Identity Theft

Apple patents system to stop people from looking at your iPhone

Ever have a feeling that someone — next to you on the train or behind you in line at the grocery store — is snooping on your smartphone screen? Well, as it turns out, Apple is researching a potential solution to this digital privacy intrusion. A recently discovered patent application that was reported by Tech Xplore reveals the tech giant is looking into a technology to distinguish between user and unwanted onlookers and blur screen content not intended for unauthorized eyes. The feature, called “gaze-dependent display encryption,” would utilize face recognition to determine the owner of the smartphone and eye-tracking to figure out what segment of the screen the authorized viewer is scanning at the moment. If unknown faces appear, either directly in front of the device or in the background, gaze encryption would be activated. According to the patent, if an authorized viewer is reading a screen and a person appears in the background snooping, eye-tracking will leave currently viewed spots untouched while it renders the remainder of the screen indecipherable to onlookers. The obscured segments will resemble the text or image displayed, but scramble it. These manipulations will apparently include text scrambling, color altering and image warping.

Another example of security/privacy vs big brother.  We’ll keep an eye on this developing story…pun intended.       🙂

Divided Supreme Court rules illegal immigrants can’t be shielded from ID theft prosecution

A divided Supreme Court ruled Tuesday that illegal immigrants who use someone else’s information when filling out tax forms for employment can face criminal charges, despite federal laws that liberal justices claim should prohibit such cases. The Immigration Control and Reform Act (IRCA) makes it a federal crime to lie on the I-9 work authorization form, while limiting how the false information can be used. Federal law also says information “contained in” the I-9 cannot be used for law enforcement other than specified exceptions — but the Supreme Court ruled that if workers use the same information in tax documents, they can face charges. “Although IRCA expressly regulates the use of I–9’s and documents appended to that form, no provision of IRCA directly addresses the use of other documents, such as federal and state tax-withholding forms, that an employee may complete upon beginning a new job,” Justice Samuel Alito wrote in the court’s opinion, which was joined by fellow conservatives Clarence Thomas, John Roberts, Neil Gorsuch, and Brett Kavanaugh. The IRCA also prohibits state or local charges or civil cases against “those who employ, or recruit or refer for a fee for employment, unauthorized aliens,” but Alito noted that this “makes no mention of state or local laws that impose criminal or civil sanctions on employees or applicants for employment.” In the case of Kansas v. Garcia, three immigrants who are in the U.S. illegally used someone else’s Social Security number on their I-9 forms, as well as on tax-withholding forms. They argued that state prosecutors improperly used information from their I-9 forms. The state dropped charges that relied on those forms and agreed not to use them during their trials, while claiming that the law does not prevent them from using their use of false Social Security numbers on tax documents. All three were convicted, and all three convictions were upheld by the Kansas Court of Appeals before the Kansas Supreme Court reversed the decisions. The Kansas Supreme Court ruled that charges were improper because “[t]he fact that this information was included in the W–4 and K–4 did not alter the fact that it was also part of the I–9.” Alito found this logic to be faulty, claiming that it was overly restrictive. “Taken at face value, this theory would mean that no information placed on an I–9— including an employee’s name, residence address, date of birth, telephone number, and e-mail address—could ever be used by any entity or person for any reason,” he wrote. Alito noted that the defense used a broader interpretation of the law, claiming that it preempts state or local laws “relating to the federal employment verification system.” He noted that this approach still fails because while tax-withholding forms may typically be completed at the same time as I-9 forms, they have nothing to do with employment verification and “serve entirely different functions.” Justice Stephen Breyer authored an opinion that agreed with Alito that IRCA does not “expressly” preempt state criminal laws in this case…

Even though it was walking a very fine, hyper-technical line, the majority opinion was exactly right here.  So, we applaud this decision which is a clear victory for the rule of law, and for our national security with respect to the illegal alien crisis we’re experiencing.  Excellent!!    🙂

Hackers are going after your online bank account, report says

Banking and finance sites have the greatest risk for getting hacked, a new report says. The worst vulnerabilities were found in banking and finance web applications tested by Positive Technologies, a firm that provides Internet security products for businesses. “Greater complexity results in more opportunities” for hackers, according to the Positive Technologies report, which said banking applications are some of the most complex. The hackers primary target is the average user. “The number-one threat is attacks that target web application users,” the report said. A whopping 87 percent of banking web applications tested by Positive Technologies were susceptible to these attacks. Government app users are also big targets because they tend to be less security-savvy, making them easy victims, the report said. “We gained access to personal data of 20 percent of the applications that process user information, including bank and government websites,” the report added. The most common vulnerability was Cross-Site Scripting, which allows attackers to perform phishing attacks, which can result in malware infection. In a phishing attack, the hacker sends, for instance, an email pretending to be a trusted entity like a bank or major shopping site, hoping to dupe you into clicking on the malicious link. Denial of service (DOS) attacks – which block access to a web site or service – are common. In 75 percent of e-commerce web applications, there are vulnerabilities enabling DoS attacks, Positive Technologies said. “Denial of service is especially threatening…High-profile e-commerce web applications receive large amounts of daily visits, increasing the motivation for attackers to find vulnerabilities to turn against users,” the report said. In separate report released earlier this month, Positive Technologies said employees are often the gateway for attacks. An alarmingly high percentage of employees download malicious files, click phishing links, and even correspond with hackers, the report said. Positive Technologies testers pretended to be hackers by sending emails to employees with links to websites or forms that required password entry, the report said. Of the 3,332 messages sent, 17 percent of these messages would have led to a compromise of the employee’s computer, and possibly, the entire company. The most effective method was to send an email with a phishing link. In that case, 27 percent of recipients clicked on the link. “Users often glance over or ignore the address, leaving them unaware that they are visiting a fake website,” the report said.

Equifax Given Huge IRS Fraud-Prevention Contract Following Massive Security Breach

The Internal Revenue Service (IRS) has awarded Equifax a $7.25 million fraud-prevention contract following the company’s massive security breach which affected over 140 million consumers. According to Politico, “The IRS will pay Equifax $7.25 million to verify taxpayer identities and help prevent fraud under a no-bid contract issued last week.” “The credit agency will ‘verify taxpayer identity’ and ‘assist in ongoing identity verification and validations’ at the IRS, according to the award,” Politico’s reported. “The notice describes the contract as a ‘sole source order,’ meaning Equifax is the only company deemed capable of providing the service. It says the order was issued to prevent a lapse in identity checks while officials resolve a dispute over a separate contract.” In September, it was reported that Equifax had been the victim of a large cyberattack, which potentially left over 140 million consumers’ personal information vulnerable. Following the attack, Equifax blamed the attack on a single employee who failed to implement a patch. However, according to Tech Crunch, “a patch for that vulnerability had been available for months before the breach occurred.” The company faced further controversy following the discovery that Equifax’s Terms of Service included a clause in their security assistance website which barred consumers from being able to sue the company before they removed it following consumer backlash. It was also revealed that the company had been encouraging consumers to visit the wrong security website, a fake, which could have easily been used as a phishing scam and taken more information.

Wow..   Be afraid..

Illegal Alien Sentenced for Stealing Identities to Collect $800K in Tax Refunds

An illegal alien living in the sanctuary city of Philadelphia, Pennsylvania, was sentenced for stealing Americans’ identities to collect more than $800,000 in tax refunds. Abdou Koudos Adissa, an illegal alien from the Republic of Benin, was sentenced to four years in federal prison for his part in a tax fraud scheme, the Department of Justice (DOJ) announced. According to court records, Adissa was convicted of conspiring to commit access device fraud in March for his involvement in the tax scheme that ran from February to June 2014. During that time, Adissa was a part of a group that stole Americans’ identities to file tax returns with the Internal Revenue Service. Adissa’s co-conspirators filed the fraudulent tax returns, stealing more than $800,000 in refunds which was then deposited onto Green Dot pre-paid debit accounts. That money was eventually sent to Nigeria through Western Union. When federal officials raided Adissa’s apartment in Philadelphia, they found 106 of the Green Dot cards. The illegal alien registered all the debit cards using stolen American IDs before giving co-conspirators the cards’ direct deposit information so they would be able to direct the fraudulent tax refunds to the cards. Adissa called Western Union some 63 times to transfer the stolen $800,000 to Nigeria. Following Adissa’s release from federal prison, he will be handed over to the Immigration and Customs Enforcement (ICE) agency for deportation.

Identity theft is a HUGE problem in our country.  And, we find that Nigeria seems to be associated with a lot of these stories.  Just glad this illegal alien piece of garbage was caught.  He’ll do some time in prison, as well he should, before being deported.

‘Dear valid LinkedIn user’: Don’t fall for this phishing scam

Another day, another phishing scam. LinkedIn, which hasn’t always had the best security to begin with, may be the delivery method for a curious email message that’s been going around. Like most phishing attempts, it claims to represent a popular social media site and asks for login information. Unlike other scams, though, the link it provides doesn’t actually go anywhere (it may have been removed by LinkedIn). It’s not clear whether the scam’s goal is to steal your login credentials, infect your system with malware or lure you into paying for useless tech support , making the threat pretty mild — for now. A staffer at Tom’s Guide received an email message entitled “Important User Alert” from “linkedIn.customerservices.us1@fsr.net”. Even casual users will notice right away that this is not a legitimate LinkedIn email address. Rather, FSR is a Moscow, Idaho-based Internet provider, not really notable for anything other than the fact that it’s decidedly not LinkedIn. The “LinkedIn” username is pure fabrication. “Dear Valid LinkedIn User,” the e-mail begins, and this should be your second tip-off that the message is a scam. The real LinkedIn is aware of your real name and can address messages to you personally. The email continues with errant capitalization on “Important Message” and questionable grammar: “Our system indicates your account signed-on from different IP recently, do not panic, this happens mostly when your ISP provider changes the IP without your knowledge, but we advise you kindly follow up by Updating to the system to enable auto unflag,” and so on, and so forth, in an incredibly grating run-on sentence. One need not be very internet-savvy to presume that LinkedIn employs better copywriters than this. The email warns that users could lose their LinkedIn privileges unless they click on a suspicious link, but that’s where two unusual things happen. First off, the URL appears to lead to an actual LinkedIn address, complete with the site’s secured HTTPS server. Second, there’s nothing there. The site is completely blank and thus, for the moment, apparently harmless. Generally speaking, links like this lead to shady copies of legitimate websites that ask for, then catalog, usernames and passwords. There are a few possibilities for why there’s nothing at the URL. The site could simply be unfinished, but it’s possible that the scammers sent out an incorrect link (they would hardly be the first cybercriminals dumb enough to do so). The fact that the page appears to be hosted on the real LinkedIn website is also interesting, but not necessarily shocking; users can create their own blog posts and pages, so it would not take a very daring criminal to make a malicious LinkedIn page. It’s eminently possible that LinkedIn, now owned by Microsoft, already discovered the page and shut it down. The lesson here is the same as always: Don’t click on links in strange emails, and make sure to verify sender addresses in incoming messages to ensure you don’t wind up giving away your login information to scammers. The page doesn’t work this time, but there are much smarter tricksters out there.

Indeed..