Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/12/2021

Tax Scammers Are Getting Sneakier. Here’s How to Spot the Latest Cons

The 2021 tax season starts on Friday, Feb. 12, which means it’s time to get your paperwork in order. It’s also time to be on the lookout for scam artists targeting those of us feeling a little overwhelmed as the April 15 deadline gets closer. Tax-related scams are nothing new, according to Howard Silverstone, a member of the American Institute of CPA’s Fraud Task Force. But as with nearly everything else, the ongoing COVID-19 pandemic has made this dubious trend even worse. “There are a lot of people who are isolated at home,” he says. “So they’re looking to get taxes done [online].” That opens them up to a world of online scammers, he says, from phony tax preparer websites to phishing emails designed to steal their Social Security number. To be clear: The IRS almost always contacts people via old-fashioned snail mail. So if you get a phone call, text message or email claiming to be from the agency, be on high alert.

 

Verify Your Valentine

This Valentine’s Day, before you go looking for love in all the wrong chat rooms, CISA reminds users to be wary of internet romance scams. At first, cyber criminals promise the reward of romance after adopting an alias to appear as a potential partner. Once your heart is hooked on hope, they turn the tables. The scammer with the illusive identity will ask for money, making promises of phony matrimony, as they finagle funds from you as a fake fiancée. If you don’t know who you are doting on when you are dating, be cautious with your cash and keep it.    

 

Scientists prove that deepfake detectors can be duped

Universities, organizations and tech giants, such as Microsoft and Facebook, have been working on tools that can detect deepfakes in an effort to prevent their use for the spread of malicious media and misinformation. Deepfake detectors, however, can still be duped, a group of computer scientists from UC San Diego has warned. The team showed how detection tools can be fooled by inserting inputs called “adversarial examples” into every video frame at the WACV 2021 computer vision conference that took place online in January. In their announcement, the scientists explained that adversarial examples are manipulated images that can cause AI systems to make a mistake. See, most detectors work by tracking faces in videos and sending cropped face data to a neural network — deepfake videos are convincing because they were modified to copy a real person’s face, after all. The detector system can then determine if a video is authentic by looking at elements that aren’t reproduced well in deepfakes, such as blinking.

 

Target loses coverage bid in fight with Chubb over data breach settlements

A Minnesota federal judge sided with an insurer in a dispute with Target Corp related to settlements over its 2013 data breach, finding the retail company didn’t meet the burden for showing coverage under its insurance policies. U.S. District Judge Wilhelmina Wright in St. Paul on Monday denied Target’s bid for partial summary judgment, which sought a declaration that the policies issued by ACE American Insurance Co and ACE Property and Casualty Insurance Co cover Target’s settlement payments related to banks’ claims over costs of replacing payment cards after the breach.

 

Border agents can search phones freely under new circuit court ruling

A US appeals court has ruled that Customs and Border Protection agents can conduct in-depth searches of phones and laptops, overturning an earlier legal victory for civil liberties groups. First Circuit Judge Sandra Lynch declared that both basic and “advanced” searches, which include reviewing and copying data without a warrant, fall within “permissible constitutional grounds” at the American border. Lynch ruled against a group of US citizens and residents objecting to invasive searches of their electronic devices. The group includes Sidd Bikkannavar, a NASA scientist who was detained and pressured to unlock a secure government-issued phone. Most of the incidents date to 2017, when then-President Donald Trump pushed for tighter border security alongside travel bans and other restrictions. But some took place earlier, reflecting long-standing concerns among groups like the Electronic Frontier Foundation and the American Civil Liberties Union, which backed this lawsuit.

 

NordVPN puts the price tag of stolen streaming subscriptions at $38 million

It can be annoying when a family member or friend changes the password on a Netflix account that you’ve been sharing with them. That can be fixed (usually) with a call or text to get the new password. The solution is not so easy if a cybercriminal has stolen the account credentials and changed not only the password, but the associated email address too. NordVPN did the math on this particular type of cybertheft and found that leaked credentials for 174,800 streaming service accounts adds up to $38 million in damages. The problem is–unsurprisingly–malware. Zeus, Pony Stealer, RedLine, Raccoon, and other types of malware are built to capture login credentials saved on computers. NordVPN found 174,800 accounts for streaming services were up for resale after being stolen by this type of malware. Thieves pay for a subscription to this kind of malware, according to NordVPN.

Related Posts