The growing number of internet crimes targeting senior adults is mind-blowing. 

In 2021, more than 92,000 people over the age of 60 reported losses of $1.7 billion, according to IC3, the FBI’s Internet Crime division. That number reflects a 74 percent increase in losses from 2020.  

These numbers tell us a few things. They tell us that scamming the elderly is a multi-billion-dollar business for cybercriminals. It also tells us that regardless of how shoddy or obvious online scams may appear to anyone outside the senior community, they are working. 

However, information is power. Senior adults can protect their hard-earned retirement funds and government benefits by staying informed, adopting new behaviors, and putting tools in place designed to stop scammers in their tracks. And, when possible, family, friends, and caregivers can help. 

The FBI said confidence fraud and romance scams netted over $281 million in losses.  

The top four types of scams targeting seniors: Romance scams (confidence scams), fake online shopping, false utility representatives, and government agent imposters. Here’s how to make a few shifts to mindset and your daily routine and steer clear of digital deception.   

5 Safeguards to Protect Your Retirement 

Stop. Don’t share. Often phone or internet scams targeting seniors carry distinctive emotional triggers of elation (you won), fear (you owe), or empathy (please help). For instance, a phony source might urge: “You must send admin fees immediately to access your sweepstake winnings.” Or “You must provide your social security number to stop this agency penalty.” FBI and Better Business Bureau fraud experts advise senior adults to stop and think before taking any action. Be aware of common phishing scams that include legitimate-looking email messages from a bank, federal agency, or service provider requesting you “verify” personal information. The number one rule: Never give out any personal information such as a Social Security number, bank account numbers, Medicare numbers, birthdate, maiden names, work history, or your address. 
Level up your security. Changing times call for new tools and new behaviors online. Consider adopting best practices such as installing McAfee security software, using strong passwords with Two-Factor Authentication (2FA), and knowing how to identify phishing and malware scams are fundamental components of digital literacy. For a deeper dive into cybersecurity best practices, read more.  
Discuss new scams. Scammers rapidly adjust their tactics to current events such as the pandemic, tax season, or an economic crisis to emotionally bait senior adults. If you are a senior adult, check out weekly consumer alerts from IC3 or AARP to stay on top of the types of scams you may encounter. If you are a relative or caregiver to a senior adult, stay informed, discuss these scams with your loved one, and explore other ways to help
Research all charities. Senior adults get daily calls, emails, or even Facebook messages trying to bilk them of their money. It’s essential to do your research. Before donating to a charity, you can consult Give.Org or Charity Navigator to verify the request is legitimate. 
Report all scams and scam attempts. If you’ve been a victim of an online scam or even targeted unsuccessfully, report the incident immediately. Any consumer can report online scams at the FBI’s IC3 website. Credit, debit, or bank account fraud should be immediately reported to your bank.   

Just as the seasons change in our lives, so too must our behaviors when connecting to people and information via our devices. Cybercriminals target older people because they assume they aren’t as informed about schemes or technically savvy as younger people. Senior adults and their loved ones can work daily to change that narrative. With the right mindset, information, and tools, seniors can connect online with confidence and enjoy their golden years without worrying about digital deception.  

The post Seniors: How to Keep Your Retirement Safe from Online Scams appeared first on McAfee Blog.

Read More

Researchers have demonstrated controlling touchscreens at a distance, at least in a laboratory setting:

The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device.

The attack, which works from a distance of up to 40mm, hinges on the fact that capacitive touchscreens are sensitive to EMI, leveraging it to inject electromagnetic signals into transparent electrodes that are built into the touchscreen so as to register them as touch events.

The experimental setup involves an electrostatic gun to generate a strong pulse signal that’s then sent to an antenna to transmit an electromagnetic field to the phone’s touchscreen, thereby causing the electrodes ­ which act as antennas themselves ­ to pick up the EMI.

Paper: “GhostTouch: Targeted Attacks on Touchscreens without Physical Touch“:

Abstract: Capacitive touchscreens have become the primary human-machine interface for personal devices such as smartphones and tablets. In this paper, we present GhostTouch, the first active contactless attack against capacitive touchscreens. GhostTouch uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it. By tuning the parameters of the electromagnetic signal and adjusting the antenna, we can inject two types of basic touch events, taps and swipes, into targeted locations of the touchscreen and control them to manipulate the underlying device. We successfully launch the GhostTouch attacks on nine smartphone models. We can inject targeted taps continuously with a standard deviation of as low as 14.6 x 19.2 pixels from the target area, a delay of less than 0.5s and a distance of up to 40mm. We show the real-world impact of the GhostTouch attacks in a few proof-of-concept scenarios, including answering an eavesdropping phone call, pressing the button, swiping up to unlock, and entering a password. Finally, we discuss potential hardware and software countermeasures to mitigate the attack.

Read More

 The 32nd edition of the annual security event RSA Conference (RSAC 2022) kicks off on June 6, allowing a fresh breed of security vendors to showcase their capabilities. Back to being an in-person event after going virtual last year because of the pandemic, RSAC 2022 has booked a formidable mix of security startup debuts, featuring technology and approaches to security that include devsecops, identity and access management (IAM), threat management, and cloud security.

To read this article in full, please click here

Read More

Leaked internal chats from the Conti ransomware gang suggests the group has been researching and developing code to compromise the Intel Management Engine (Intel ME), the out-of-band management functionality built into Intel chipsets. The goal of this technique is to install malicious code deep inside computer firmware where it cannot be blocked by operating systems and third-party endpoint security products.

Firmware implants are powerful and are usually used in high-value operations by state-sponsored hacker groups. However, over the past couple of years cybercriminal gangs have also shown an interest, with developers of the notorious TrickBot botnet adding an UEFI attack module in 2020. According to new research by security firm Eclypsium, the Conti ransomware group developed proof-of-concept code to exploit Intel ME firmware and gain code execution in System Management Mode, a highly privileged execution environment of the CPU.

To read this article in full, please click here

Read More