Squid humor.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Read More

This is a current list of where and when I am scheduled to speak:

I’m appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28.
I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024. The event will also be available via Zoom.
I’m speaking at the TEDxBillings Democracy Event in Billings, Montana, USA, on July 19, 2024.

The list is maintained on this page.

Read More

By now you’ve probably heard of the term “phishing”—when scammers try to fool you into revealing your personal info or sending money, usually via email — but what about “vishing”? Vishing, or voice phishing, is basically the same practice, but done by phone.

There are a few reasons why it’s important for you to know about vishing. First off, voice phishing scams are prevalent and growing. A common example around tax season is the IRS scam, where fraudsters make threatening calls to taxpayers pretending to be IRS agents and demanding money for back taxes. Another popular example is the phony tech support scam, in which a scammer calls you claiming that they represent a security provider.

The scammers might say they’ve noticed a problem with your computer or device and want money to fix the problem, or even request direct access to your machine. They might also ask you to download software to do a “security scan” just so they can get you to install a piece of malware that steals your personal info. They might even try to sell you a worthless computer warranty or offer a phony refund.

These kinds of attacks can be very persuasive because the scammers employ “social engineering” techniques. This involves plays on emotion, urgency, authority, and even sometimes threats. The end result, scammers manipulate their victims into doing something for fraudulent purposes. Because scammers can reach you at any time on your most private device, your smartphone, it can feel more direct and personal.

Vishing scams don’t always require a phone call from a real person. Often, scammers use a generic or targeted recording, claiming to be from your bank or credit union. For instance, they might ask you to enter your bank account number or other personal details, which opens you up to identity theft.

Increasingly, scammers use AI tools in voice cloning attacks. With readily available voice cloning apps, scammers can replicate someone else’s voice with remarkable accuracy. While initially developed for benign purposes such as voice assistants and entertainment, scammers now use voice cloning tools to exploit unsuspecting victims.

The incoming number might even appear to have come from your bank, thanks to a trick called “caller ID spoofing,” which allows scammers to fake the origin of the call. They can do this by using Voice over Internet Protocol (VoIP) technology, which connects calls over the internet instead of traditional phone circuits, allowing them to easily assign incoming phone numbers.

Don’t risk losing your money or valuable personal info to these scams. Here’s how to avoid vishing attacks:

If you receive a phone call from either a person or a recording requesting passwords, personal info, or money, just hang up.
Be skeptical of the caller ID — even if a call appears to be coming from a legitimate business, it might be a spoofed ID.
If you think your bank might be calling you, but aren’t sure, hang up and call your bank back directly to confirm any potential issues. If you know it was a scam call purportedly coming from your bank, call your bank immediately to make them aware of the problem.
When it comes to tech support, know that a trustworthy internet security provider like McAfee will never call you out of the blue, requesting money, info, or access to your devices.
Register your mobile phone number, as well as your home phone, on the “do not call” registry to reduce your exposure.
Limit your exposure further by removing your personal info from risky data broker sites with our Personal Data Cleanup service.
Establish a unique safe word with loved ones to beat back voice clone attacks. In the case of an unusual call or message, use this safe word to verify each other’s identity. Avoid using easily guessable phrases and periodically change the safe word for added security.

The post How to Avoid Being Phished by Your Phone appeared first on McAfee Blog.

Read More

Governments should “police the content rather than the technology used to create it,” Matthew Feeney from the Centre for Policy Studies argued in a new paper

Read More