Technology
Alarming rise of fake legal requests: What it means for your privacy
Phishing emails are one of the most common tricks scammers use, but they’re usually easy to catch if you pay attention. Awkward grammar, random details and, most importantly, an unofficial email address are dead giveaways. For example, you might get an email saying your Apple ID’s been disabled, but the sender’s email won’t actually be from Apple. Now, though, scammers are finding ways to get around this.
According to the FBI, there’s been a recent rise in cybercriminal services using hacked police and government email accounts to send fake subpoenas and data requests to U.S.-based tech companies.
I’M GIVING AWAY A $500 GIFT CARD FOR THE HOLIDAYS
Enter by signing up for my free newsletter!
What you need to know
The FBI has seen a spike in criminal forum posts about emergency data requests and stolen email credentials from police departments and government agencies. Cybercriminals are getting into compromised U.S. and foreign government email accounts and using them to send fake emergency data requests to U.S.-based companies, which exposes customer data for further misuse in other crimes.
In August 2024, a popular cybercriminal on an online forum advertised “high-quality .gov emails” for sale, meant for espionage, social engineering, data extortion, emergency data requests and more. The listing even included U.S. credentials, and the seller claimed they could guide buyers on making emergency data requests and even sell real stolen subpoena documents to help them pose as law enforcement.
Another cybercriminal boasted about owning government emails from over 25 countries. They claimed anyone can use these emails to send a subpoena to a tech company and get access to usernames, emails, phone numbers and other personal client info. Some con artists are even hosting a “masterclass” on how to create and submit their own emergency data requests to pull data on any social media account, charging $100 for the full rundown.
WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI
How this phishing scam works
When law enforcement, whether federal, state or local, wants information about someone’s account at a tech company, like their email address or other account details, they typically need a warrant, subpoena or court order. When a tech company receives one of these requests from an official email address, they’re required to comply. So, if a scammer gets access to a government email, they can fake a subpoena and get information on just about anyone.
To bypass verification, scammers often send emergency data requests, claiming that someone’s life is at risk and that the data is needed urgently. Because companies don’t want to delay in case of an actual emergency, they may hand over the information, even if the request turns out to be fake. By portraying it as a life-or-death situation, scammers make it harder for companies to take time to verify the request.
For example, the FBI reported that earlier this year, a known cybercriminal posted pictures on an online forum of a fake emergency data request they’d sent to PayPal. The scammer tried to make it look legitimate by using a fraudulent mutual legal assistance treaty, claiming it was part of a local investigation into child trafficking, complete with a case number and legal code for verification. However, PayPal recognized that it wasn’t a real law enforcement request and denied it.
CYBERSCAMMERS USE AI TO MANIPULATE GOOGLE SEARCH RESULTS
What can companies do to avoid falling for these phishing scams?
1) Verify all data requests: Before sharing sensitive information, companies should verify every data request, even those that look legitimate. Establish a protocol for confirming requests directly with the agency or organization that supposedly sent them.
2) Strengthen email security: Use email authentication protocols like DMARC, SPF and DKIM to block emails from unauthorized sources. Implement anti-phishing filters to detect suspicious content in messages.
3) Train employees on phishing awareness: Regular training sessions on phishing scams can help employees recognize red flags, such as urgent language, unusual requests or emails from unknown addresses. Employees should be encouraged to report suspicious emails.
4) Limit access to sensitive data: Restrict who can view or share sensitive customer data. Fewer people with access means fewer chances for accidental or intentional data leaks.
5) Implement emergency verification procedures: Have a clear verification process in place for “emergency” data requests, including steps for double-checking with higher management or legal teams before responding to any urgent request for customer information.
Is there something you need to do?
This particular phishing scam mostly targets big tech companies, so there’s not much you can do directly. However, it’s a reminder that you shouldn’t automatically trust an email, even if it comes from a .gov address. Here are some steps you can take to stay safe.
1) Double-check email addresses and links: Even if an email looks official, take a moment to check the sender’s email address and hover over any links to see where they actually lead. Be cautious if anything looks off. The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2) Enable two-factor authentication (2FA): Use 2FA for all sensitive accounts. This extra layer of security helps protect you even if your login credentials are compromised.
3) Stay updated on phishing scams: Keep an eye on the latest phishing tactics, so you know what to look out for. Regular updates help you spot new types of scams before they affect you.
4) Verify suspicious requests: If you get an unexpected email asking for sensitive info, contact the sender directly through an official channel to confirm the request.
DON’T LET SNOOPS NEARBY LISTEN TO YOUR VOICEMAIL WITH THIS QUICK TIP
Kurt’s key takeaway
Scammers are taking phishing emails to a whole new level. I often recommend checking the email carefully when you receive anything suspicious to see if it’s legit. But now, since scammers can even access government emails, you need to be extra cautious. This phishing scam seems to target mostly big tech companies, so it’s on them to strengthen their security and verify every request thoroughly before sharing any user information. It’s also up to governments worldwide to protect their digital assets from being compromised.
What’s your stance on how governments are handling cybersecurity? Are they doing enough to protect sensitive data? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions: New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
Technology
This digital D&D watch lets you roll a fireball from your wrist
Dice hoarding is a common hobby among Dungeons and Dragons players, but I’m betting most won’t have a digital watch in their collection. Alongside displaying the time, day, and date, the Timestop D-20 includes all the dice-rolling features you need to play tabletop roleplaying games directly from your wrist at the push of a button.
The watch allows the wearer to digitally roll a 4-, 6-, 8-, 10-, 12-, 20-, or 100-sided dice, alongside “Advanced Combat” features such as rolling up to 12 dice at once, and D20s with advantage or disadvantage (a fancy way of rolling two dice and taking either the higher or lower results). It’ll also display specific icons when a D20 rolls a 1 or a 20 — known as a “critical failure” or “critical success” respectively in D&D.
“We wanted a fun animation while rolling, but also an overall subdued look so you could ‘take the game with you’ and even wear the watch at the office,” Timestop says in its blog describing the design process. “We included day and date complications with a perpetual calendar so it was still a practical timepiece.”
Pricing starts at $99 and is available in three colors: black, orange, and stainless steel. Shipping starts next year, with stock available for delivery in either January or February.
One feature you won’t find on the Timestop D-20 is an alarm, because alarms “aren’t fun,” according to its creator. Otherwise, it’s water-resistant, features a backlit LCD display, and uses a replaceable coin cell battery that can last up to three years with “typical use.” I’m not sure how many fireball spells would be considered typical, but it certainly offers a more unique way to play than traditional dice or digital dice-rolling apps.
Technology
Honda has a plan to build solid-state batteries for EVs
Honda set up a demonstration facility in Japan to show off its plans to mass-produce solid-state batteries at lower costs, which could be crucial to unlocking higher-range, longer-lasting electric vehicles for the future.
Solid-state batteries have been elusive for many companies due to the complexity of scaling up production. The technology swaps out the liquid electrolytes found in current lithium-ion batteries with dry conductive materials, promising higher energy density and longer lifespans. But it will require a whole new production process to be successful.
Honda says it is accelerating research at its new 27,000 square-meter demo facility set up in Sakura City, Japan, and is shortening the time required to make a single unit. The site has full-scale equipment that is split between three buildings: the first for cathode formation and cell assembly; the second for anode formation; and the third for electrolyte activation and module assembly.
The plan includes using a continuous inline mixer that Honda says is “three times faster” than typical cell batch processing. Honda plans to make batteries on this line in January.
Honda is readying its solid-state tech for mass production in the second half of the 2020s. The company’s CEO Toshihiro Mibe has eluded that solid-state batteries will also be the key to unlocking cheaper EVs.
Technology
How your browser is spying on you: Hidden dangers lurking behind every click
A browser is one of the most popular apps we use. It’s the gateway between the internet and its users, translating raw code into something we perceive as a web page and allowing us to interact with the web. It’s safe to say that anyone who uses the internet uses a web browser.
But while this tool is extremely useful, it can also be equally dangerous. For example, clicking malicious links can redirect you to harmful websites that either steal personal information or infect your device with malware.
If you use a search engine like Google through Chrome, it can collect data on your searches, browsing history and even your location (if location services are enabled). Most browsers also use cookies, small files that store information about your online behavior. Let’s discuss the risks associated with web browsers and how to stay safe.
I’M GIVING AWAY A $500 GIFT CARD FOR THE HOLIDAYS
How a browser doubles as spyware
Browsers are much more than simple tools to navigate the web. They are, in many ways, tools for surveillance. While they help you access websites and services, they also track your every move online to feed the ever-hungry advertising industry.
First off, most browsers collect data about your searches, browsing habits and even your location. This data isn’t just stored to “improve your experience,” it’s used to create a detailed profile of you, which is then shared with advertisers who target you with personalized ads.
Google Chrome, for example, is notorious for tracking your activity. As you browse, it feeds data to Google’s advertising engine, allowing it to serve highly targeted ads based on your behavior. This includes everything from your search history to the websites you visit, even down to the smallest detail, like how long you stay on a page.
“Google may share information about you with advertisers, business partners, sponsors, and other third parties,” Google boldly mentions on its privacy policy page.
Browsers also use cookies to keep tabs on you. These cookies track your activity across different sites, even after you’ve left a site. This means that ads you saw on one website might follow you across others, creating a persistent digital footprint. And while cookies can be blocked or deleted, many websites rely on them to function, making it hard to escape this kind of tracking.
MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC
Even Incognito mode isn’t safe
Even if you’re using privacy-focused browsers or tools like Incognito mode, they don’t really guarantee privacy. A 2020 class-action lawsuit revealed that Google kept scraping searches by gathering data from users browsing in Incognito through ad tools used by websites, picking up “potentially embarrassing” searches from millions of people. Google then used that data to track web traffic and sell ads.
It’s not just Google. Your internet service provider, the websites you visit and even governments can monitor your browsing activity, even in Incognito mode. All it does is hide your activity from your local browser history.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
TOP 6 HIDDEN WAYS A VPN CAN SAVE YOU MONEY NOW
How to protect your privacy
As you all know, web browsers are essential tools for accessing the internet, but many popular options compromise your privacy by collecting extensive data. While Google Chrome is widely used, it tracks significant amounts of user information to power targeted advertising. However, there are several privacy-focused browser alternatives that prioritize user data protection. Also, to enhance your online security and protect your personal information, consider implementing these essential cybersecurity practices.
Keep software updated: Regularly update your operating system, browsers and other software to patch security vulnerabilities. Enable automatic updates whenever possible to ensure you’re always protected against the latest threats.
Use strong, unique passwords: Create complex passwords for each of your accounts and avoid reusing them. Consider using a password manager to generate and securely store strong passwords.
Enable two-factor authentication (2FA): Activate 2FA on all accounts that offer it. This adds an extra layer of security by requiring a second form of verification beyond your password.
Be cautious with emails and links: Avoid opening suspicious emails or clicking on unknown links. These could be phishing attempts designed to steal your information or infect your device with malware. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
Use secure networks: When using public Wi-Fi, connect through a VPN to encrypt your internet traffic. For sensitive transactions, stick to secure, private networks.
Be mindful of social media sharing: Limit the personal information you share on social media platforms and adjust your privacy settings to control who can view your posts.
VPN: Your first line of defense against browser spying: A VPN (virtual private network) encrypts your internet connection, making it difficult for anyone, including your browser, to track your online activities. By masking your IP address and routing your traffic through secure servers, a VPN not only protects your personal data from prying eyes but also helps you avoid targeted advertising and potential data breaches.
Regardless of whether you are new to VPNs or not, you’ll want to choose trusted VPN providers known for robust encryption and no-log policies to ensure your privacy. Whether for sensitive tasks or everyday use, reputable VPN services will boost both your security and speed. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.
By implementing these security practices and using privacy-focused browsers, you can significantly enhance your online safety and protect your personal data while browsing the web. Remember, cybersecurity is an ongoing process that requires vigilance and regular updates to your practices.
WHY YOU SHOULD BE USING A VPN TO SAFEGUARD YOUR STOCK TRADING ACTIVITIES
Kurt’s key takeaway
The web browser is an essential tool for accessing the internet, but it also opens the door to a host of privacy and security risks. Whether it’s being tracked for ads, snooped on by your ISP or accidentally stumbling onto a malware-filled site, the risks are everywhere. Tools like Incognito mode or cookie-blocking can help a bit, but they’re not enough to truly protect you. If you’re serious about staying private and secure, you need to up your game. Use a VPN, be cautious about what you click on and stay informed about the ways your browser might be working against you.
Do you think companies have gone too far with tracking? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
New from Kurt:
KURT’S HOLIDAY GIFT GUIDES
Unbeatable Best Black Friday deals
Best gifts for Men | Women | Kids | Teens | Pet lovers
Best deals: Laptops | Desktops
Copyright 2024 CyberGuy.com. All rights reserved.
-
News1 week ago
Herbert Smith Freehills to merge with US-based law firm Kramer Levin
-
Business1 week ago
Column: OpenAI just scored a huge victory in a copyright case … or did it?
-
Health1 week ago
Bird flu leaves teen in critical condition after country's first reported case
-
Business4 days ago
Column: Molly White's message for journalists going freelance — be ready for the pitfalls
-
World1 week ago
Sarah Palin, NY Times Have Explored Settlement, as Judge Sets Defamation Retrial
-
Politics3 days ago
Trump taps FCC member Brendan Carr to lead agency: 'Warrior for Free Speech'
-
Science1 day ago
Trump nominates Dr. Oz to head Medicare and Medicaid and help take on 'illness industrial complex'
-
Technology3 days ago
Inside Elon Musk’s messy breakup with OpenAI