Online Music Streaming Service Breach Impacts Billions

Online Music Streaming Service Breach Impacts Billions

Our security teams have recently discovered that a former deezer.com partner experienced a data breach in 2019 that has impacted 257 billion users. Deezer is a France-based music streaming platform. Leaked information includes users’ dates of birth, email addresses, genders, geographic locations, IP addresses, names, spoken languages and/or surnames. The hacking dates back to mid-2019 when a Deezer third-party fell victim to a breach exposing user data, which was then sold on a popular hacking forum.

The hacker claimed that the data breach affects users in the United States, the United Kingdom, Brazil, Columbia, France, Germany, Guatemala, Italy, Mexico and Turkey.

Other music streaming platforms, such as Spotify, have suffered data leaks in recent years. In December 2020, Spotify confirmed that an incident may have affected over 300,000 users’ email addresses, display names, passwords, genders and dates of birth.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo by Uriel SC via Unsplash.com.

Bogus COVID Vaccine Survey

Bogus COVID Vaccine Survey

As millions of Americans are being vaccinated against COVID-19, scammers are working hard to steal their money and personal information through bogus COVID vaccination surveys. This can be confusing especially since there is a ‘v-safe’ after vaccination health checker that you are asked to download at the vaccination site after your first dose. V-safe is a legitimate app, which is a smart-phone based tool that uses text messaging and web surveys to provide personalized health check-ins after you receive a COVID-19 vaccination. Literature from v-safe says, “Through v-safe, you can quickly tell CDC if you have any side effects after getting the COVID-19 vaccine. Depending on your answers, someone from CDC may call to check on you. And v-safe will remind you to get your second vaccine dose if you need one.” For more information, visit https://vsafe.cdc.gov/en/.

 

Although v-safe is safe and legitimate, scammers have developed a new trick to steal. It doesn’t matter if the vaccine received was Pfizer, Moderna or AstraZeneca, people all across the country are being asked to complete a one-time survey in exchange for a free reward but one that requires the victim to pay shipping fees. According to the Federal Trade Commission, “No legitimate surveys ask for your credit card or bank account number to pay for a ‘free’ reward.”

 

What should you do if you receive an email or text you’re not sure about?

– In order to prevent malware that steals your personal information, don’t click on any links or open attachments.

– Don’t call or use the number in the email or text. The first thing you can do is run a search of the company that supposedly sent the message by looking up their phone number online.

– Don’t give out any bank information, credit card or other personal information to any organization that contacts you out of the blue.

– Consider adding a filter to prevent unwanted text messages on your phone by contacting your wireless provider and/or utilizing a call-blocking app.

 

Be vigilant. Be strong. If you have any concerns or think you have been a victim of a COVID vaccination scam, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.GUARD (4827).

 

Photo by National Cancer Institute on Unsplash.com

Zoombombing … the New Social Distancing Phenomenon

Zoombombing … the New Social Distancing Phenomenon

Video calls have gone from a novelty to a necessity practically overnight. The term ‘social distancing’ and the app, Zoom, have both become household names as millions of people are being forced to stay home to help stop the spread of COVID-19. The desire to stay connected with our loved ones and friends during this difficult time has sparked creative ways to virtually stay social through video birthday parties, happy hours, trivia nights, yoga sessions, and even weddings. CNBC reported this week that “the [Zoom] app has been the top free app for iPhones in the United States since March 18 … daily users spiked to 200 million in March, up from 10 million in December.”

 

Before the COVID-19 pandemic, Zoom, a privately-held company headquartered in San Jose, CA, was used mostly for web conferencing webinars. Now it is being used by 90,000 schools across 20 countries. But, there are online security issues with the app and school districts have started to ban Zoom because of them. Why? Because of ‘Zoombombing,’ a phenomenon where uninvited guests (pranksters) join Zoom calls and broadcast porn or shock videos. How? Due to Zoom’s default settings, which don’t require a password to set a meeting and allow any participant to share their screen. Most Zoom meetings have a public link that, if clicked, allow anyone to join.

 

The Verge just reported that “Zoom adjusted their default settings for education accounts last week in an effort to increase security and privacy for meetings.” They also noted, “For everyone else, you’ll need to tweak your Zoom settings to ensure this never happens.” The process isn’t very simple…

 

If you schedule a meeting from the web interface, you won’t see the option to disable screen sharing. Instead:

 – Click on “Settings” in the left-hand menu

– Scroll down to “Screen Sharing” and under “Who Can Share?” click “Host Only”

– Click on “Save”

 

If you forget to change the setting before you start your meeting, there’s a way to modify your settings after it starts:

 – Once your Zoom meeting is running, click the caret to the right of the green “Share Screen” button in the center of the bottom row of icons

– Click “Advanced Sharing Options”

– A dialog box will pop up allowing you to switch screen sharing availability from all participants to the “Only Host”


Yes, these are very confusing times. Stay strong and please don’t hesitate to reach out if you need help. We are available 24/7/365 for you and your family members at 888.966.GUARD (4827) and [email protected].

 

 

 

Working from Home Cybersecurity Tips

Working from Home Cybersecurity Tips

Coronavirus has forced millions of Americans to work remotely from their homes. Although working from home helps with social (physical) distancing by preventing the spread of COVID-19, there are many new challenges that have come with teleworking. For example, many states have closed schools for weeks, and for some, the entire rest of the school year. Parents may be juggling work while their children are learning remotely. You may find yourself becoming an expert with practicing mindfulness along with new software and conferencing programs, such as Zoom and GoToMeetings (or if you aren’t, your children blessedly are).

 

As we are being forced to slow down the pace of everyday life, we recognize that a lot of good can come out of this time. But, on the other side of the coin, there is the growing opportunity for cybercriminals to trick us into forking over passwords during this learning transitional period. Reuters reported last week that “some researchers have found hackers masquerading as the U.S. Centers for Disease Control and Prevention in a bid to break into emails or swindle users out of bitcoin, while others have spotted hackers using a malicious virus-themed app to hijack Android phones.” Our blogs last week provided some details on these new scams.

 

The Federal Trade Commission (FTC) has some tips to help protect your devices and personal information while working from home:

Start with cybersecurity basics. Keep your security software up-to-date. Use passwords on all your devices and apps. Make sure the passwords are long, strong and unique. The FTC suggests using at least 12 characters that are a mix of numbers, symbols and capital and lowercase letters.

Secure your home network by starting with your router. Turn on encryption (WPA2 or WPA3), which scrambles information sent over your network so outsiders can’t read it. If no WPA2 or WPA3 options are available with your current router, considering replacing your router altogether.

Keep an eye on your laptop and make sure it is password-protected, locked when you aren’t using it and secure. We suggest that it is never unattended, such as out in plain sight in a vehicle. Even if your doors are locked, windows can easily be broken.

Securely store your physical files. Strong physical security is an important part of cybersecurity. If you don’t have a file cabinet at home that is lockable, consider using a locked room. Read this blog by the FTC to learn more tips about physical security.

Dispose of sensitive data securely. Invest in a shredder if you don’t already have one. Throwing paperwork you no longer need in the garbage or recycling bin can be a treasure for a pirate especially if it includes personal information about customers, vendors or employees.

Follow your employer’s security practices. Since your home is now an extension of your office, make sure that you understand the protocols that your employer has implemented.

 

Be smart. Be vigilant. Be strong. Please don’t hesitate to reach out if you need help. We are available 24/7/365 for you and your family members at 888,966.GUARD (4827) and [email protected].

.

And More Coronavirus Scams …

And More Coronavirus Scams …

We are monitoring updates surrounding the coronavirus (COVID-19) pandemic around the clock. This environment is a breeding ground for scams to take advantage of you and your identity. Rest assured that we are here to help and will communicate with you every step of the way.

 

The following is the latest information that we know of regarding coronavirus scams:

 

– The Federal Trade Commission (FTC) sent warning letters to seven sellers of scam coronavirus treatments. The FTC reported that “So far all of the companies have made big changes to their advertising to remove unsupported claims.” That is good news. But, scammers never take a break.

 

– Anyone can set up an e-commerce site and claim they have in-demand products. Be on the lookout for online ads that tout cleaning, household and health/medical supplies. Just because they have a website and you pay money doesn’t mean that you will receive any goods in return. The FTC suggests that you check out any seller by searching online for the person or company name, phone number and email address along with keywords such as “review,” “complaint” or “scam.”

 

– Anyone can also set up a fake charity to take advantage of a major health crisis. These scammers take advantage of your generosity and have names that are extremely close to the names of real charities. The FTC remarked that “Money lost to bogus charities means less donations to help those in need.” We suggest that you visit http://www.ftc.gov/charity to help you research charities. Also, if/when you do give, pay safely by credit card and never by gift card or wire transfer.

 

– As well, anyone can pretend to be someone you know. “Scammers use fake emails or texts to get you to share valuable personal information – like account numbers, Social Security numbers, or your login IDs and passwords.” If you accidentally click on a link, they can get access to your computer, network and/or install ransomware and other programs on your equipment that can lock you out. Please protect your smart phone and computer by keeping your software up to date and using multi-factor authentication. Backing up your data on a regular basis is also recommended.

 

– Surprisingly robocalls “pitching everything from scam coronavirus treatments to work-at-home schemes” are still in full force. Do not answer unless the call shows up as a contact in your phone. Let voicemail filter your messages. For more information on robocalls, visit https://www.consumer.ftc.gov/articles/0259-robocalls.

 

We understand that all of this is indeed nerve-wracking. One of the great things about our business is that we are always working in the moment … situations such as the coronavirus do not rattle our operations and team members. Not only do we have a team at a centralized location, but we have also always worked remotely. We will continue to be available for you 24 hours a day, 7 days a week, 365 days a year. We hope that this gives you some peace of mind knowing that we are on top of this crisis and will continue to communicate any dangerous scams related to the outbreak as soon as possible.

 

As always, please contact us immediately if you have any concerns at 888.966.GUARD (4827) or [email protected].

 

 

Do You Know What Alexa, Google and Siri Are Up To?

Do You Know What Alexa, Google and Siri Are Up To?

Not everyone has a smart speaker in their home or office, but most of us do have a smart phone. When setting up your device, you were likely asked whether or not you wanted to activate your assistant. Doing so doesn’t take very long … you say a few phrases when prompted so it can get to know your voice and that’s pretty much it … you officially have a virtual assistant. Have you ever wondered how your assistant actually works?

 

Virtual assistants, such as Amazon’s Alexa, Apple’s Siri and Google’s Assistant, use artificial intelligence (AI) to parse what is said or typed and then provide useful information back. Want to know something quickly without lifting a finger? Simply say a wakeword phrase such as, “Hey Siri,” or whatever your smart application is called, and ask away. You could say, “Who wrote Gone with the Wind?” or “What is 23.5 times 6?” or “Play I Can’t Get No Satisfaction.” When you talk to a smart phone or speaker, you know that your voice is being recorded and that there will be a result – sometimes it’s an answer, other times the correct action is taken or occasionally there may be an inquiry back to clarify the request. But, just as false starts happen in races, false positive recordings can be triggered by something as simple as someone zipping up their jeans because it sounds to Siri like the person’s muffled voice. If you have ever experienced Siri being accidentally activated during a time when not requested, you know that it can be a bit embarrassing … and a little unnerving.

 

If privacy is a big concern of yours, you might want to throw your smart speaker or device out the window. These instruments are indeed paying attention to us, but does this mean that they can listen and record all of the time? Amazon hopes so. A newly revealed patent application filed by the company is raising privacy concerns over an envisaged upgrade to the company’s smart speaker systems. This change would mean that, by default, the devices end up listening to and recording everything you say in their presence. The idea is similar to Apple’s live photos, where video is recorded before and after a user takes a picture. Since the application is being asked to do something for us, then we are basically acknowledging that our privacy isn’t desired at that point in time.

 

Amazon.com, Inc. employs thousands globally to help improve the Alexa digital assistant through its line of Echo speakers. Rene Ritchie explained in his latest blog (July 28, 2019) titled Why People Are Freaking Out Over Siri Privacy Right Now, that “the team listens to voice recordings captured in homes and offices. The recordings are transcribed, annotated and then fed back into the software as part of an effort to eliminate gaps in Alexa’s understanding of human speech and help it better respond to commands.” Ritchie remarked, “If Amazon does decide to use the tech in its products, it’s unclear whether customers would be able to opt out of the ‘always on’ recording.”

 

Ritchie continued on with detail about Amazon’s patent application. “While the patent application explains devices would record audio in 10 to 30 second increments and automatically delete unneeded clips, privacy experts say it is cause for concern because it demonstrates tech companies’ growing ability to surveil customers at all times and potentially misuse collected information.”

 

Let’s take a glance at another tech giant, Apple, who recently told The Guardian: “A small portion of Siri requests are analyzed to improve Siri and dictation. User requests are not associated with the user’s Apple ID. Siri responses are analyzed in secure facilities and all reviewers are under the obligation to adhere to Apple’s strict confidentiality requirements.” The company added that a very small random subset, less than 1% of daily Siri activations, are used for grading, like whether the request was intentional or a false positive that accidentally triggered Siri, or if the response was helpful. They added that those snippets used for grading are typically only a few seconds long.  But, what if those few seconds just happen to be you discussing a very private medical issue with your doctor or a very sensitive issue with a family member? How can you prevent being part of a company’s grading process? Currently, the only way to have peace of mind that a random stranger won’t listen in on your Apple device is to stop using Siri entirely.

 

Heidi Messer for The New York Times wrote that “consumers should not be so paranoid about privacy. “The right to absolute privacy no longer exists and excessive regulation of tech companies will only stifle innovation and prevent job creation.” Privacy in the digital age may not be completely deceased but it is hanging on by its fingernails. Just remember, when you agree to use these products, you’re often giving up much more than you think.