With the end of the year holidays quickly approaching, now is a great time to remember how important it is to be hyper-vigilant about the websites you visit, the emails you open, the links you click and the attachments you open. The reason this is especially true at this time of year is because, in general, people are busier, more distracted, and online for longer periods of time which puts them at greater risk.
This post discusses some recent scams and security items you should be aware of, like issues with Twitter, student loan forgiveness scams and a safer way to browse the internet.
Security Alerts: Twitter, Student Loan Forgiveness & Safer Web Browsing
The examples below are included because they include items that are changing quickly and the more you know about them, the more likely you will be to protect your privacy and data.
You may have heard about the recent changes being implemented at Twitter. One major change was forcing/allowing users to pay for the blue check verification label that can be associated with accounts. The origin of the blue check was to let other users know that a celebrity, journalist, or otherwise famous person was indeed who they claimed to be. The blue check "verified" the account belonged to the actual person so other users could tell the original person from an imposter.
Turning the blue check into something where users could circumvent the vetting process and have the blue check that before signaled user "verification" is dangerous because it means people can be misled. This allowed anyone to pretend to be journalists, business representatives, members of congress, and much more. Unfortunately, in this example, this is exactly what happened and the platform was flooded with so many imposters it promptly removed the feature.
Aside from the type of changes rolling out, an important aspect about the changes is that some of these change are happening without going through the normal rigorous testing processes. These tests check for security flaws, bugs and much more and when skipped, can end up disastrous, much the way the recent blue checks did.
This is probably not the last change Twitter will see in the coming months. Being aware of what changes are happening can help you be more aware of potential pitfalls introduced by the changes. As with any platform, it is always good to verify content in more than one place.
Student loan forgiveness
Currently the federal student loan forgiveness program has been put on hold and applications are not being accepted by the government. Unfortunately, having the potential to save money is a great motivator and hackers are fully aware of this and will most definitely use this story to their favor.
This means there will be an uptick in phishing schemes related to the loan forgiveness program. These scams may come in the following forms:
- Prentending to be updates on a submitted application with malicious links in the email.
- Emails with inaccurate information, such as telling users the program has been re-instated and they can "apply here" with links sending them to an illegitimate form. The purpose of these types of attacks are to gain access to user's private information.
- Phishing emails urging users to add their name to a "wait list", even though the government program is on hold, and there is currently no wait list or way to apply.
This list is by no means exhaustive, but it does give you examples of what to look out for and shows the different ways people may try to gain unauthorized access to your data. If you receive something about the loan forgiveness program and have applied or intend to, just be sure the information is legitimate.
When you visit web pages on the internet or use apps on a smart phone you are often prompted with a security warning asking if it is okay to track your usage, your data, your location, etc. This allows the user to deny having an application track their location when they are using it, which often times is not necessary for the app to properly run.
Unfortunately, sometimes, as was the case with Google, opting out did not mean your location data stopped being collected. Google recently agreed to a $391.5 million dollar settlement with 40 states in the U.S. This settlement came after an investigation, spurred by a 2018 article, which centered around Google tracking people's location data even after they opted out of this feature. In essence, people who chose not to have their location tracked, and specifically denied an app access to do this, had their wishes ignored as Google continued to track this data calling it "location history".
Google stated this practice was phased out years ago, but the fact that it existed at all is alarming. The National Cybersecurity Alliance has a ton of resources you can browse to help keep your information and privacy secure. One of their recommendations is to use a different search engine, one that values your privacy. There are several anonymous search engines, one of the most prevalent being DuckDuckGo. DuckDuckGo can be assigned your default search engine in any browser and works seamlessly with the browser in addition to being installed as an app on a smart phone.
New scams, phishing attacks and other threats will continue to be introduced. However, the more aware you are of what kind of attacks are happening, the more likely you are to avoid falling for them. This increases your odds of protecting your data and is one small step you can take to protect your privacy and data.
As always, investing a small amount of time to be aware of your surroundings, including your digital surroundings, pays off.