Author: admin

The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom. (The passcode is “L3954FrrEF”.)

Beautiful astronomical photo.

This has to be a first. Something from our blogs got made into a movie.

We’re talking about voice scams, the soundalike calls that rip people off. One such call sets the action in motion for a film released this weekend, “Thelma.”

The synopsis of the comedy reads like this …

“When 93-year-old Thelma Post gets duped by a phone scammer pretending to be her grandson, she sets out on a treacherous quest across the city to reclaim what was taken from her.”

What times we live in, where voice scams form the premise of a film. In fact, writer/director Josh Margolin based the film on a phone scam that targeted his grandmother (yet one that they were lucky to shut down.) With that, it gives us a reminder that voice scams like these occur, and occur often.

What are voice scams?

Voice scams have been around for some time. They play out like an email phishing attack, where scammers try to trick people into forking over sensitive info or money — just in voice form over the phone. The scammer poses as someone the victim knows, like a close family member.

Yet the arrival of AI has made voice scams far more convincing. Cheap and freely available AI voice cloning tools have flooded the online marketplace in the past couple of years. They’re all completely legal as well.

Some cloning tools come in the form of an app. Others offer cloning as a service, where people can create a clone on demand by uploading audio to a website. The point is, practically anyone can create a voice clone. They sound uncanny too. Practically like the real thing, and certainly real enough over the phone. And it only takes a small sample of the target’s voice to create one.

Our own labs found that just a few seconds of audio was enough to produce a clone with an 85% voice match to the original. That number bounced up to 95% when they trained the clone further on a small batch of audio pulled from videos.

How do voice scammers create voice clones?

As to how scammers get a hold of the files they need, they have a ready source. Social media. With videos harvested from public accounts on YouTube, Instagram, TikTok, and other platforms, scammers have little trouble creating clones — clones that say whatever a scammer wants. All it takes is a script.

That’s where the attack comes in. It typically starts with a distress call, just like in the movie.

For example, a grandparent gets an urgent message on the phone from their grandchild. They’re stuck in the middle of nowhere with a broken-down car. They’re in a hospital across the country with a major injury. Or they’re in jail overseas and need to get bailed out. In every case, the solution to the problem is simple. They need money. Fast.

Sure, it’s a scam. Yet in the heat of the moment, it all sounds terribly real. Real enough to act right away.

Fearing the worst and unable to confirm the situation with another family member, the grandparent shoots the money off as instructed. Right into the hands of a scammer. More often than not, that money is gone for good because the payment was made with a wire transfer or through gift cards. Sometimes, victims pay out in cash.

Enter the premise for the movie. Thelma gets voice-scammed for thousands, then zips across Los Angeles on her friend’s mobility scooter to get her money back from the voice scammers.

The reality is of course more chilling. According to the U.S. Federal Trade Commission (FTC), nearly a million people reported a case of imposter fraud in 2023. Total reported losses reached close to $2.7 billion. Although not tracked and reported themselves, voice clone attacks certainly figure into this overall mix.

Voice scams target everyone. Not just Thelma

Even as we focus on the character of Thelma, voice clone attacks target people of all ages. Parents have reported cases involving their children. And married couples have told of scams that impersonate their older in-laws.

Common to each of these attacks is one thing: fear. Something horrible has happened. Or is happening. Here, scammers look to pull an immediate emotional trigger. Put plainly, they want to scare their victim. And in that fear, they hope that the victim immediately pays up.

It’s an odds game. Plenty of attacks fail. A parent might be sitting at the dinner table with their child when a voice clone call strikes. Or a grandchild might indeed be out of town, yet traveling with their grandmother when the scammer gives her a ring.

Yet if even a handful of these attacks succeed, a scammer can quickly cash in. Consider one attack for hundreds, if not thousands, or dollars. Multiply that by five, ten, or a dozen or so times over, a few successful voice clone scams can rack up big returns.

How to protect your family from voice scams

Yet you can protect yourself from these attacks. A few steps can make it more difficult for scammers to target you. A few others can prevent you from getting scammed if a voice clone pops up on the other end of the phone.

Make it tougher for scammers to target you by:

Clear your name from data broker sites. How’d that scammer get your phone number anyway? Chances are, they pulled that info off a data broker site. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, in addition to third parties. Our Personal Data Cleanup scans some of the riskiest data broker sites, shows you which ones are selling your personal info, and helps you remove your data.

Set your social media accounts to private. Scammers sift through public social media profiles in search of info on their targets. In some cases, an account can provide them with everything they need to launch an attack. Family names, family interests, where the family goes for vacation, where family members work — and videos that they can use for cloning. By making your accounts private, you deny scammers the resources they require. Our Social Privacy Manager can do this for you across all your accounts in only a few clicks.

Prevent getting scammed by:

Recognize that voice clone attacks are a possibility. As we’re still in the relatively early days of AI tools, not everyone is aware that this kind of attack is possible. Keeping up to date on what AI can do and sharing that info with your family and friends can help them spot an attack. As we’ve reported here before, voice clones are only the start. Other imposter scams run on video calls where a scammer takes on someone else’s voice and looks. All in real-time.

Always question the source. In addition to voice cloning tools, scammers have other tools that can spoof phone numbers so that they look legitimate. Even if it’s a voicemail or text from a number you recognize, stop, pause, and think. Does that really sound like the person you think it is? Hang up and call the person directly or try to verify the info before responding.

Set a verbal codeword with kids, family members, or trusted close friends. Even in the most high-tech of attacks, a low-tech precaution can keep everyone safe. Have a codeword. Save it for emergencies. Make sure everyone uses it in messages and calls when they ask for help. Further, ensure that only you and those closest to you know what the codeword is. This is much like the codewords that banks and alarm companies use to help ensure that they’re speaking to the proper account holder. It’s a simple, powerful step. And a free one at that.

The post Thelma – The Real-Life Voice Scam That Made It into the Movies appeared first on McAfee Blog.

Sarah didn’t see it coming.

A single mom in her late 40s, “Sarah” was especially lonely after her divorce (name changed to protect her identity). Her teenager had convinced her to join a dating site, so she created a profile on a popular app. After a handful of dates fell flat, she found Scott (name also changed). He was charismatic, kind. “We had an instant connection,” according to Sarah.

They spent hours on the phone sharing their deepest secrets and even started imagining a future together. But after about three months, Scott fell on hard times. At first, he needed to borrow $400 to pay for airfare to visit a dying relative, which he paid back immediately. Over the next few months, the numbers grew to $1,000 for rent and $3,000 for a business venture.

Repayments for those loans never came, and before long, Sarah had loaned her new love over $8,500. When she pressed him for the money, Scott ghosted Sarah online, moved out of town, and she never saw him again. She didn’t share her story with many people. She didn’t report it. She was too embarrassed and humiliated and even became depressed following what she calls “the Scott scam.” Painfully, she lost her trust in others.

Sarah isn’t alone. In the U.S. alone, about 70,000 people reported a romance scam in 2022, according to the Federal Trade Commission (FTC). Reported losses hit $1.3 billion, with a median loss of $4,400. And with such statistics, those figures reflect only what was reported. How many other “Sarahs” in the U.S. got scammed and never reported it? How many worldwide?

That’s the pain of online dating and romance scams. Feelings of embarrassment and humiliation compound financial and emotional pain. After all, the victims were looking for love and companionship.

And that’s what scammers count on. Yet that shouldn’t stop you from a romance that springs online. With a strong heart and sharp eye, you can spot a scam and put an end to it before any damage gets done.

How do online dating and romance scams get started?  

Dating and romance scams can start in several ways. They might begin on dating apps and sites, just like in Sarah’s case. Yet they can happen elsewhere and even pop out of the blue too. Scammers prowl around on social media, texts, and online games by pinging potential victims with an unexpected introductory message — a sort of digital opening line. In fact, the FTC reports that 40% of online dating and romance scams began with a message on social media, versus only 19% on dating apps.

With the initial connection made, a chat begins, and a friendship (or more) blossoms from there. Along the way, the scammer will often rely on a mix of somewhat exotic yet believable storytelling to lure the victim in. Often, that will involve their job and where they’re working. Reports say that scammers will talk of being workers on an offshore oil rig, members of the military stationed overseas, doctors working alongside an international organization or working in the sort of jobs that prevent them from otherwise easily meeting up in person.

With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay:

• For a plane ticket or other travel expenses.
• For medical expenses.
• Customs fees to retrieve something.
• Gambling debts.
• A visa or other official travel documents.

The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help.

How scammers ask you to pay

People who have filed fraud reports say they’ve paid their scammer in a few typical ways.

One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. When it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge.

Another way is through gift cards. Scammers of all stripes like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, when that gift card is handed over, the money on it is highly difficult to recover, if at all.

One more common payment method is reloadable debit cards. A scammer might make an initial request for such a card and then make several follow-on requests to load it up again.

In all, a romance scammer typically looks for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch when the scam ends.

How to avoid getting stung by an online dating or romance scam

When it comes to meeting new people online, the FTC suggests the following:

• Never send money or gifts to someone you haven’t met in person — even if they send you money first.
• Talk to someone you trust about this new love interest. It can be easy to miss things that don’t add up. So pay attention if your friends or family are concerned.
• Take the relationship slowly. Ask questions and look for inconsistent answers.
• Try a reverse-image search of any profile pictures the person uses. If they’re linked with another name or with details that don’t match up, it’s a scam.

Scammers, although heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They might jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, remember that some scammers might be grifting several victims at once, which is yet another opportunity for them to get confused and slip up. Keep an eye out for that. Inconsistencies are the watermarks of a scam.

Lastly, take note that romance scammers have an entirely new set of tricks at their disposal. AI deepfakes. With inexpensive and readily available AI tools, scammers can make themselves look and sound like an entirely different person. All in real-time. As striking as that sounds, keep it in mind. Romance deepfakes now exist in the realm of possibility.

It once was that if a person didn’t want to hop on a voice chat, it might count as a sign of a scam. That’s no longer the case with deepfake technology in play. Even so, many of the same tried-and-true means of avoiding a romance scam still apply.

Protect yourself further from scams

1. Lock down your privacy on social media.

Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less info to exploit. Using our Social Privacy Manager can make that even easier. With only a few clicks, it can adjust more than 100 privacy settings across their social media accounts — making them more private as a result.

2. Google yourself, and then remove what you find.

Have you ever googled yourself online? You’ll find personal info like your date of birth, previous addresses, names of your children and their ages, your estimated income, and more. This info is collected by data brokers and available for sell to advertisers or worse — like scammers. Sophisticated scammers use this info to profile and exploit their victims further. A Personal Data Cleanup service can help you remove this kind of personal data from the web. ​

3. Say “no” to strangers bearing friend requests.

Be critical of the invitations you receive. Out-and-out strangers might be more than a romance scammer. They might front fake accounts designed to gather info on users for cybercrime, or they can be an account designed to spread false info. There are plenty of them too. In fact, in Q4 of 2023 alone, Facebook took action on 691 million fake accounts. Reject such requests.

4. Go light on the details in your dating profile.

To the extent that you can, provide the minimum amount of details in your dating profile. Granted, this requires a bit of a balancing act. You want to put some info out there to help find a match, yet too much can give you and your location away. Same for your profile pics. Be sure yours have a generic-looking background, rather than anything that might identify where you live, work, or go to school.

5. Protect yourself and your devices.

Online protection software can steer you clear from clicking on malicious links that a scammer might send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal info as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief might put to use. With identity theft a rather commonplace occurrence today, security software is really a must.

Put an end to it

If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that might feel.

Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you might want to file a police report, which we cover in our broader article on identity theft and fraud.

If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.

Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you might help others from falling victim too.

The post How Online Dating Scams work and How to Spot Them appeared first on McAfee Blog.

A cryptocurrency exchange claims to have been extorted after ‘researchers’ exploited a vulnerability to steal millions

Notorious threat actor IntelBroker is claiming to have stolen data from Apple and AMD

The LockBit ransomware group returned the fold to launch 176 attacks in May 2024 following a law enforcement takedown, NCC Group found

The French cybersecurity agency has warned that Russian-aligned threat actor has been targeting public organizations for years

Interesting summary of various ways to derive the public key from digitally signed files.

Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want to know which public key signed it? A rather delightful property if you want to attack anonymity in some proposed “everybody just uses cryptographic signatures for everything” scheme.

Falling in love in the internet age is a whole different ball game to the social-media-free ’70s, ’80s and ’90s. Awkward calls on the home phone, sending cards in the mail, and making mixtapes were all key relationship milestones back in the days of roller skates. But fast forward to the new millennium and dating is a whole different sport.

No longer are teens relying on their friends and family for introductions to new love interests, it’s all doable online thanks to the plethora of available dating apps and social media platforms. So it’s no surprise that research confirms that meeting online has officially displaced the traditional ways romantic partnerships were formed.

But how does it actually work? How do teens really connect online? Is it just about the dating apps? What about Instagram? Don’t they also use messaging apps to meet? And what does ‘benching’ and ‘beta-testing’ mean?

Ah, yes I know it can feel overwhelming but don’t stress – I got you! I’ve put together all the key information you need to know if you have kids who are starting their online dating journey.

1. It’s Not Just About Dating Apps

When many of us think about online dating, we think about the major dating apps like Tinder and Bumble however that’s actually not where it all happens. In fact, many teens inform me that it really is all about Instagram, Snapchat, and increasingly, TikTok. I am reliably informed that these social media platforms give you a more authentic understanding of someone – great! But, in my opinion, there are potential safety issues with using social media to attract a mate. Particularly, if you have a young, inexperienced teen on your hands.

In order for people to be able to follow you on these platforms (and send you messages), you need to have your profile set to public. So, if you have a young, naïve teen who has their social media accounts set to public to ramp up their love life, then I consider this to be a safety concern. They can receive messages from anyone which is not ideal.

2. Relationships Develop Online – Even If They First Meet In Person

In 2024, chances are your teens will not meet a potential mate in real life (IRL) – it all happens online. But even on the rare chance they do first meet in person, or they eyeball someone they fancy across the school playground, the relationship will develop online. That’s where the magic happens!

So instead of multiple landline telephone calls to friends to ‘suss out’ their crush, they spend multiple hours researching their crush online. They’ll check out and dissect their photos and posts, find all their social media accounts, and then, depending on their level of courage, they may follow all their accounts. Colloquially, this is often referred to as ‘social media stalking’.

3. Liking Posts and Commenting Is How To Get Noticed

Once they’ve built up the courage, teens may start liking the posts of their crush. Some may even go back over old social media posts and photos from several years back to demonstrate their level of interest. This is known as ‘deepliking’. Some teens think this is an effective strategy, others consider this to be off-putting – each to their own!! But the goal here is to put yourself on the radar of your crush.

Now, once the ‘likes’ have gathered some momentum, the teen may decide it’s time to ‘slide into their crush’s DM’s’. Ah – there’s that expression. All it really means is that your teen will send a direct message to their love interest – usually on a social media app such as Instagram or TikTok.

But they may not even need to ‘slide into the DM’s’. I am reliably informed that if you like a few posts of a potential love interest and then, they like a few of yours, you’re flirting and there’s definitely a spark!! The love interest may then just be the one initiating interest.

4. Be Prepared For A Lot Of Messaging

Now, if there is a spark and the crush has replied, the next phase is messaging – and a lot of it! Potentially 1000’s of messages. I have first-hand experience of paying a telephone bill for someone (no names) who was super smitten with a girl in the days before unlimited data. All I can say is ouch!!!

Now this messaging may take place on a social media app, a messaging app such as WhatsApp, Messenger, or even via text. Or possibly even a combination of them all!! The key here is to keep the messaging going to suss out whether there is a vibe!

But the messaging stage is where it can get messy and confusing. It’s not unusual for teens to be messaging with several potential love interests at once – essentially keeping their options open. Some refer to this as ‘beta-testing’, I would refer to it as disrespectful and probably exhausting – but hey, I’m old school! But this is often a reality for many teens, and it can be quite demoralising to feel like you’re being ‘managed’.

5. Let’s Make It Instagram Official

Now, this is a big moment. When your teen and their crush have decided they are exclusive and officially a thing, the next step is to let the world know and make it official. So, they may choose to update their status on their social media platforms to ‘in a relationship’. But if they are after a softer launch, they may simply post a pic of each other, or even together.

6. Is Sexting Really a Thing?

Believe it or not, some teens may never actually meet in real life (IRL) but still be in a relationship. If this is the case then it’s more likely that sexting will be part of the relationship. Research shows that 1 in 3 Aussie teens (aged 14 to 17) have some experience with sexting ie sending, receiving, being asked, and asking for nude pics however I think in reality, it is likely more – not everyone answers surveys honestly!

So, yes sexting does happen and while I wish it just didn’t, we can’t put our heads in the sand. So, I encourage all parents to remind their kids that once they send an image they lose control of it, that not all relationships last forever, and that they should never be coerced into doing something they are not comfortable with. Stay tuned for further posts with more sexting tips!

7. Some Good Things Will Come To An End

At the risk of being a cynic, chances are your child’s teen relationships will probably not last a lifetime. So, how do you break up when you’re a digital native?

Well, before the break-up phase, ‘benching’ can occur. This happens when one partner no longer wants to meet up with the other in person. It may also be the moment when your teen’s messages are no longer returned – this is called LOR – left on read. Most of us would call this ghosting. But regardless of what you call it, it’s not a nice feeling.

Call me old fashioned but I am a big fan of breaking up with your love in person and my boys know that. Tapering off contact or telling someone that the relationship is over via text is disrespectful, in my opinion.

8. Picking Up The Pieces

Helping kids through heartache is tough – I’ve been there!! If your teen is finding life post-relationship hard, why don’t you suggest they delete their social media apps for a week or 2? It’s hard to move on from someone when you are still receiving messages and/or seeing their notifications. It may even be worth unfriending or unfollowing the ex as well.

So, even though the landscape has changed, and the mixtapes have gone, please don’t forget that dating and romance can be super tricky when you are a teen. Not only are you dealing with matters of the heart but in the world’s biggest public forum – the internet. So be kind, gentle, and supportive! And be grateful for the simplicity of the ’70s, ’80s and ’90s.

Alex xx

The post How Teens Date in the Digital Age appeared first on McAfee Blog.