h2 class= "text-heading">What are the signs of a spam bomb?</h2> These scammers are pretty smart. They know that you will get an email confirmation after every purchase, so the next step is to flood your inbox with junk. Like I said, they have automations in place that enables them to send you 1000s of emails in just a few minutes. This is done to make it as hard as possible for you to find that legitimate email among the mass of spam. It’ll be like trying to find the needle in the haystack. It’s almost impossible to go through over 1000 emails in time to stop and cancel their order, and they take advantage of this. Finding 1000 unread emails in your inbox, does create a sense of panic, and because of this, all logic goes out the window, which is exactly what the scammer wants. They just play with your mind to get as much time as possible to finalise their transactions. But it’s important to keep calm and understand what’s going on. If this happens to you, and you manage to catch it in time (if the spam hasn’t stopped yet), then you can still put a stop to them. <h2 class= "text-heading">What can you do?</h2> There are a few things you can do if this happens to you: 1. Check all your accounts (bank, PayPal, Amazon, eBay etc) and see if there are any suspicious or unknown transactions 2. Go through the emails in your inbox and try to find one related to a purchase, transaction or funds transfer you don’t recognise <h2 class= "text-heading">How can you prevent this?</h2> There are 3 important things you can do to reduce the risk of going through a spam attack: 1. Delete your personal information from old accounts you don’t use - this will prevent your data from getting into the hands of hackers and scammers 2. Delete your info from data brokers - as you may know, data brokers collect, buy and sell people’s personal data. This information is incredibly cheap, and can also be bought by bad actors 3. Secure your inbox by whitelisting senders you need - this rule will help you remove any spam or junk from your inbox, while keeping only the important emails. This way, even if you get 1000 spam emails, they will be automatically deleted, and that one important email will be a lot easier to find A much easier way of protecting against spam bombs/attacks, is <a href= "https://sentrya.net" class= "content-link">Sentrya</a>. Sentrya makes it really simple for you to close old accounts and delete your information from any company in the world, remove your data from data broker’s data base, and whitelist your favourite senders. I am the perfect example of how well <a href= "https://sentrya.net" class= "content-link">Sentrya</a> works, because: - I went from getting over 300 emails in a week (including spam and junk) to only 25 important emails - I deleted over 3000 old emails in 2 minutes - I removed my data from over 20 old services - I deleted my information from over 40 data brokers (so far - still have about 160 to go through) You can use <a href= "https://sentrya.net" class= "content-link">Sentrya</a> for free for 14 days, and the monthly subscription is less than your daily Starbucks :) Thank you for reading this, and I hope it will better prepare you in case you’ll be going through a spam attack. Don’t forget to share it with your friends - you never know who you’ll help. Stay safe❤️ Read more

Bank Impersonators Targeting Consumers Amid New Law

UK’s Payment System Regulator is working to introduce a new mandatory reimbursement scheme on 7th October 2024, which will help consumers get their money back (£85.000 instead of the initial £415.000 proposed) from the banks if they fall victims to scams and fraud. As with any news worthy information, scammers are on top of this, and are now targeting consumers with elaborate and well crafted phishing emails and cloned websites. <a href= "https://www.which.co.uk/news/article/watch-out-for-fake-messages-about-the-new-fraud-refund-scheme-aUGX60T0rhjd" class= "content-link">Which?</a> has issued a public alert about this new phishing related to the new fraud reimbursement scheme. According to Which?, scammers target consumers with well designed phishing emails (including bank’s brand identity), inviting people to confirm their mobile number in order to get notified of any transactions carried out of their accounts. Once people access the link, they are redirected to a clone of the bank’s real website. This is done in order for people to lower their guard and reveal as much information as possible to the scammers. The scam comes from a different domain than the original one, and based on Which?’s findings, the email came from “dilbect@kolumbus.fi”. This is a positive aspect, as it makes it easier for us to make the distinction once we dig a bit deeper. Since legitimate domains are very difficult to spoof (if they have the security measures in place), 99% of the time, scammers will use their own domains for these attacks. In this case, Permission-Based Emailing (aka Whitelisting) will keep you safe. Permission-Based Emailing enables you to select the senders you need and trust, which will keep their emails in your inbox, while everything else will get deleted. If you want to set this up for your email, I wrote an <a href= "https://blog.sentrya.net/2/How-to-clean-your-inbox-and-improve-your-privacy" class= "content-link">article</a> that goes through the whole process step-by-step. In case you’re looking for a quicker and easier way of setting it up, you can try <a href= "https://sentrya.net" class= "content-link">Sentrya</a> (for free for 14 days). With <a href= "https://sentrya.net" class= "content-link">Sentrya</a>, you can: - Find which companies have and process your information - Build, update and manage your Email Permissions (Whitelist) - See the spam and scams discovered in your inbox -Delete your data from the web and from data brokers, and much more I hope this brings some clarity into this new type of phishing email, and will make it easier for you to protect against them. Stay safe❤️ Read more

Slim CD Credit Card Hack Exposes 1.7 Million Consumers

In a world where we rely on credit cards for nearly everything, it’s crucial to keep our personal information safe. But sometimes, even when we think we’re careful, things can go wrong. That’s what happened recently when a credit card payment processor called Slim CD was hacked, which exposed sensitive information of nearly 1.7 million people. This hack happened between August 2023 and June 2024, during which hackers got access to the names, addresses, and credit card details of Slim CD’s customers. That’s a lot of information in the wrong hands! So, what can you do if you’re one of the 1.7 million people affected by this hack? First, keep a close eye on your bank and credit card statements. Look for any charges that you don’t recognise, even if they’re small. Sometimes, scammers will test the waters with a small charge before they try something bigger. If you see anything suspicious, report it to your bank right away. It might also be a good idea to place a fraud alert or freeze your credit. A fraud alert will make it harder for someone to open a new credit account in your name, while a credit freeze will stop it altogether. These steps can give you extra peace of mind in case your information was stolen. Unfortunately, this isn’t the first time something like this has happened, and it won’t be the last. Cyberattacks are becoming more common, especially against financial institutions. It’s a good reminder that we all need to stay vigilant and protect our personal information as best we can. While this hack is alarming, taking steps to monitor your financial accounts and protect your credit can help reduce the risk of identity theft. As technology evolves, so do the methods used by cybercriminals, making it more important than ever to stay informed and prepared. Stay safe❤️ Read more

Cheating Partner Phishing Email Targeting Gmail and Outlook Users

Phishing emails aren’t anything new. But scammers always find ways to take advantage of people. And this one is no different. A new type of phishing email is targeting Gmail and Outlook users, where you are informed that your partner was caught cheating. To make it even more credible, scammers use breached information they find online (full legal name, emails, address, pet names - anything they can get their hands on). One of the recipients mentioned: “They have used our full names (even my second last name that I barely use anywhere) and I am not sure how they found this information. I am pretty sure it's a scam but I couldn't find any information on this online.... anyone had this happen to them? It's so creepy. The email claims to be from a cybersecurity company, that “found” a data breach containing proof that the husband or wife was caught cheating, and is used by other threat actors. The email appears like this: “[Spouse's name] is cheating on your. Here a proof. As a company engaged in cyber security we've found information to [Spouse's name] that interest you. We made a full backup of his disk (We have all his address book, social media, history of viewing sites, dating apps, all files, phone numbers, and addresses of all his contacts) and are willing to give you full access to this data. For more details visit our website.” As Dan Sexton (Chief Technology Officer at <a href= "https://www.iwf.org.uk" class= "content-link">Internet Watch Foundation</a>) said, “this is a public health epidemic”. Everyone responds differently to scams, and unfortunately, there are people that believed they hit rock bottom and couldn’t cope with the stress, and eventually lead to suicide - at least 3 teenagers have committed suicide after being threatened through sextorsion by a group of men calling themselves the “Yahoo Boys”, which have targeted thousands of people in UK and hundreds of thousands globally. What can you do to prevent this type of attack, or protect against it? In terms of prevention, I believe it is impossible, or almost impossible. The reason I say this is because our personal information floats constantly on the internet, companies collect massive amounts of data, and data breaches have become an inevitability - take the latest example of a very big breach on <a href= "https://blog.sentrya.net/3/Breach-on-NationalPublicData" class= "content-link">NationalPublicData</a> that affected millions of Americans. But to protect against these attacks, I have a few recommendations: 1. Delete your personal information from old accounts or subscriptions - you can ensure that your information doesn’t get exposed when they go through a data breach 2. Delete your information from data brokers - these brokers are know to collect people’s data from public sources, as well as not so public, so it’s a good idea to get a clean slate 3. Do not access links in weird emails - there are high chances that they contain malware or are used to hook your browser to collect even more info about you This is the exact reason why I built <a href= "https://sentrya.net" class= "content-link">Sentrya</a> - to protect against these attackers, and clean up my inbox at the same time. So if you’re interested in finding out more about it, check it out <a href= "https://sentrya.net" class= "content-link">here</a>. Stay safe❤️ Read more

New QR Code Scam

Police are warning people about a new scam that uses QR codes in order to get access to all the information on your phone, from credit card information, pictures, phone numbers saved, to your bank information. <h2 class="text-heading">How the QR Code Scam Works</h2> Scammers send you ‘free’ gifts in the mail, making it look like it comes from a legitimate big company that you can easily recognise, and will also include a QR code. The package can also include your full name and address, to give you a false sense of security, but we all know by now that this information is easily accessible due to <a href="https://blog.sentrya.net/3/Breach-on-NationalPublicData" class="content-link">data breaches</a> and <a href="https://blog.sentrya.net/1/Who-is-selling-your-data" class= "content-link">data selling</a>. Once you scan the code, there are 2 possibilities: 1. You get redirected to a legitimate looking web page to continue the ruse and potentially ask you for more information 2. Redirect you to an error page that you can easily dismiss Either way, once you get there, all the information in your phone will be sent directly to the scammer, and depending on the type of info they gather, they can either send you more elaborate scams, or get straight to the point and steal the money from your accounts. To protect yourself and reduce the risk of becoming a victim to scams, be mindful of unsolicited packages or ‘free’ gifts, do not scan the QR codes from these packages, and verify the legitimacy of the delivery directly with the company that sent it to you before taking further action. Read more

Uber Fined By Dutch Data Protection Agency

Uber, the popular ride-hailing company, was recently fined €3.7 million (about $4 million) by the Dutch Data Protection Agency (DPA). The fine was given because Uber didn’t protect its drivers’ personal data properly in the Netherlands. This issue raises bigger questions about how companies handle our sensitive information. <h2 class="text-heading">What Did Uber Do Wrong?</h2> The trouble began in 2016 when hackers broke into Uber’s systems, stealing the personal information of millions of drivers and users worldwide, including in the Netherlands. This information included names, email addresses, phone numbers, and even driver’s license numbers. Instead of telling the authorities and the people affected right away, Uber kept the breach secret for over a year. They only admitted it when regulators pressured them. Under European Union rules known as the General Data Protection Regulation (GDPR), companies must report data breaches within 72 hours and inform affected people quickly. Uber’s delay not only led to the fine but also hurt its reputation, showing why data protection is so important. The Dutch DPA said that the fine was necessary to show companies that they must take data protection seriously. Companies must follow GDPR rules, report breaches quickly, and let people know if their information has been compromised. <h2 class="text-heading">Why This Matters for Companies and Consumers</h2> This fine is a big reminder for all companies in the EU about the serious risks of not following GDPR rules. GDPR gives people more control over their data and forces companies to protect that data. For everyday people, this incident highlights the need to be aware of how companies use your personal information. GDPR lets you ask companies what data they have on you, request its deletion, and learn how it’s used. But dealing with big companies like Uber can be confusing and difficult. Incidents like the Uber breach make many people wonder how they can better protect their personal information. That’s where <a href="https://sentrya.net" class="content-link">Sentrya</a> comes in. Sentrya is a tool for personal Gmail users that helps you manage your data across different platforms, including Uber. With <a href="https://sentrya.net" class="content-link">Sentrya</a>, you can easily see which companies have your information and take steps to delete. If you’re worried about your data on Uber, <a href="https://sentrya.net" class="content-link">Sentrya</a> can help you send requests to remove or correct it according to GDPR and other privacy laws. <a href="https://sentrya.net" class="content-link">Sentrya</a> simplifies the process of managing your digital presence, allowing you to decide who has access to your information and how it’s used. Using Sentrya helps you protect your privacy and keeps your personal data safe from breaches. <h2 class="text-heading">Tips to Keep Your Data Safe</h2> In addition to using Sentrya, here are some tips to protect your data when using services like Uber: 1. Use Your GDPR Rights: If you live in the EU, ask companies for access to your data and request its deletion if needed. Sentrya makes this easier. 2. Adjust Privacy Settings: Check and update the privacy settings on your Uber account and other platforms regularly. Share only what’s necessary. 3. Stay Alert to Data Breaches: Pay attention to news about data breaches that might affect you. If a breach happens, change your passwords and keep an eye on your accounts. 4. Use Strong Passwords: Create unique, strong passwords for each of your accounts. A password manager can help keep track of them. 5. Review Your Data Regularly: Look at which companies have your personal information and consider deleting accounts or data you don’t use. Sentrya can help with this. Uber’s fine from the Dutch DPA shows why data privacy matters and why companies must follow GDPR rules. As more people become aware of their rights and the dangers of data breaches, it’s important to take steps to protect your personal information. <a href="https://sentrya.net" class="content-link">Sentrya</a> offers an easy solution for people looking to manage and secure their data, especially in today’s world where data breaches are common. By using tools like Sentrya and understanding your rights, you can take control of your personal data and keep it safe. Read more

New Twists In Phone And Email Fraud

In a recent update, local police have issued a fresh warning about evolving phone and email scams that have been targeting residents with alarming frequency. As scammers become more sophisticated in their methods, it’s crucial for the public to stay informed and vigilant to avoid falling victim to these fraudulent schemes. <h2 class="text-heading">The Latest Scams</h2> According to the police advisory, scammers are now employing new tactics that combine elements of both phone and email fraud, making their operations more deceptive and harder to detect. These scams often begin with an unsolicited phone call or email, where the scammer poses as a trusted authority figure—such as a government official, bank representative, or even a law enforcement officer. In one common scenario, the victim receives a phone call from someone claiming to be from a government agency, such as the IRS or Social Security Administration. The caller may assert that there is an urgent legal issue, such as unpaid taxes or a problem with the victim’s Social Security benefits, and that immediate action is required to avoid severe consequences. To add legitimacy, the scammer might spoof the caller ID to display a government agency’s number or use an official-sounding email address. In some cases, these phone calls are followed up by an email, ostensibly from the same agency or representative. The email often contains official-looking logos and language, further convincing the victim that the threat is real. The email may also include links or attachments that the victim is urged to click on, which can lead to phishing websites designed to steal personal information, or download malware onto the victim’s computer. <h2 class="text-heading">Scammers Targeting Financial Information</h2> A particularly worrying trend is the scammers’ increasing focus on extracting financial information from their victims. In many cases, the scammer will demand immediate payment to resolve the supposed issue, often through non-traditional means such as gift cards, wire transfers, or cryptocurrency. They might also instruct the victim to provide sensitive financial details, such as bank account numbers or credit card information, under the guise of verifying their identity. Another twist involves scammers posing as representatives from the victim’s bank. They may claim that the victim’s account has been compromised and that they need to confirm personal details or transfer funds to a “safe” account. This type of scam not only risks immediate financial loss but also provides scammers with the necessary information to commit further fraud, such as identity theft. <h2 class="text-heading">How Sentrya Can Protect</h2> In light of these increasingly sophisticated scams, it’s essential to take proactive steps to protect your personal information and online accounts. <a href="https://sentrya.net" class="content-link">Sentrya</a> offers a valuable solution for personal Gmail users by providing advanced security features designed to safeguard against phishing attempts, unauthorised access, and other online threats. By utilizing <a href="https://sentrya.net" class="content-link">Sentrya</a>, you can add an extra layer of protection to your email account, preventing scammers from gaining access to sensitive information or exploiting your email for further fraudulent activities. <a href="https://sentrya.net" class="content-link">Sentrya</a>’s real-time monitoring and threat detection features are particularly effective in identifying and blocking malicious emails before they reach the inbox, allowing you to stay one step ahead of scammers. With <a href="https://sentrya.net" class="content-link">Sentrya</a>, you can secure your personal information and reduce the risk of becoming victim of these sophisticated fraud schemes. <h2 class="text-heading">Police Recommendations for Staying Safe</h2> To combat these increasingly sophisticated scams, police are urging residents to take several precautions: 1. Verify the Source: Always verify the authenticity of any unsolicited phone calls or emails before taking action. If someone claims to be from a government agency, hang up and contact the agency directly using an official phone number or website. 2. Do Not Share Personal Information: Never provide personal or financial information in response to an unsolicited request, whether by phone or email. Legitimate organizations will not ask for sensitive information in this manner. 3. Beware of Payment Demands: Be wary of any demand for immediate payment, especially if it involves unconventional methods like gift cards or cryptocurrency. These are red flags of a scam. 4. Look for Signs of Phishing: Be cautious of emails that contain generic greetings, misspellings, or suspicious links and attachments. Hover over links to see where they actually lead before clicking on them. 5. Report Suspicious Activity: If you believe you’ve been targeted by a scam, report it to local law enforcement and the appropriate federal agencies, such as the Federal Trade Commission (FTC). This can help authorities track down the scammers and prevent others from being victimized. <h2 class="text-heading">The Importance of Community Awareness</h2> The ongoing evolution of scam tactics underscores the importance of community awareness and education. By staying informed about the latest fraud schemes and knowing how to recognize the warning signs, residents can protect themselves and their loved ones from falling prey to these crimes. The police continue to monitor these scams closely and are committed to providing updates as new threats emerge. In the meantime, they encourage everyone to remain vigilant and to share this information with friends and family, particularly those who may be more vulnerable to such tactics, such as the elderly. As scammers refine their methods, it’s more important than ever to stay cautious and informed. By following the police’s advice, using tools like <a href="https://sentrya.net" class="content-link">Sentrya</a> to enhance personal security, and taking proactive steps, you can significantly reduce your risk of becoming victim of these increasingly sophisticated phone and email frauds. Read more

Breach on NationalPublicData

The recent data breach of NationalPublicData, as reported by KrebsOnSecurity, has sent shockwaves across the cybersecurity landscape, highlighting the significant risks posed by large-scale data aggregators. <a href='https://www.nationalpublicdata.com' class='content-link'>NationalPublicData</a>, a relatively obscure but substantial data broker, was breached, resulting in the exposure of highly sensitive personal data of millions of Americans. Adding to the severity of the incident, it was revealed that the company had inadvertently exposed its own passwords online, making it a prime target for cybercriminals. <h2 class='text-heading'>The Breach and Its Scope</h2> NationalPublicData is a data broker that compiles and sells access to personal data harvested from public records, social media, and other sources. While it operates in relative obscurity compared to giants like Equifax or Experian, the company has a massive database containing information on a large percentage of the U.S. population. The data exposed in the breach includes names, addresses, Social Security numbers, dates of birth, and extensive financial and credit histories, where over 90 million Americans were exposed. The breach was discovered after a hacker group known as “Data Vampires” posted samples of the stolen data on a dark web forum. The group claimed to have exploited a vulnerability in NationalPublicData’s web application, which allowed them to gain unfettered access to the company’s internal database. Further investigation revealed that NationalPublicData had unintentionally published its own administrative passwords on a public-facing page, exacerbating the ease with which hackers could access the company’s systems. This oversight, combined with the unpatched vulnerability, created a perfect storm that allowed the attackers to breach the company’s defenses with minimal effort. <h2 class='text-heading'>The Impact on Consumers</h2> The exposure of such extensive personal data presents a significant risk to the individuals affected. With details like Social Security numbers and financial histories now in the hands of cybercriminals, there is a heightened risk of identity theft, financial fraud, and other malicious activities. Victims could find themselves targeted by phishing scams, fraudulent credit applications, and unauthorized access to their financial accounts. Moreover, the breach could have long-lasting effects on the financial well-being of the victims. The stolen data can be used to create new fraudulent accounts, make large purchases, or even take out loans in the victim’s name. The damage to an individual’s credit score can be severe and take years to repair, causing a ripple effect on their ability to secure housing, employment, or even insurance. <h2 class='text-heading'>The Broader Implications for Data Privacy</h2> This breach raises serious questions about the regulation and oversight of data brokers in the United States. While companies like NationalPublicData operate legally, their practices often go unnoticed by the general public. The lack of transparency and accountability in the data brokerage industry has been a point of concern for privacy advocates for years. This incident brings those concerns into sharp focus, illustrating the dangers of allowing private companies to collect and store massive amounts of personal information without adequate security measures. The breach also highlights the need for stronger data protection laws in the U.S. Compared to Europe’s General Data Protection Regulation (GDPR), U.S. laws around data privacy are relatively weak and fragmented. There is no comprehensive federal law that mandates how companies must secure consumer data or holds them accountable when breaches occur. This has led to a patchwork of state laws that vary in their rigor and effectiveness, leaving many Americans vulnerable. <h2 class='text-heading'>Corporate Responsibility</h2> In the aftermath of the breach, NationalPublicData will likely face significant scrutiny from both regulators and consumers. The company will need to demonstrate that it is taking steps to secure its systems and prevent future breaches. This might include overhauling its cybersecurity protocols, conducting thorough audits, and cooperating with law enforcement investigations. However, the damage to its reputation may be irreparable, and it could face legal challenges from those affected. For individual consumers who are concerned about their personal data security, there are steps that can be taken to protect themselves from the fallout of such breaches. One effective solution is using <a href='https://sentrya.net' class='content-link'>Sentrya</a>, a service designed specifically for personal Gmail users. Sentrya provides advanced cybersecurity features tailored to individuals, offering protection against phishing attempts, and simple data deletion from companies and data brokers. By using Sentrya, Gmail users can add an extra layer of security to their email accounts, helping to safeguard their personal information against potential breaches. This breach is a stark reminder of the importance of personal data security. While individuals can take steps to protect themselves—such as monitoring credit reports and being vigilant about suspicious activity—using a dedicated service like Sentrya can provide additional peace of mind in an increasingly dangerous digital landscape. In conclusion, the NationalPublicData hack serves as a wake-up call for both the public and private sectors. It underscores the urgent need for better regulation of data brokers and more robust data protection laws in the U.S. While companies must prioritize cybersecurity, consumers should consider proactive measures like those offered by <a href='https://sentrya.net' class='content-link'>Sentrya</a> to protect their personal information. Until these issues are addressed, Americans will continue to be at risk of having their most sensitive personal information exposed to those with malicious intent. Read more

How to clean your inbox and improve your privacy

Is your inbox full of crap and useless junk? Do you have loads of accounts open or old subscriptions? Then you came to the right place. In this article I’m going to show you how to create filters in Gmail, how to whitelist senders you need, and how to delete your data from services and subscriptions you don’t need. So let’s get straight to it. <h2 class='text-heading'>Creating filters in Gmail</h2> Fortunately, Gmail’s filters can be used for a lot of stuff that can make your life easier: from blocking senders, to deleting certain emails, to archiving and adding labels. The good thing is that all of these start the same way: by tapping on the filter icon, and adding an email or domain to the search bar in Gmail’s web app. Next step depends on what you want to do: - Archive an email -> “Skip the inbox” - Change the label -> “Apply the label:” - Delete an email -> “Delete it” <h2 class='text-heading'>Whitelist</h2> This is my favourite part, and the base of my startup, <a href='https://sentrya.net' class='content-link'>Sentrya</a>. Creating a whitelist in Gmail can do amazing things for your inbox: it clears the clutter left by spam and useless junk, and ensures you don’t miss an important email. Here’s how to create a complete and comprehensive whitelist: - Make a list of services and subscriptions you still need, and are important to you (important in the next step) - Click on the filter icon in Gmail’s web app, and add the list you made in the “Doesn’t have” field using this format: {(from:sender1 OR from:sender2 OR from:sender3)} - Next, select the “Delete it” option. This way, all emails not included in your whitelist will be sent to trash, and permanently deleted in 30 days This can take a while to complete and keep it up to date, but if you don’t need emails from a lot of senders, it’s a great way to start. Alternatively, you can try out <a href='https://sentrya.net' class='content-link'>Sentrya</a>, as it’s a lot easier to find and select the services you need, the whitelist can take up to 250 senders, and it’s also free to use. <h2 class='text-heading'>Delete your subscriptions and old accounts</h2> This is a great way to improve your privacy, protect your personal information, and it also leads to less clutter in your inbox. Win win! But where do you start? Personally, I just sit and wait for a notification or an email from a service I don’t need, or just scroll through my inbox until I find something I don’t need. Once you choose the service, it’s time to check out their website, and look for their Privacy Policy. In this section, you need to search for a contact email for that company’s DPO (Data Protection Officer - person of contact for such requests). Some companies don’t have a contact email, but since they’re legally obligated to provide a way to contact them, they might have a form you can fill out. Now the fun part - sending the deletion request. Having worked in the Data Protection industry, I learned a thing or two to successfully complete a data or deletion request, and I created my own template (which I also use in <a href='https://sentrya.net' class='content-link'>Sentrya</a>): 'Dear Data Protection Officer, I am writing to you to request the deletion of my personal information from your database, under the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). I include the information below in order to confirm my identity: Full name: Email: Please confirm once all my information has been removed from your systems. If you are not the person responsible for handling these requests, please pass this email to your relevant department.' These are great ways to clean out your inbox and protect your personal information, and you will see how well it works by next week. If you need any help with any of the functions mentioned above, feel free to get in touch, and I’ll be happy to support. Until next time. Read more

Who is selling your data

Have you ever wondered why your inbox is filled with junk, promotions or subscriptions that seem to be coming out of nowhere? I have. That was until a few years ago when I was introduced to the Data Protection industry, and discovered some interesting things, including that many companies sell and share our personal data. Most of the time, this happens behind closed doors, as you don’t know if and when it takes place. But there are other times when it’s pretty clear. And that’s how I found that my data was sold at least 3 times. First time happened about 4 years ago. One day, out of nowhere, I got a welcome email from a local flower shop in California. How the hell did these guys got my info, since they only sell within that state? Luckily, I knew what I had to do. I immediately sent them a Data Request, and asked what data they had about me, where they got it from and what they’re doing with it. Initially, they were reluctant to disclose this information, but I don’t back down easily, and I pushed them even more. They finally told me that they bought my data (fortunately it was only my email address) from 2 US based data brokers. Second time it happened was about 2-3 years ago. I was working on startup, and was quite active on HARO and on the lookout for opportunities to take part in articles or interviews. At some point, I found an ad from a publication, sent them an email, completed a form, and waited. Lo and behold, 2 days later I get a welcome email from Harvard Business Review, and no response from that publication. I start looking through my emails, maybe I missed something and I actually subscribed to HBR. Nothing. So I sent them a Data Request through the platform I was working on at that time. Again, they were reluctant to answer my request and disclose any info, but I REALLY don’t back down easily and submitted a complaint to the ICO (they handle anything data protection related in the UK). HBR operates pretty much anywhere across the globe, including UK, and they can’t afford a bad data protection PR or fine. They finally got back to me almost a month later with some BS answer: they know that I subscribed to their newsletter some many years ago, and didn’t kept records around that time. Did I really subscribed and forgot about it, or did they bought my data and tried to cover their sh*t? Who can say… Now for the final time I got my data sold, I had quite the surprise. It was in the middle of the pandemic. I was in Romania, and my wife and I were travelling back and forth between the UK and Romania. Back then, you couldn’t enter the UK without a negative test, quarantine or vaccine (remember those good times?). So we got vaccinated, and found out about a government incentive where they offered some cash for being vaccinated. Free money! I applied, they sent the money a week or 2 later, and about a month later it started. I started getting loads of promotions and marketing emails from a bunch of Romanian companies (bear in mind that I used my email only in UK). Yeah…even the government is out to sell you. Good times we live in. Since you got to the end, have a look below at the template I personally use to send Deletion Requests, so you can start removing your data from companies you don’t use, and avoid having your data sold. Learn from my mistakes. Data Deletion Request Template: “Dear Data Protection Officer, I am writing to you to request the deletion of my personal information from your database, under the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). I include the information below in order to confirm my identity: Full name: Email: lease confirm once all my information has been removed from your systems. If you are not the person responsible for handling these requests, please pass this email to your relevant department.” If you want a simpler way to manage your subscriptions, your data, and your requests (both Data Requests and Deletion Requests), I invite you to join <a href='https://sentrya.net' class='content-link'>Sentrya</a> (sentrya.net)</a> - get 45% off Pro Plan. I hope this articles sheds some light on how companies might handle your data, and gives you the push you needed to start improving your privacy and security. Until next time. Read more