Authentic8 Blog Category: Identity

Hoodwinked: Why Our Eyes Won't Protect Us Against Phishing and Fake Websites

Illustration: Hoodwinked: Why Our Eyes Won't Protect Us Against Phishing and Fake Websites - Authentic8 Blog

By Benjamin Dynkin & Barry Dynkin

Our eyes were the gatekeepers between fact and fiction, reality and myth - then the internet came along. The visual information we encounter and interact with on the web is digitally created and manipulated - and we’re not ready for it.

*
Web pages and individual visual elements can be easily replicated, and their impact on users tracked and measured. The problem with that is that scammers take advantage of it, while we still trust our eyes. This trust can now easily be turned against us.

In the domain of email-based fraud, perpetrators have evolved beyond broad, “Nigerian Prince”-esque campaigns. No longer are they limited to crude schemes that are easily detected.

Instead, they are using sophisticated, targeted campaigns that combine social engineering with visual deception and manipulation. The goal is to generate sensory overload and trick individuals into divulging critical information, such as usernames and passwords, or to overcome their resistance with psychological pressure

Local Browser Wins Olympic Gold for Worst Security

Illustration: Local Browser Wins Olympic Gold for Worst Security - Authentic8 Blog

by Amir Khashayar Mohammadi

Nearly every web browser comes equipped with a built-in password manager. Combined with all its other inherent vulnerabilities, this makes the local browser an even more attractive target for automated attacks. The bad guys would love to gain access to the container that keeps track of the keys to your online bank. Given the browser’s weak security underpinnings, how hard could it be?

Not too hard. This was confirmed, once again, by news that broke earlier this week. A new piece of malware, dubbed "Olympic Destroyer" by security firm Talos, does just that. Its purpose was to target a network of non-critical systems at this year's Winter Olympics in PyeongChang, South Korea.

Cybersecurity researchers pointed out that Olympic Destroyer was designed to take computers offline by erasing critical system files. But that was not the whole story. Olympic Destroyer also features two critical methods of stealing credentials.

One technique targets those credentials stored in the

Book Review: What They Really Do With Your Medical Data

Thumbnail: Book Review: What They Really Do With Your Medical Data - Illustration for Authentic8 blog review of Our Bodies, Our Data by Adam TannerSECURITY, IDENTITY, NEWS

Happy Data Privacy Day.  A new book provides an in-depth look at the commercial trade in patient medical data.  Sensitive data, a vibrant market, and not much cause for celebration.

*

A while ago, I wrote about the wave of data breaches at healthcare organizations and medical identity theft that is impacting millions and what we can do to protect ourselves better.

One of the readers of that post was acclaimed journalist Adam Tanner, who has reported on data collection and consumer privacy since 2012.

Adam and I have had an ongoing discussion on data privacy and security matters since we met a few years ago.  He was covering the issue for Forbes, and I had a chance to brief him on our secure browser solution.

A few weeks ago, he kindly directed my attention to an unknown - to me, at least - aspect of our personal medical records. I thought our medical data was sacrosanct.  Protected by regulatory

How Medical Identity Theft Works, and How it Can Impact You

Image: Patients in Waiting Room with Chart: Indivituals Impacted by Healthcare Data BreachesIDENTITY, SECURITY

The healthcare industry currently tops the target list of cyber criminals, according to IBM’s 2016 Cyber Security Intelligence Index [PDF]. The Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data (Ponemon Institute) reveals that 89 percent of healthcare organizations and 60 percent of their business associates experienced data breaches over the past two years.

Recently, ransomware attacks (incidents where hospital data are encrypted and only released after a ransom is paid) have dominated the headlines. But most data breaches within the healthcare industry involve an even more lucrative target: medical records and related Personal Identifiable Information (PII), like Social Security numbers.

What does this mean for you? Medical identity theft via computer comes at staggering cost to the victims. They have to pay a steep price to get their life back: on average more than $ 13,000, according to one study. To make matters worse, victims can find themselves cut off from their doctors or get misdiagnosed,

Can You Trust Your Tax Preparer?

social-do-you-like-e-filing-your-taxes-so-do-tax-refund-fraudsters.pngIDENTITY

IRS forms can suck the joy right out of a wonderful April day. Do you prefer online tax filing? Guess what: so do cyber criminals. Also on their target list: CPAs and local tax preparer offices.

The IRS expects damages from tax refund fraud - somebody filing for a refund, using a stolen identity - to rise to $21 billion this year. This increase is in part due to the widespread use of e-filing services by taxpayers.

While such services make filing for a refund easier, some Internet tax filing platforms are also known to fuel tax fraud. Organized scamsters use them to automate their scheme online.

That tax refund you expected? The one that’s long overdue? It may have been paid out already, but to somebody else: to a tax scam artist.

As a victim of tax refund fraud, up to nine months can pass before you finally receive your money. That’s on average how long it takes