It seems that right now phone scam season is going strong! Last week I posted about some common scams targeting businesses. Those same scams are also targeting the general public, so please be on the lookout for them. In addition to those, here are some others that seem to be targeting primarily individuals and the general public. (more…)
Posts Tagged ‘social engineering’
More Phone Scams For the General Public
Thursday, March 20th, 2014Tags:awareness, compliance, cybercrooks, cybersecurity, data protection, IBM, Information Security, infosec, Keywords: phone scams, midmarket, non-compliance, personal information identifier, personal information item, phishing, PI, PII, policies, privacy, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, robocall, security, social engineering, surveillance, training
Posted in Uncategorized | No Comments »
Phone Scam Open Season – Business Risks
Friday, March 14th, 2014It seems that right now phone scam season is going strong! I got 2 calls last week from scammers. I got another scammer call during a meeting last night. Two of my LinkedIn contacts got calls in the past week that they asked me about. A local newspaper columnist got a call from a scammer. As folks are becoming more aware of phishing attempts via email and other types of malware, they are also becoming more lax about spotting phone scams, often stating the belief that most crooks are using online phishing scams instead of any other type of rip-off. (more…)
Tags:awareness, compliance, cybercrooks, cybersecurity, data protection, IBM, Information Security, infosec, Keywords: phone scams, midmarket, non-compliance, personal information identifier, personal information item, phishing, PI, PII, policies, privacy, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, robocall, security, social engineering, surveillance, training
Posted in Uncategorized | 1 Comment »
Cybercriminals Just Came A Callin’ At My House
Friday, July 8th, 2011I just got off a 30-minute call that came unsolicited from a young-sounding man with a very thick Indian accent who, when I asked him his name, said it was Jason Anderson (doesn’t sound like an authentic name of someone from India). He told me he was calling me because there had been a lot of complaints in my area about malicious code damaging operating system software and he wanted to be sure my operating system was not impacted. (more…)
Tags:cybercrime, cybercriminals, Information Security, phone fraud, scams, social engineering
Posted in Information Security, Miscellaneous, Uncategorized | 11 Comments »
Crooks Don’t Need to Steal SSNs If They Can Create Valid SSNs Themselves
Friday, July 10th, 2009I’ve had some very interesting discussions about the CMU SSN study throughout the week, and, before moving on to other topics next week, I wanted to wrap up the week and discussion with some final thoughts on the CMU SSN topic..
Tags:awareness and training, Carnegie Mellon, CMU, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training, social engineering, social security number, SSN
Posted in Information Security, Privacy and Compliance | No Comments »
Implications Of The CMU SSN Study: What Business Leaders Need To Understand
Wednesday, July 8th, 2009Following the release of the CMU SNN report on Monday, I’ve had some very interesting discussions with privacy and information security folks, and I’ve been pretty amazed at some of the reactions to the study.
I also posted about this to one of the GRC mailing lists I participate in, and I got some questions asking me for my thoughts about some specific issues. I wanted to share those thoughts here as well…
Tags:awareness and training, Carnegie Mellon, CMU, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training, social engineering, social security number, SSN
Posted in Information Security, Privacy and Compliance | No Comments »
Missouri Dept of Revenue Sued (Under DPPA) For Releasing PII That Was Posted for Sale on the Internet
Monday, August 11th, 2008It used to be very common for various state and local government agencies, such as the Department of Motor Vehicles, to sell their records, containing vasts amounts of personally identifiable information (PII), as a revenue stream. That changed when Rebecca Schaeffer’s stalker killed her in 1989 after paying $250 to get her address, and other PII on file, from the California Department of Motor Vehicles.
After this horrible, tragic demonstration of how very bad things can happen when people have full reign to get access to PII, states started enacting drivers protection acts to keep the PII the agencies had on file from being accessed in such egregiously irresponsible ways. Finally, a U.S. federal law, the Drivers Privacy Protection Act (DPPA) was enacted to help protect the PII in drivers’ records.
So, I found the following inappropriate release from a state agency to be very interesting…
Tags:awareness and training, DPPA, Information Security, IT compliance, IT training, Missouri Department of Revenue, policies and procedures, privacy training, publicdata.com, risk management, security training, Shadowsoft, social engineering
Posted in government, Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Social Engineering Suckers Security Sages
Friday, August 8th, 2008Yesterday at Black Hat a couple of the presenters, Shawn Moyer and Nathan Hamiel, reportedly discussed their experiment that revealed how easily they got some prominent Chief Information Security Officers (CISOs) to fall for a social engineering scam played out using social networking sites.
Here’s a short excerpt…
Tags:awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training, social engineering
Posted in Information Security, Training & awareness | No Comments »
Social Engineering, Ethics, and Why You Should Never Put Anything Online That You Don’t Want Others To See
Thursday, August 7th, 2008Okay, now here’s an example of how people will take information you’ve given them, under false pretenses, just because they can, and post it for the world to see, with no regrets about how it hurts other people.
Tags:Andrew Aguecheek, awareness and training, Craigslist, Information Security, IT compliance, IT training, Jason Fortuny, policies and procedures, privacy training, risk management, security training, social engineering
Posted in Miscellaneous, Privacy Incidents | 3 Comments »
Social Engineering Rescues Long-Time Hostages
Saturday, July 5th, 2008Yesterday it was widely reported that 15 hostages held by Colombia’s Marxist guerrillas for as long as 6 years were freed after some very brave and daring commandos posed as being part of the guerrilla group.
The news reports described it as a stunning rescue, and it definitely was that; quite stunning!
As we watched the numerous news reports about it, I spoke with my boys about the tactics they used to get the hostages freed.
Recently I’ve been creating social engineering training content along with a social engineering awareness assessment tool, and something I found remarkable about the rescue was how it used social engineering to its full affect to rescue the hostages.
Some of the tactics in this situation included:
Tags:awareness and training, FARC, Information Security, IT compliance, policies and procedures, privacy training, risk management, security training, social engineering
Posted in Miscellaneous | No Comments »
Social Engineering Schemes Increase: Great Case Study From An Actual Event
Tuesday, January 22nd, 2008Last month I finished the second issue of my Protecting Information publication and the topic couldn’t be more timely: social engineering.
Just today I have already read in my daily news items 5 articles about social engineering! One in particular, “CUNA Mutual Warns on Costly HELOC Scam,” provides not only a great example of a current social engineering scam, but it would also make a great case study for social engineering training and within your awareness communications and activities. Here’s a quick overview…
Tags:awareness and training, CUNA Mutual, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy, privacy policy, risk management, security awareness, security training, social engineering
Posted in Information Security, Privacy and Compliance, Privacy Incidents | No Comments »