Earlier this year it was reported that a Lithuanian man had been charged over an email phishing attack against two American based internet companies. The victims were not named at the time but have since been revealed as Google and Facebook. They had allegedly been tricked into wiring more than $100m to the alleged scammer’s bank accounts.
The man behind the scam, Evaldas Rimasauskas, allegedly posed as an Asia-based manufacturer and deceived the companies from at least 2013 until 2015. The Department of Justice said that ‘Fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multimillion dollar transactions with ‘the Asian’ company’. Mr Rimasauskas was accused of forging invoices, contracts and letters.
A spokeswoman for Google said ‘We detected this fraud against our vendor management team and promptly alerted the authorities. We recpouped the funds and we’re pleased this matter is resolved.’ However, the firm did not reveal how much money it had transferred and recouped. Neither did Facebook, but a spokeswoman said, ‘Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.’
Commenting on the phishing threat facing big companies, James Maude at Avecto ( a cyber-security firm) said, ‘Sometimes staff think that they are defended , that security isn’t part of their job. But people are part of the best security you can have – that’s why you have to train them.’
According to a Europol report, the sophistication of phishing scams has increased lately. ‘CEO fraud’ – in which executives are impersonated by the scammer – is a particular worry. Such attacks often take advantage of publicly reported events such as mergers, where there may be some degree of internal flux and uncertainty. Firms are being advised to carefully verify new payment requests before authorising them.
www.bbc.co.uk/technews (28th April 2017)
A new craze on Facebook is causing some cause for concern. The game is to list the top ten bands people have seen in concert – but with one false entry thrown in for friends to spot. The game seems harmless enough, but there are warnings that this craze could actually be a risk to online security.
The first gig you went to is often one of the security questions which banks and other organisations ask when setting up an account – and revealing that information online, even in an innocent online post, could make you more vulnerable to hackers.
Prof Alan Woodward, from the University of Surrey, said ‘It is difficult to tell people not to take part, as it is part of their normal social interaction. What I would say is to think very carefully about what you are putting into the public domain. The more personal information you put out there, the more likely it is to be used by hackers.’
Facebook’s top six security tips to keep your account safe are –
- protect your password
- use Facebook’s security features
- make sure your email account(s) are secure
- log out of Facebook when using a shared computer
- think before you click on download anything
www.bbc.co.uk/technews (3rd May 2017)
A Google Docs scam began landing in users’ inboxes yesterday in what seemed to a sophisticated phishing or malware attack.
The deceptive invitation to edit a Google Doc – the popular app for sharing files – appeared to be spreading rapidly, with a subject line stating a contact ‘has shared a document on Google Docs with you.’ If users click the ‘Open in Docs’ button in the email, it takes them to a legitimate Google sign-in screen that asks to ‘continue in Google Docs’. Clicking on that link grants permission to a bogus third party app to possibly access contacts and email, which could allow the spam to spread to additional contacts.
Google has said it is aware of the issue and is investigating. They said that they had taken action to protect users against the email impersonating Google Docs, and have disabled offending accounts. A spokesperson said that they had removed the fake pages, pushed updates through Safe Browsing, and their abuse team was working to prevent this kind of spoofing from happening again.
Phishing scams typically involve emails, ads or websites that appear to be real and ask for personal information, such as usernames, passwords, social security numbers, bank account data or birthdays. Google said it does not send out emails asking for this type of information and encourages users not to click on any links and to report any suspicious messages.
Wednesday’s attack seemed to be more advanced than standard email phishing scams, because it doesn’t simply take users to a bogus Google page to collect a password, but is instead working within Google’s system with a third-party web app that has a deceptive name. If users have already granted permission through the phishing email, they can go to their settings and revoke the app.
Google said the scam had affected fewer than 0.1% of Gmail users – which works out to about one million people affected.
The Guardian (4th May 2018)
Four major US firms – AT&T, Verizon, Enterprise and pharmaceutical giant GSK, have pulled millions of dollars in advertising from Google’s platform amid rows over extremist content. An investigation by The Times newspaper found that that major brands were appearing next to You Tube videos promoting extremist views – generating revenues for the creators. Google has apologized and promised better tools for advertisers. It is seeking to reassure brands that their ad spend is not funding hate groups.
According to the newspaper, Verizon’s advertisements were appearing along side videos made by Wagdi Ghoneim, an Egyptian cleric who had been banned from the US over extremism, and Hanif Qureshi, whose teachings inspired the assassination of a Pakistani politician.
More than 250 brands have so far removed their advertisements. Google’s response was ‘we’ve begun an extensive review of our advertising policies and have made a public commitment to put in place changes that give brands more control over where their ads appear.’
Google is the dominant player in online advertising, and ads are by far the company’s biggest source of money. In 2016, the firm generated $80bn in ad revenue – accounting for almost 90% of the firm’s total income for the year.
www.bbc.co.uk/technews (22nd March 17)
Levi’s and Google have partnered together to create a denim jacket with technology woven into the fabric. Once paired to a smartphone via Bluetooth allows the wearer to control key functions with just a brush or tap of the cuff. A double tap with two fingers, for example, starts or stops music.
www.bbc.co.uk/technews (14th March 2017)
The £280 jacket uses high-tech conductive fabric to connect to a smartphone. Named Jacquard after the Frenchman who invented a type of loom, the yarn structures combine thin, metallic alloys with natural materials such as cotton and silk. These tiny wires mean that it can send and receive signals to devices. A tag – the size of a button – connects the conductive yarns in the jacket’s cuff to an electronic device.
It’s the first commercial product created by a small Google team called Advanced Technology & Projects (ATAPs).
www.dailymail.co.uk (13th March 2017)
The US Federal Trade Commission has found that Vizio’s smart TV technology had captured data on what was being viewed on screen and transmitted it to the firm’s servers. The data was then being sold to third parties. The FTC said the data collection began in February 2014 and affected around 11 million televisions. Vizio has said the data could not be matched up to individuals. The FTC verified this by saying that Vizio ‘never paired viewing data with personally identifiable information such as name or contact information’.
The practices challenged by the government related only to the use of viewing data in the ‘aggregate’ to create summary reports measuring viewing audiences or behaviours.
FTC explained in a statement that the settlement stopped Vizio’s unauthorised tracking, and makes clear that smart TV makers should get people’s consent before collecting and sharing television viewing information. The company has been ordered to delete the data it collected.
www.bbc.co.uk/technews (7th February 17)