Let us dive right back into National Cybersecurity Awareness Month, 2024 Edition.
Follow this logic:
We are currently in the closing months of hurricane season. This year, we have experienced a devastating storm. Another is forming and potentially on the way. Many have been eager to help from presidential candidates and big-name businesspeople to religious, neighborhood and brother and sisterhood organizations.
Katrina was only the beginning. With every natural disaster since, we have seen these scams come immediately to the fore. Either by pretending to be reputable organizations or up-and-coming relief agencies, the scammers emerge from the woodwork eager to appeal to your best intentions and help themselves to your goodwill and your money. “Have you downloaded our app?”
Apps are now ubiquitous in our modern life. Temu, TikTok, SHEIN, ChatGPT, Instagram barely scratch the surface. There have been over 100 malicious and/or insecure apps identified on the Google Play store this year. The numbers are similar for dangerous iOS apps in the Apple App Store.
The wide adoption of apps has allowed bad actors to easily move from the fringes and dark recesses of computing society right into our devices. The promise of a reliable weather report, an easy-to-use picture editor or finance manager make many a heart flutter. With the ease of installation and approval of all those permissions, we are off to the races.
The app that helps you manage your finances frequently needs access to your banking information and your credit card, usually with the purpose of finding forgotten subscriptions... So, too, does that app that allows you to round up change from other purchases as a donation. What about the app that makes you sound like a cartoon character? That one records your voice. All these apps have “hooks” that allow them to take this data and easily exfiltrate for use against you, and your Contacts.
Now, tying in last week's story we introduce “Grandparent Scams.” These ruses are crafted to force one to make rash decisions based upon urgency and an emotional situation. “Dad, call me back!” A returned call produced a police “authority.” The authority demanded money for bail OR ELSE, the “Urgency.”
We have just outlined a basic framework currently being used to turn an act of charity into a series of attack vectors against you. There are countless other interactions that include stealing your credentials, personal info and scraping data from other insecure apps for upload and sale on the Dark Web. How can you protect yourself?
If you find yourself in this situation, reach out to the person in trouble via known good lines of communication. Text them, Call them. Find out if they are in trouble. Most importantly, take the time to think. My initial tip off was my brother calls my father “Pop.”
The takeaway concerning apps is to be selective about the information you are willing to share, with whom and the real need for an app. Apps frequently ask for all permissions possible. Stop! Do they really need them all? Why does this app need my Contacts? Why does this other app need my location? Do I really need to supply all this financial information?
Lastly, investigate and research the charities to whom you donate. How much of the money goes to the ones in need? Are they listed as 501c3 charities? What does that mean? (https://www.501c3.org/what-is-a-501c3/)
Please feel free to share your experiences or ask any questions. I will be happy to include them in next week’s edition.
Resources:
https://www.cbsnews.com/news/scammers-ai-mimic-voices-loved-ones-in-distress/
https://www.malwarebytes.com/blog/news/2024/01/ai-used-to-fake-voices-of-loved-ones-in-ive-been-in-an-accident-scams