#onlinedating | This Stupidly Simple New Hack Puts You At Risk—Here’s How It Works | #bumble | #tinder | #pof

Here we go again—another PayPal report from security researchers, warning of a risk to users from thieves. This latest scam has reportedly now claimed thousands of victims and millions of dollars. As tech savvy as you might be, this scam’s devious social engineering twist has the potential to dupe the best of us. Take the advice below, safeguard your accounts, and don’t be next.

The issue has been brought to light by the ever-diligent researchers at CyberNews. The team says it wants to expose security issues that put large numbers of users at risk. A few weeks ago, I reported on their last PayPal research, a “critical login hack,” where an attacker was able to defeat some of the platform’s protections. Between then and now, CyberNews exposed the leak of U.S. online dating data, which put “millions of women at risk.” And now they’re back with another PayPal issue, one that users need to be aware of, to ensure they don’t fall victim.

CyberNews says that most of the fraudsters behind this scam are from the U.S., U.K. or Russia, and that for most of them this scam is now their main source of income. And why wouldn’t it be—the researchers say that a typical attacker can earn $2,500 per day, and operate in packs that can generate as much as $1.5 million per month. Right now, the U.K. appears to be a hotbed for the attacks, given the use of PayPal—but this has no geographical limits. The scam can work anywhere.

So, how does this scam work? Well, it’s based on the same social engineering risk that I reported on over a WhatsApp account take-over risk in January. That stupidly simple hack involved tricking users into giving up the one-time codes WhatsApp sends when you transfer your account to a new phone. The compromised account would then be used to message WhatsApp contacts and request money.

The difference this time is that it’s Facebook itself, not Facebook-owned WhatsApp. The issue with the WhatsApp hack was that an attacker would only see contacts that were part of the same groups as the victim. With Facebook, a full set of contacts can be seen, which makes it much more potent. Beyond that, the hack is the same and any compromised messaging platform can be used to fuel the scam.

With the Facebook account hacked, an attacker uses Messenger to contact a number of friends, telling each of them that they are owed money but cannot access their own PayPal account to receive it. So, can they have the money sent to this friend’s PayPal account instead, and the friend can then bank transfer it to them? You can see a typical attacker’s pitch in the screenshot below.

CyberNews has provided this explanation as to how the scam works, and an image (below) that shows the process in action.

  1. One of the victim’s friends has their Facebook account hacked, using stolen login details acquired from the dark web. These credentials are easily acquired given the huge volume of breached data online.
  2. The attacker sends the victim a message from that hacked account, it will be something like: “I just sold something online and need to get paid, but something is wrong with my PayPal. Can you help me out? They’ll send you the money on PayPal, then you can send it to to my bank account.”
  3. The victim says okay and provides their PayPal details. Some time shortly afterwards the money turns up in the victim’s account. The victim checks their PayPal statement and can see that the money is there.
  4. The money has been sent by the attacker, either from an account or card setup with fraudulent details or through a hacked PayPal account.
  5. With the money received, the victim sends that same amount to their “friend,” using the bank account details provided. In reality, this is the attacker’s bank account, to be used for a few scams and then closed.
  6. The victim thinks all is okay. But the next time they check their Paypal account, they find that the amount received has been reversed. This is a chargeback, where the sender of the money (the attacker) has asked for it to be reversed using PayPal’s standard systems.
  7. The victim is unable to do the same with their transfer to the attacker’s account, there is no such safety net with a bank transfer.
  8. The money makes a number of further electronic hops (to prevent tracing to the endpoint) before it is withdrawn. It is not coming back.

The scam can either involve three victims or just two. The owner of the hacker messaging account is the first victim. The owner of the PayPal account which makes the payment—the only victim who loses out financially is the second victim. And sometimes there is a hacked Paypal account by the attacker used to make and then reverse the charge—if the attacker doesn’t reverse the charge, the rightful owner will; when this is used instead of a fraudulent card, this is the third victim.

There are some further technical details behind the hack, including the way in which safety checks are bypassed on hacked Facebook and PayPal accounts. In either case, the use of proper multi-factor authentication (MFA) to provide a one-time passcode backup to your username and password will stop an attack in its tracks. Facebook’s MFA setup can be seen in the image below, and there is a similar setting for PayPal. Frankly, you should have this enabled on anything where it is an option.

Beyond that, this is all about common sense. If a friend does message you in this way, call them to make sure it’s really them. Unless you’re 100% certain, do not proceed. And make sure you contact them over a different messaging platform from the one they contacted you over. Better still, call the friend on the phone.

PayPal told CyberNews “we never lose sight of the fact that we are entrusted to look after people’s money. We take this responsibility very seriously and use advanced fraud and risk management tools to keep our customers and their payments safe. We go to great lengths to protect our customers,” the payment giant said, “but there are still some basic precautions we should take to avoid scams.”

PayPal didn’t provide any additional comments ahead of publishing, but has offered user guidance through CyberNews, telling customers “to be wary if they receive unusual requests about their PayPal account, especially requests to move large amounts of money, even when the request appears to come from someone they know. Always question uninvited approaches in case it’s a scam, and check directly with the person concerned to verify the request. And never accept or move money on behalf of someone else.”

ForbesFinds is a shopping service for our readers. Forbes searches premium retailers to find the new products — from clothes to gadgets — and the latest deals.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-4983","shortUri":"http://bit.ly/34Yfr26","displayChannel":"shopping","displaySection":"shopping","contributorSince":1493337881000,"slug":"forbes-personal-shopper","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_94","enableContribContact":true,"sigfile":"

For product reviews, gift ideas, and latest deals, Subscribe to the Forbes Finds newsletter.

","enableTwitterFeed":false,"disableCanonical":false,"disableDigest":false,"bylineFormat":0,"inactive":false,"division":"FC","allowEmail":false,"seniorContributor":false},"publication":{"naturalId":"blogAuthorId/blog/author/blog-4983","name":"Forbes Personal Shopper","avatars":[{"size":136,"image":"https://blogs-images.forbes.com/assets/images/avatars/blog-4983_136_6a35ad1b7db9ce9ac885b5f2de5c6338.jpg"},{"size":40,"image":"https://blogs-images.forbes.com/assets/images/avatars/blog-4983_40_6a35ad1b7db9ce9ac885b5f2de5c6338.jpg"},{"size":400,"image":"https://blogs-images.forbes.com/assets/images/avatars/blog-4983_400_6a35ad1b7db9ce9ac885b5f2de5c6338.jpg"},{"size":62,"image":"https://blogs-images.forbes.com/assets/images/avatars/blog-4983_62_6a35ad1b7db9ce9ac885b5f2de5c6338.jpg"}],"url":"http://www.forbes.com/sites/forbes-personal-shopper/","type":"Contributor Group","profileUrl":"https://blogs.forbes.com/forbes-personal-shopper/profile/","authorType":"group","tagName":"Check out great deals, new products and gift ideas.","blog":true,"timestamp":1580929399747,"authors":["3340302","3341394","745","3337134","3339142","3338017","3338128","2274378","2914864","3339248","3337133","3337934","3339143","3340216","3337142","3337409","3340223","3337608","1446304"],"description":"Forbes Personal Shopper is a shopping service for our readers. Forbes searches premium retailers to find the new products — from clothes to gadgets — and the latest deals. Forbes Personal Shopper covers products we think you’ll love. Featured products are independently selected and linked to for your convenience. If you buy something using a link on this page, Forbes Personal Shopper may receive a small share of that sale.","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-4983","primaryContributor":"blogAuthorId/blog/author/2914864","primaryContributorData":{"naturalId":"blogAuthorId/blog/author/2914864","name":"forbes-finds","avatars":[{"size":136,"image":"http://0.gravatar.com/avatar/057e34a30c8ec577a73d62ea083dad39?s=136&d=mm&r=g"},{"size":40,"image":"http://0.gravatar.com/avatar/057e34a30c8ec577a73d62ea083dad39?s=40&d=mm&r=g"},{"size":400,"image":"http://0.gravatar.com/avatar/057e34a30c8ec577a73d62ea083dad39?s=400&d=mm&r=g"},{"size":62,"image":"http://0.gravatar.com/avatar/057e34a30c8ec577a73d62ea083dad39?s=62&d=mm&r=g"}],"blog":false,"allowEmail":false},"shortUri":"http://bit.ly/34Yfr26","displayChannel":"shopping","displaySection":"shopping","contributorSince":1493323500000,"slug":"forbes-personal-shopper","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_94","enableContribContact":false,"enableTwitterFeed":false,"disableCanonical":false,"disableDigest":false,"inactive":false,"allowEmail":false,"singleRec":false},"coAuthors":[]},"blogName":"Forbes Personal Shopper","bertieBadges":[{"id":"5e663af6131d45000613b7cf","slug":"finds-pick","displayName":"Forbes Finds Pick","status":"active","priority":102,"streamUrl":""}],"retracted":false},{"id":"5e65f66651c408000643e3e5","naturalId":"blogAndPostId/blog/post/6533-5e65f66651c408000643e3e5","source":"forbespress","author":"Zak Doffman","title":"Critical Microsoft Security Warning: Hackers Now Attacking Targets—Here’s What You Do","date":1583755770598,"bodyAsDeltas":"[{"insert":{"figure":"0"}},{"insert":"Proof positive that timely security updates "},{"attributes":{"italic":true},"insert":"really"},{"insert":" matter, with the news over the weekend that a cybersecurity firm has detected state-sponsored hacking groups using a recently disclosed Microsoft Exchange vulnerability to attack targets. “In some cases,” "},{"attributes":{"color":"","link":"https://www.volexity.com/blog/2020/03/06/microsoft-exchange-control-panel-ecp-vulnerability-cve-2020-0688-exploited/"},"insert":"Volexity warns"},{"insert":", “the attackers appear to have been waiting for an opportunity to strike with credentials that had otherwise been of no use.”\nMicrosoft is pushing multi-factor authentication (MFA/2FA) to protect enterprise systems. The issue is that "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/"},"insert":"without MFA there is no protection in place to safeguard against a simple username and credential attack"},{"insert":". But here, even if an enterprise has deployed MFA, the system can still be compromised with just basic credentials. That vulnerability has been patched, but if you haven't patched you're at risk.\nHopefully everyone is sitting up and paying attention now. \nMicrosoft patched this risk in February, "},{"attributes":{"color":"","link":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688"},"insert":"warning"},{"insert":" “a remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.” In short, it lets them inside your system. The patch corrects the way those keys are created, closing the backdoor.\nWhen exploited on unpatched systems, the vulnerability enables an attacker to use basic credentials to access an Exchange system and execute code on the backend. “This issue,” Volexity says, “underscores why changing passwords periodically is a good best practice, regardless of security measures like 2FA.”\nIn a "},{"attributes":{"color":"","link":"https://www.zerodayinitiative.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys"},"insert":"February blogpost"},{"insert":" expanding on this issue, the Zero Day Initiative (ZDI) said “the important-rated patch [which] addressed a remote code execution bug in Microsoft Exchange Server... was reported an anonymous researcher and affects all supported versions of Microsoft Exchange Server up until the recent patch.” That blogpost also gives a good technical overview of the vulnerability.\nTwo weeks later and we have confirmation that this is being exploited in the wild. Volexity claims that it has observed “multiple APT actors exploiting or attempting to exploit on-premise Exchange servers.” The researchers say the compromises have enabled attackers to run “system commands to conduct reconnaissance, deploy webshell backdoor accessible via OWA and execute in-memory post-exploitation frameworks.” All of which expose organizations to seriously dangerous risks.\nThe researchers also say that the detections have included “multiple concerted efforts by APT groups to brute-force credentials by leveraging Exchange Web Services (EWS) in an effort to likely exploit this vulnerability.” Behind this claim, is the implication that certain targets are being bombarded with attempted breaches as attackers look to exploit the vulnerability before it is patched. They attribute this to state-sponsored groups based on IP-addresses and reuse of breached credentials.\nOn the one hand, this is still a sophisticated exploit and requires credential access (brute-forced or stolen) to an organization’s Exchange Control Panel (ECP) interface, and that has narrowed down the threat actors capable. But, on the other hand, the stolen credentials “do not need to be highly privileged or have ECP access.” The ECP’s crypto is not unique—that’s the error. And so all unpatched servers will let an attacker inside with those basic credentials. Cue the world of criminal hackers looking to try their hand at exploits.\nSo, what do you do? Well, apply the "},{"attributes":{"color":"","link":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688"},"insert":"security patch"},{"insert":" for "},{"attributes":{"color":"","link":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688"},"insert":"CVE-2020-0688"},{"insert":" right away if you have not already—simple enough? Volexity also recommends “placing access control list (ACL) restrictions on the ECP virtual directory in IIS and/or via any web application firewall capability—Volexity recommends that the ECP directory not be accessible to anyone that does not specifically need to access it.” Such measures may also include restricting access from outside the organization.\nThe other recommendation is to enforce good password behaviours in addition to mandating MFA. A recent Microsoft warning as to the millions of accounts being hacked warned that "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/2020/03/07/microsoft-confirms-really-really-high-hacking-threat-for-millions-of-users-heres-what-you-do-now/#3016e6f89b66"},"insert":"reuse of aged passwords is a critical security risk"},{"insert":". So, as ever, this is a critical vulnerability that can be almost fully mitigated by good security behaviors. When an exploit has been detected in the wild, that needs to be done fast.\n"}]","image":"https://specials-images.forbesimg.com/imageserve/1161847479/960x0.jpg","type":"blog","uri":"https://www.forbes.com/sites/zakdoffman/2020/03/09/critical-microsoft-security-warning-hackers-now-attacking-targets-heres-what-you-do/","comments":[],"visible":true,"authors":[{"name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","type":"Contributor","profileUrl":"/sites/zakdoffman/","authorType":"individual","blog":false,"allowEmail":false},{"name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","profileUrl":"https://blogs.forbes.com/zakdoffman/profile/","authorType":"individual","blog":false,"allowEmail":false}],"channelSection":[{"channelId":"channel_74"},{"channelId":"channel_74","sectionId":"section_1275"}],"blogType":"individual","displayChannel":"innovation","displaySection":"innovation","newsKeywords":["Microsoft security","Microsoft update","exchange server update","exchange server security","windows security","windows update"],"relatedContentList":[{"title":"This Israeli Cyber Billionaire Battles Hackers In China, Russia And Iran: ‘It Will Only Get Worse’","uri":"http://www.forbes.com/sites/zakdoffman/2020/02/18/this-israeli-cyber-billionaire-battles-hackers-in-china-russia-and-iran-it-will-only-get-worse/"}],"primaryChannelId":"channel_74","primarySectionId":"section_1275","siteSlug":"zakdoffman","timestamp":1583755987209,"statsEntities":[{"id":null,"name":"Technology_Internet","type":null,"relevance":null},{"id":null,"name":"Windows XP","type":null,"relevance":null},{"id":null,"name":"Computer architecture","type":null,"relevance":null},{"id":null,"name":"Software bugs","type":null,"relevance":null},{"id":null,"name":"Internet security","type":null,"relevance":null},{"id":null,"name":"Transport Layer Security","type":null,"relevance":null},{"id":null,"name":"anonymous researcher","type":"Position","relevance":0.2},{"id":null,"name":"state-sponsored hacking groups","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Microsoft","type":"Company","relevance":0.8},{"id":null,"name":"firewall","type":"Technology","relevance":0.2},{"id":null,"name":"Volexity","type":"Person","relevance":0.2},{"id":null,"name":"access control list","type":"Technology","relevance":0.2},{"id":null,"name":"web application","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"MFA.A","type":"Company","relevance":0.2},{"id":null,"name":"Web Services","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Exchange Server","type":"Product","relevance":0.2}],"writtenByForbesStaff":false,"templateType":"standard","enableSigfile":true,"blogId":"6533","pTagCount":13,"hashtags":["CyberSecurity"],"hideDescription":false,"sponsored":false,"doNotPaginate":false,"sentimentScore":-0.629223,"bvProgramType":"","embedData":[{"id":0,"type":"image","data":{"source":"getty","html":"","guid":"1161847479","caption":"","credit":"SOPA Images/LightRocket via Getty Images","width":5000,"height":3333,"cropRatioName":"custom","alignment":"","altText":"Microsoft Corporation logo","aspectRatio":66.66},"inflatedHTML":"

","position":"top"}],"authorGroup":{"primaryAuthor":{"naturalId":"blogAuthorId/blog/author/3339159","name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","type":"Contributor","profileUrl":"/sites/zakdoffman/","twitterName":"@ukzak","authorType":"individual","facebookName":"ukzak","linkedIn":"https://www.linkedin.com/in/zakdoffman","email":"zakd@me.com","blog":false,"timestamp":1575706889105,"shortBio":"I write about security and surveillance.","blogName":"Zak Doffman","description":"

I am the Founder/CEO of Digital Barriers—developing advanced surveillance solutions for defence, national security and counter-terrorism. I write about the intersection of geopolitics and cybersecurity, as well as breaking security and surveillance stories. Contact me at zakd@me.com.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6533","shortUri":"http://bit.ly/2EBd8t3","displayChannel":"innovation","displaySection":"innovation","contributorSince":1540251025000,"slug":"zakdoffman","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","altEmail":"zakd@me.com","enableContribContact":true,"sigfile":"

Find me on Twitter or Linkedin or email zakd@me.com.nn

","enableTwitterFeed":false,"instagramHandle":"","disableCanonical":false,"disableDigest":false,"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":false},"publication":{"naturalId":"blogAuthorId/blog/author/blog-6533","name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","profileUrl":"https://blogs.forbes.com/zakdoffman/profile/","twitterName":"UKZak","authorType":"individual","linkedIn":"https://www.linkedin.com/in/zakdoffman/","blog":true,"timestamp":1565095792994,"primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6533","primaryContributor":"blogAuthorId/blog/author/3339159","primaryContributorData":{"naturalId":"blogAuthorId/blog/author/3339159","name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","type":"Contributor","profileUrl":"/sites/zakdoffman/","twitterName":"@ukzak","authorType":"individual","facebookName":"ukzak","linkedIn":"https://www.linkedin.com/in/zakdoffman","email":"zakd@me.com","blog":false,"timestamp":1575706889105,"shortBio":"I write about security and surveillance.","blogName":"Zak Doffman","description":"

I am the Founder/CEO of Digital Barriers—developing advanced surveillance solutions for defence, national security and counter-terrorism. I write about the intersection of geopolitics and cybersecurity, as well as breaking security and surveillance stories. Contact me at zakd@me.com.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6533","shortUri":"http://bit.ly/2EBd8t3","displayChannel":"innovation","displaySection":"innovation","contributorSince":1540251025000,"slug":"zakdoffman","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","altEmail":"zakd@me.com","enableContribContact":true,"sigfile":"

Find me on Twitter or Linkedin or email zakd@me.com.nn

","enableTwitterFeed":false,"instagramHandle":"","disableCanonical":false,"disableDigest":false,"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":false},"shortUri":"http://bit.ly/2EBd8t3","displayChannel":"innovation","displaySection":"innovation","contributorSince":1540236900000,"slug":"zakdoffman","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","enableContribContact":false,"enableTwitterFeed":true,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"UKZak","name":"Zak D","profileImageUrl":"http://pbs.twimg.com/profile_images/1051866334915678208/-tkpvHG7.jpg","description":"Founder/CEO @DigitalBarriers: Edge-AI and IOT surveillance for defence, security & counter-terrorism. Contributor @Forbes: Security & Surveillance.","createdDate":1305105697000,"location":"United Kingdom","url":"https://t.co/wevgXjxbna","expandedUrl":"http://www.digitalbarriers.com","displayUrl":"digitalbarriers.com","verified":false},"inactive":false,"allowEmail":false,"seniorContributor":false},"coAuthors":[]},"blogName":"Zak Doffman","bertieBadges":[],"metaEmbeds":{"thumbnail":{"id":-1,"type":"image","data":{"source":"getty","html":"","guid":"1161847479","caption":"","credit":"SOPA Images/LightRocket via Getty Images","width":5000,"height":3333,"cropRatioName":"custom","alignment":"","altText":"Microsoft Corporation logo","aspectRatio":66.66},"position":"top","damImageUrl":"https://datingscams101.com/wp-content/uploads/2020/03/1583758071_697_960x0.jpg"}}},{"id":"5e64f5d643e2e60006a33fe4","naturalId":"blogAndPostId/blog/post/4745-5e64f5d643e2e60006a33fe4","source":"forbespress","author":"Lee Mathews","title":"5 Tips From Homeland Security To Help You Avoid COVID-19 Scams","date":1583688254381,"bodyAsDeltas":"[{"insert":"Some phishing campaigns prey on would-be victims’ fear. Others seek to capitalize on the opportunity created by hot topics in the news cycle. COVID-19 has presented cybercriminals with a way to combine both into a dangerous one-two punch.\n"},{"insert":{"figure":"1"}},{"insert":"You’re no doubt well aware of the potential health risk associated with COVID-19. The Department of Homeland Security wants to make sure you minimize your cyber risk, too.\nThe Department has "},{"attributes":{"color":"","link":"https://www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams"},"insert":"shared a list of tips"},{"insert":" from the Cybersecurity and Infrastructure Security Agency (CISA). Follow them, and you should be able to avoid these brazen attempts to steal your credentials or pry away your hard-earned cash.\n"},{"attributes":{"bold":true},"insert":"Use Trusted Sources"},{"insert":"\nThis seems simple enough, right? The truth is it’s not so easy these days. Not when anyone can quickly cobble together a legitimate-looking news site, pay for promoted posts on Facebook, and convince Twitter to verify accounts.\nStick to well-known sites with solid reputations and a track record of publishing verifiable facts. For COVID-19 news, the "},{"attributes":{"color":"","link":"https://www.cdc.gov/coronavirus/2019-ncov/index.html"},"insert":"Centers for Disease Control and Prevention"},{"insert":" is a good place to start.\n"},{"attributes":{"bold":true},"insert":"Avoid Clicking On Links In Unsolicited Emails, IMs, or Texts"},{"insert":"\nDid you receive a message from a sender you don’t immediately recognize? Scrutinize everything in the message. If it’s an email, compare the sender’s name to the email address (for texts, look at the phone number). Look for spelling errors and odd sentence structure, and definitely don’t click any links you see if you find any part of the message suspicious.\nYou can always double-check the safety of a link by copying it and pasting into a web-based tool like "},{"attributes":{"color":"","link":"https://www.virustotal.com/gui/home/url"},"insert":"VirusTotal"},{"insert":" or "},{"attributes":{"color":"","link":"https://sitecheck.sucuri.net/"},"insert":"Sucuri’s SiteCheck"},{"insert":".\n"},{"insert":{"figure":"0"}},{"attributes":{"bold":true},"insert":"Avoid Opening Attachments In Unsolicited Emails"},{"insert":"\nEmail attachments should be handled with even more care because a careless double-click can silently give cybercriminals complete control of your system. Scan attachments using whatever antivirus app you have installed on your system or submit it to VirusTotal for analysis.\nYou can relax the rules slightly for senders you recognize, but never let your guard down completely. It’s always possible someone you know has been compromised by malware and is unwittingly attacking you via your inbox.\n"},{"attributes":{"bold":true},"insert":"Do Not Reveal Personal Or Financial Information In Email, IMs, or Texts"},{"insert":"\nThis is absolutely imperative for organizations, but individuals should follow this advice, too. No one who legitimately needs to verify your birth date or social security number will do it via email, IM, or text message. No one who needs a copy of your birth certificate or passport should ask you to email it, attach it to an IM, or send it via MMS.\nAnd while it’s perfectly fine to discuss business deals in email threads you should never, ever provide account information in a message. Make a quick phone call or meet in person (or videoconference) instead.\n"},{"insert":{"figure":"2"}},{"attributes":{"bold":true},"insert":"Verify A Charity’s Authenticity Before Making Donations"},{"insert":"\nDon’t think for a second that cybercriminals are above impersonating a charitable organization to line their pockets. Whether they’re after credentials or money, official-looking websites or emails that tug on would-be victims’ heartstrings can be very effective.\nThe FTC has an entire webpage with tips on how to make sure you’re not being misled by scammers.\nThough CISA offered these tips to protect the public from scams preying on Coronavirus Disease 2019 fears, they’re worth applying all the time. Cyber attackers never stop, they just change their tactics.\n"}]","image":"https://specials-images.forbesimg.com/imageserve/1127961623/960x0.jpg","type":"blog","uri":"https://www.forbes.com/sites/leemathews/2020/03/08/5-tips-from-homeland-security-to-help-you-avoid-covid-19-scams/","comments":[],"visible":true,"authors":[{"name":"Lee Mathews","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9f4451afa3ce4be72f4ec8227bd8d320?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9f4451afa3ce4be72f4ec8227bd8d320?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9f4451afa3ce4be72f4ec8227bd8d320?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9f4451afa3ce4be72f4ec8227bd8d320?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/leemathews/","type":"Contributor","profileUrl":"/sites/leemathews/","authorType":"individual","blog":false,"allowEmail":false},{"name":"Lee Mathews","avatars":[{"size":0},{"size":0},{"size":0},{"size":0}],"url":"http://www.forbes.com/sites/leemathews/","profileUrl":"https://blogs.forbes.com/leemathews/profile/","authorType":"individual","blog":false,"allowEmail":false}],"channelSection":[{"channelId":"channel_74"},{"channelId":"channel_74","sectionId":"section_1275"},{"channelId":"channel_74"},{"channelId":"channel_74","sectionId":"section_1275"}],"blogType":"individual","displayChannel":"Innovation","displaySection":"Cybersecurity","newsKeywords":["COVID-19","coronavirus","DHS","homeland security","phishing","malware"],"primaryChannelId":"channel_74","primarySectionId":"section_1275","siteSlug":"leemathews","timestamp":1583693987954,"statsEntities":[{"id":null,"name":"Spamming","type":null,"relevance":null},{"id":null,"name":"Deception","type":null,"relevance":null},{"id":null,"name":"Marketing","type":null,"relevance":null},{"id":null,"name":"Cyberspace","type":null,"relevance":null},{"id":null,"name":"Human behavior","type":null,"relevance":null},{"id":null,"name":"Confidence tricks","type":null,"relevance":null},{"id":null,"name":"Social engineering","type":null,"relevance":null},{"id":null,"name":"Email","type":null,"relevance":null},{"id":null,"name":"Nofollow","type":null,"relevance":null},{"id":null,"name":"Cybercrime","type":null,"relevance":null},{"id":null,"name":"Phishing","type":null,"relevance":null},{"id":null,"name":"Computer virus","type":null,"relevance":null},{"id":null,"name":"trusted sources","type":"Company","relevance":0.2},{"id":null,"name":"Twitter","type":"Company","relevance":0},{"id":null,"name":"Cybersecurity and Infrastructure Security Agency","type":"Organization","relevance":0.8},{"id":null,"name":"Facebook","type":"Company","relevance":0},{"id":null,"name":"Federal Trade Commission","type":"Organization","relevance":0.2},{"id":null,"name":"legitimate-looking news site","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Department of Homeland Security","type":"Organization","relevance":0.2},{"id":null,"name":"guard","type":"Position","relevance":0.2},{"id":null,"name":"Centers for Disease Control and Prevention","type":"Organization","relevance":0.2},{"id":null,"name":"web-based tool","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Don","type":"Person","relevance":0.2}],"writtenByForbesStaff":false,"templateType":"standard","enableSigfile":true,"blogId":"4745","pTagCount":22,"hashtags":["CyberSecurity"],"hideDescription":false,"sponsored":false,"doNotPaginate":false,"sentimentScore":-0.575137,"bvProgramType":"","embedData":[{"id":1,"type":"image","data":{"source":"getty","html":"MILAN, ITALY - MARCH 08: Passengers, wearing a face masks, arrive at Milan's Central Station on March 08, 2020 in Milan, Italy. (Photo by Emanuele Cremaschi)","guid":"1211115207","caption":"MILAN, ITALY - MARCH 08: Passengers, wearing a face masks, arrive at Milan's Central Station on March 08, 2020 in Milan, Italy. (Photo by Emanuele Cremaschi)","credit":"Getty Images","width":6000,"height":4000,"cropRatioName":"custom","alignment":"","imageType":"image/jpeg","altText":"Italy Quarantines Entire Lombardy Region To Slow COVID-19 Spread","aspectRatio":66.66666666666666},"inflatedHTML":"

","position":"middle"},{"id":0,"type":"image","data":{"source":"getty","html":"New email online message communication mobile phone","guid":"1127961623","caption":"New email online message communication mobile phone","credit":"Getty","width":5616,"height":3744,"cropRatioName":"custom","alignment":"","imageType":"image/jpeg","altText":"New email online message communication mobile phone","aspectRatio":66.66666666666666},"inflatedHTML":"

","position":"middle"},{"id":2,"type":"image","data":{"source":"getty","html":"Image:","guid":"1185501448","caption":"Image:","credit":"Getty","width":4000,"height":2667,"cropRatioName":"custom","alignment":"","imageType":"image/jpeg","altText":"Donation concept","aspectRatio":66.675},"inflatedHTML":"

","position":"middle"}],"authorGroup":{"primaryAuthor":{"naturalId":"blogAuthorId/blog/author/2537056","name":"Lee Mathews","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9f4451afa3ce4be72f4ec8227bd8d320?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9f4451afa3ce4be72f4ec8227bd8d320?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9f4451afa3ce4be72f4ec8227bd8d320?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9f4451afa3ce4be72f4ec8227bd8d320?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/leemathews/","type":"Contributor","profileUrl":"/sites/leemathews/","authorType":"individual","email":"lmathews@gmail.com","blog":false,"timestamp":1574798694457,"shortBio":"Observing, pondering, and writing about tech. Generally in that order.","blogName":"Lee Mathews","description":"Lee started writing about software, hardware, and geek culture around the time that the Red Wings last won the Stanley Cup. The two aren't related in any way, however. When he's not catching up on tech news or blogging about it, you can find him watching or playing baseball and doing his part to ensure the next generation of geeks is raised properly.","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-4745","shortUri":"http://bit.ly/2ejAjXc","displayChannel":"Innovation","displaySection":"Cybersecurity","contributorSince":1477694455000,"slug":"leemathews","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","enableContribContact":true,"enableTwitterFeed":false,"disableCanonical":false,"disableDigest":false,"inactive":true,"division":"FC","allowEmail":false,"seniorContributor":true},"publication":{"naturalId":"blogAuthorId/blog/author/blog-4745","name":"Lee Mathews","avatars":[{"size":0},{"size":0},{"size":0},{"size":0}],"url":"http://www.forbes.com/sites/leemathews/","profileUrl":"https://blogs.forbes.com/leemathews/profile/","authorType":"individual","blog":true,"timestamp":1558041643873,"primaryBlogNaturalId":"blogAuthorId/blog/author/blog-4745","primaryContributor":"blogAuthorId/blog/author/2537056","primaryContributorData":{"naturalId":"blogAuthorId/blog/author/2537056","name":"Lee Mathews","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9f4451afa3ce4be72f4ec8227bd8d320?s=136&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9f4451afa3ce4be72f4ec8227bd8d320?s=400&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9f4451afa3ce4be72f4ec8227bd8d320?s=40&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9f4451afa3ce4be72f4ec8227bd8d320?s=62&d=mm&r=g"}],"blog":false,"shortBio":"Observing, pondering, and writing about tech. Generally in that order.","description":"Lee started writing about software, hardware, and geek culture around the time that the Red Wings last won the Stanley Cup. The two aren't related in any way, however. When he's not catching up on tech news or blogging about it, you can find him watching or playing baseball and doing his part to ensure the next generation of geeks is raised properly.","allowEmail":false},"shortUri":"http://bit.ly/2ejAjXc","displayChannel":"Innovation","displaySection":"Cybersecurity","contributorSince":1477681320000,"slug":"leemathews","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","enableContribContact":false,"enableTwitterFeed":false,"disableCanonical":false,"disableDigest":false,"inactive":false,"allowEmail":false,"seniorContributor":false},"coAuthors":[]},"blogName":"Lee Mathews","bertieBadges":[{"id":"5e663af6131d45000613b7c7","slug":"editors-pick","displayName":"Editors' Pick","status":"active","priority":8888,"streamUrl":"https://www.forbes.com/editors-picks","display":true},{"id":"5e663af6131d45000613b7c8","slug":"breaking-news","displayName":"Breaking","status":"active","priority":8875,"streamUrl":"https://www.forbes.com/news","display":true}],"metaEmbeds":{"thumbnail":{"id":-1,"type":"image","data":{"source":"getty","html":"New email online message communication mobile phone","guid":"1127961623","caption":"New email online message communication mobile phone","credit":"Getty","width":5616,"height":3744,"cropRatioName":"custom","alignment":"","imageType":"image/jpeg","altText":"New email online message communication mobile phone","aspectRatio":66.66666666666666},"position":"middle","damImageUrl":"https://datingscams101.com/wp-content/uploads/2020/03/1583758071_381_960x0.jpg"}}},{"id":"5e6431d4d56b0c00078f939e","naturalId":"blogAndPostId/blog/post/6533-5e6431d4d56b0c00078f939e","source":"forbespress","author":"Zak Doffman","title":"New Android ‘Dangerous’ Download Warning: 61,669 Malicious Apps Hiding On App Store","date":1583632528312,"bodyAsDeltas":"[{"insert":{"figure":"2"}},{"insert":"Google’s Play Store has borne the brunt of "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/2020/02/03/android-user-warning-here-are-24-dangerous-apps-with-a-dark-secretand-382-million-installs/#6bd59c8474b7"},"insert":"recent reports into malware-laced apps"},{"insert":" tricking Android users into high-risk installs. And while there are reportedly more than 25,000 potentially dangerous apps in the store, it’s not the most dangerous place a user can currently visit. That honor belongs elsewhere. \nThe report in question is the latest "},{"attributes":{"color":"","link":"https://www.riskiq.com/research/2019-mobile-threat-landscape-report/"},"insert":"threat landscape from RiskIQ"},{"insert":", and it includes some welcome security news for Google. “The number of blacklisted apps in the Play Store dropped an impressive 76.4% in 2019,” it says. An app is blacklisted when “at least one vendor has flagged the file as suspicious or malicious.”\nThe U.S. tech giant has introduced "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/2020/02/27/google-confirms-striking-new-android-security-move-55-billion-app-installs-now-impacted/#a5f4c41affb8"},"insert":"multiple initiatives to reduce the risk"},{"insert":", but "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/2020/02/21/google-confirms-malicious-security-threats-hiding-on-android-play-store-delete-these-12-apps-now/#37a648ff9fc2"},"insert":"dangerous apps still slip through the net"},{"insert":". That said, according to RiskIQ, there were still those 25,647 blacklisted apps on the Play Store in 2o19—alarming, yes, but down from a staggering 108,000 the year before. \n"},{"insert":{"figure":"1"}},{"insert":"There are often "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/2019/10/02/new-google-play-warning-280m-users-at-risk-as-china-manipulates-top-vpns/#1d66e5bc149b"},"insert":"links to China with Play Store apps that are identified as dangerous and unwanted"},{"insert":". And China features front and center in the RiskIQ report: With 40% of app spending, “China remains the largest app market,” an ecosystem that goes way beyond the official stores. “The top-three most prolific app stores in 2019 were Chinese, ahead of both Google and Apple.” In fact, China’s leading app store, ApkGK, accounted for more than twice the number of new apps as the Play Store.\nPutting all that together, it’s little surprise that the four most dangerous app stores (by concentration of malicious apps) are all Chinese: 9Game, VmallApps, Xiamoi and Zhushou. And 9Game leads the way overall—RiskIQ warns that it is the most dangerous of all the app stores, with a staggering 61,669 blacklisted apps.\n"},{"insert":{"figure":"0"}},{"insert":"So what about Apple? Well, Risk IQ notes that “Apple treats its App Store like Fort Knox and rarely hosts dangerous apps.” The company and its iOS operating system has not been without its "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/2019/10/24/new-iphone-threat-these-17-malicious-apps-may-be-on-your-devicedelete-them-now/#6b279cf553e3"},"insert":"challenges"},{"insert":" in the last year, but its tight controls and enhanced screening have maintained its market-leading security record.\nGoogle has stepped up its campaign to police Android and the Play Store more effectively in the last 12 months. The "},{"attributes":{"color":"","link":"https://developers.google.com/android/play-protect/app-defense-alliance"},"insert":"App Defense Alliance"},{"insert":" has introduced a collaborative effort with external security researchers to better understand the state of current malware threats, and AI is being used on the developer platform to advise (although not yet mandate) on the "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/2020/02/27/google-confirms-striking-new-android-security-move-55-billion-app-installs-now-impacted/#a5f4c41affb8"},"insert":"access requested by apps"},{"insert":" to user devices.\nRiskIQ says that more than 200 billion apps were downloaded in 2019, with users around the world spending a staggering $120 billion in the process. The positive news is that even as the number of apps increased last year, up 18%, the number of blacklisted apps dropped sharply, down 20%. But to put that into context, there were still 170,000 apps blacklisted, albeit down from 213,000 in 2018.\n"}]","image":"https://specials-images.forbesimg.com/imageserve/503308846/960x0.jpg?cropX1=0&cropX2=6016&cropY1=315&cropY2=3698","type":"blog","uri":"https://www.forbes.com/sites/zakdoffman/2020/03/07/this-is-androids-most-alarming-malware-threat-new-report-warns-of-61669-malicious-apps/","comments":[],"visible":true,"authors":[{"name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","type":"Contributor","profileUrl":"/sites/zakdoffman/","authorType":"individual","blog":false,"allowEmail":false},{"name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","profileUrl":"https://blogs.forbes.com/zakdoffman/profile/","authorType":"individual","blog":false,"allowEmail":false}],"channelSection":[{"channelId":"channel_74"},{"channelId":"channel_74","sectionId":"section_1275"},{"channelId":"channel_74","sectionId":"section_1162"}],"blogType":"individual","displayChannel":"innovation","displaySection":"innovation","newsKeywords":["google security","android security","android update","Samsung update","huawei update","china google","huawei google"],"primaryChannelId":"channel_74","primarySectionId":"section_1275","siteSlug":"zakdoffman","timestamp":1583649382005,"statsEntities":[{"id":null,"name":"Technology_Internet","type":null,"relevance":null},{"id":null,"name":"Business_Finance","type":null,"relevance":null},{"id":null,"name":"Operating systems","type":null,"relevance":null},{"id":null,"name":"Computing","type":null,"relevance":null},{"id":null,"name":"Computer architecture","type":null,"relevance":null},{"id":null,"name":"Alphabet Inc.","type":null,"relevance":null},{"id":null,"name":"Android","type":null,"relevance":null},{"id":null,"name":"Smartphones","type":null,"relevance":null},{"id":null,"name":"App Store","type":null,"relevance":null},{"id":null,"name":"Mobile app","type":null,"relevance":null},{"id":null,"name":"App store","type":null,"relevance":null},{"id":null,"name":"With 40","type":"RadioStation","relevance":0.2},{"id":null,"name":"App Store","type":"Facility","relevance":0.2},{"id":null,"name":"Malicious Apps Hiding On App Store","type":"Facility","relevance":0.2},{"id":null,"name":"China","type":"Country","relevance":0.2},{"id":null,"name":"App Defense Alliance","type":"Organization","relevance":0.2},{"id":null,"name":"iOS operating system","type":"Product","relevance":0.2},{"id":null,"name":"Android","type":"Technology","relevance":0.8},{"id":null,"name":"operating system","type":"Technology","relevance":0.2},{"id":null,"name":"artificial intelligence","type":"Technology","relevance":0.2},{"id":null,"name":"Google","type":"Company","relevance":0.2},{"id":null,"name":"United States","type":"Country","relevance":0.2},{"id":null,"name":"Play Store","type":"Facility","relevance":0.8},{"id":null,"name":"riskiq","type":"Company","relevance":0.5},{"id":null,"name":"Android","type":"OperatingSystem","relevance":0.8},{"id":null,"name":"APPLE","type":"Company","relevance":0.2},{"id":null,"name":"Fort Knox","type":"Facility","relevance":0.2},{"id":null,"name":"iOS","type":"Product","relevance":0.2}],"writtenByForbesStaff":false,"templateType":"standard","enableSigfile":true,"blogId":"6533","pTagCount":12,"hashtags":["CyberSecurity"],"hideDescription":false,"sponsored":false,"doNotPaginate":false,"sentimentScore":-0.567493,"bvProgramType":"","embedData":[{"id":2,"type":"image","data":{"source":"getty","html":"","guid":"503308846","caption":"","credit":"Getty","width":6016,"height":4016,"cropRatioName":"custom","alignment":"","imageType":"image/jpeg","altText":"Hacker stealing data from Smart phone","aspectRatio":66.75531914893617},"inflatedHTML":"

","position":"top"},{"id":1,"type":"image","data":{"source":"dam","html":"","guid":"5e6442f27d6f2600068ef23b","caption":"","credit":"RiskIQ","width":1562,"height":680,"cropRatioName":"custom","alignment":"","imageType":"image/png","altText":"Google Play Store","aspectRatio":43.53393085787452},"inflatedHTML":"

","position":"middle"},{"id":0,"type":"image","data":{"source":"dam","html":"","guid":"5e6441a8e1e6170007591935","caption":"","credit":"RiskIQ","width":1512,"height":1222,"cropRatioName":"custom","alignment":"","imageType":"image/png","altText":"App Threat Landscape","aspectRatio":80.82010582010582},"inflatedHTML":"

","position":"middle"}],"authorGroup":{"primaryAuthor":{"naturalId":"blogAuthorId/blog/author/3339159","name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","type":"Contributor","profileUrl":"/sites/zakdoffman/","twitterName":"@ukzak","authorType":"individual","facebookName":"ukzak","linkedIn":"https://www.linkedin.com/in/zakdoffman","email":"zakd@me.com","blog":false,"timestamp":1575706889105,"shortBio":"I write about security and surveillance.","blogName":"Zak Doffman","description":"

I am the Founder/CEO of Digital Barriers—developing advanced surveillance solutions for defence, national security and counter-terrorism. I write about the intersection of geopolitics and cybersecurity, as well as breaking security and surveillance stories. Contact me at zakd@me.com.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6533","shortUri":"http://bit.ly/2EBd8t3","displayChannel":"innovation","displaySection":"innovation","contributorSince":1540251025000,"slug":"zakdoffman","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","altEmail":"zakd@me.com","enableContribContact":true,"sigfile":"

Find me on Twitter or Linkedin or email zakd@me.com.nn

","enableTwitterFeed":false,"instagramHandle":"","disableCanonical":false,"disableDigest":false,"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":false},"publication":{"naturalId":"blogAuthorId/blog/author/blog-6533","name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","profileUrl":"https://blogs.forbes.com/zakdoffman/profile/","twitterName":"UKZak","authorType":"individual","linkedIn":"https://www.linkedin.com/in/zakdoffman/","blog":true,"timestamp":1565095792994,"primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6533","primaryContributor":"blogAuthorId/blog/author/3339159","primaryContributorData":{"naturalId":"blogAuthorId/blog/author/3339159","name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","type":"Contributor","profileUrl":"/sites/zakdoffman/","twitterName":"@ukzak","authorType":"individual","facebookName":"ukzak","linkedIn":"https://www.linkedin.com/in/zakdoffman","email":"zakd@me.com","blog":false,"timestamp":1575706889105,"shortBio":"I write about security and surveillance.","blogName":"Zak Doffman","description":"

I am the Founder/CEO of Digital Barriers—developing advanced surveillance solutions for defence, national security and counter-terrorism. I write about the intersection of geopolitics and cybersecurity, as well as breaking security and surveillance stories. Contact me at zakd@me.com.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6533","shortUri":"http://bit.ly/2EBd8t3","displayChannel":"innovation","displaySection":"innovation","contributorSince":1540251025000,"slug":"zakdoffman","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","altEmail":"zakd@me.com","enableContribContact":true,"sigfile":"

Find me on Twitter or Linkedin or email zakd@me.com.nn

","enableTwitterFeed":false,"instagramHandle":"","disableCanonical":false,"disableDigest":false,"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":false},"shortUri":"http://bit.ly/2EBd8t3","displayChannel":"innovation","displaySection":"innovation","contributorSince":1540236900000,"slug":"zakdoffman","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","enableContribContact":false,"enableTwitterFeed":true,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"UKZak","name":"Zak D","profileImageUrl":"http://pbs.twimg.com/profile_images/1051866334915678208/-tkpvHG7.jpg","description":"Founder/CEO @DigitalBarriers: Edge-AI and IOT surveillance for defence, security & counter-terrorism. Contributor @Forbes: Security & Surveillance.","createdDate":1305105697000,"location":"United Kingdom","url":"https://t.co/wevgXjxbna","expandedUrl":"http://www.digitalbarriers.com","displayUrl":"digitalbarriers.com","verified":false},"inactive":false,"allowEmail":false,"seniorContributor":false},"coAuthors":[]},"blogName":"Zak Doffman","bertieBadges":[],"metaEmbeds":{"thumbnail":{"id":-1,"type":"image","data":{"source":"getty","html":"","guid":"503308846","caption":"","credit":"Getty","width":6016,"height":4016,"cropWidth":960,"cropHeight":0,"cropX1":0,"cropX2":6016,"cropY1":315,"cropY2":3698,"cropRatioName":"16:9","alignment":"","altText":"Hacker stealing data from Smart phone","aspectRatio":56.233377659574465},"damImageUrl":"https://specials-images.forbesimg.com/imageserve/503308846/960x0.jpg?cropX1=0&cropX2=6016&cropY1=315&cropY2=3698"}}},{"id":"5e641a9051c4080006ed65bb","naturalId":"blogAndPostId/blog/post/6533-5e641a9051c4080006ed65bb","source":"forbespress","author":"Zak Doffman","title":"Microsoft Confirms ‘Really, Really High’ Hacking Risk For Millions Of Users: Here’s What You Do Now","date":1583624455360,"bodyAsDeltas":"[{"insert":{"figure":"1"}},{"insert":"Despite the negative security press that Microsoft has been getting, whether that’s failing "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/daveywinder/2020/02/15/windows-10-alert-microsoft-says-install-these-3-security-updates-in-this-order/#78d84d644e33"},"insert":"Windows 10 updates"},{"insert":", "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/2020/01/30/severe-perfect-100-microsoft-flaw-confirmed-this-is-a-cloud-security-nightmare/#6278e8c0b4a4"},"insert":"Azure vulnerabilities"},{"insert":" or "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/2020/03/04/microsoft-nightmare-login-hack-this-new-video-shows-how-your-password-can-now-be-stolen/#1569393459d1"},"insert":"compromised subdomains"},{"insert":", we can take it as read that the tech giant wants to protect its customers and their accounts. So when the company "},{"attributes":{"color":"","link":"https://youtu.be/B_mhJO2qHlQ"},"insert":"warns"},{"insert":" that 1.2 million accounts were compromised in January, almost all of which were preventable by one simple security measure, and that this is now a typical month, we should all sit up and take notice.\nThe 1.2 million figure is around 0.5% of enterprise accounts on their systems. “That’s a really, really, really high number,” Alexander Weinert, Microsoft’s Director of Identity Security, told an RSA audience in February.”If you have an organization of 10,000 users, 50 of them are going to be compromised this month.”\n"},{"insert":{"embedly":"6"}},{"insert":"A compromised account is an issue—regardless of the level of exposure. And, as with everything from smartphones to social media to online payments, the tools are now there to defend against all but the most sophisticated of these attacks. The truly shocking issue here, is that only 11% of enterprise users make use of those tools. That means a staggering 89% of accounts remain open to fairly simple attacks.\nWe are, of course, talking multi-factor authentication or MFA. The simplest possible add-on to a username and password. And while the most basic MFA comprises a one-time passcode sent by email or SMS, often criticized for being insecure and open to compromise, it’s immeasurably better than not having anything at all. And once we move to keys and authenticators, it becomes exponentially better still.\n“Multi-factor authentication,” Microsoft confirmed, “would have prevented the "},{"attributes":{"italic":true},"insert":"vast"},{"insert":" majority of those one-million compromised accounts.” And you can bet the picture is no better in the consumer world across that multitude of accounts.\nAnd it gets worse. A truly alarming 80% of those compromised enterprise accounts, which if you do the quick math is almost 1 million hacked accounts in January alone, were hit by either “password spray” or “replay” attacks.\nPassword spray simply means automatically testing combinations of common passwords and known usernames on a system. You know how poor the most popular passwords are these days—those are lists that attackers keep close to hand. This is a straight numbers game. By contrast, replay attacks exploit our fondness for reusing the same passwords on different systems. Made much worse when people reuse passwords from their personal accounts on their work ones. \nSo, in addition to not having MFA enabled, 80% of those 1.2 million attacks could likely have been prevented with strong passwords and no password reuse.\nThe twin evils of phishing and social engineering need no detailed explanation by now. Malicious emails and messages, tailored around popular news items or spoofed to appear to come from friends and colleagues, leading fake login pages that steal credentials. These more sophisticated types of attacks only accounted for 20% of that vast number of hacked Microsoft accounts. \nThe picture can get much worse depending on the type of account. “When we look at the probability of comprise,” Weinert said, “look at what happens when you have an SMTP enabled user. The compromise probability surges—it’s just crazy. IMAP, SMTP, POP enablement creates a much, much higher target.”\n"},{"insert":{"figure":"2"}},{"insert":"As Weinert put it, “hackers love legacy authentication,” and almost all of the password spray and replay attacks hit accounts where legacy authentication was in place. Again, another risk that is easy to identify and that needs to be addressed. \nAs I "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/2019/10/07/fbi-issues-surprise-cyber-attack-warningurges-new-precautions/#64750c7efbaf"},"insert":"reported"},{"insert":" last year, Microsoft has been urging enterprises to shift to MFA for some time. And these statistics make such a move an absolute no-brainer. MFA should not be a bullet on a company’s IT strategy slide, it should be a line-item on its to-do list. Enabling MFA and educating users as to the correct use of passwords should be a prerequisite. With that done, you can turn to the much harder task of filtering or training out phishing attacks, and explaining social engineering.\n"}]","image":"https://specials-images.forbesimg.com/imageserve/5e642fa2e1e617000759182f/960x0.jpg?cropX1=1&cropX2=1195&cropY1=0&cropY2=672","type":"blog","uri":"https://www.forbes.com/sites/zakdoffman/2020/03/07/microsoft-confirms-really-really-high-hacking-threat-for-millions-of-users-heres-what-you-do-now/","comments":[],"visible":true,"authors":[{"name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","type":"Contributor","profileUrl":"/sites/zakdoffman/","authorType":"individual","blog":false,"allowEmail":false},{"name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","profileUrl":"https://blogs.forbes.com/zakdoffman/profile/","authorType":"individual","blog":false,"allowEmail":false}],"channelSection":[{"channelId":"channel_74"},{"channelId":"channel_74","sectionId":"section_1275"},{"channelId":"channel_74","sectionId":"section_1162"}],"blogType":"individual","displayChannel":"innovation","displaySection":"innovation","newsKeywords":["Microsoft security","Microsoft update","office 365 security","azure security","windows update","azure update","windows 10 update"],"primaryChannelId":"channel_74","primarySectionId":"section_1275","siteSlug":"zakdoffman","timestamp":1583626217139,"statsEntities":[{"id":null,"name":"Technology_Internet","type":null,"relevance":null},{"id":null,"name":"Computer security","type":null,"relevance":null},{"id":null,"name":"Cryptography","type":null,"relevance":null},{"id":null,"name":"Access control","type":null,"relevance":null},{"id":null,"name":"Cybercrime","type":null,"relevance":null},{"id":null,"name":"Computer access control","type":null,"relevance":null},{"id":null,"name":"Password","type":null,"relevance":null},{"id":null,"name":"Security","type":null,"relevance":null},{"id":null,"name":"Phishing","type":null,"relevance":null},{"id":null,"name":"Multi-factor authentication","type":null,"relevance":null},{"id":null,"name":"Microsoft account","type":null,"relevance":null},{"id":null,"name":"Authenticator","type":null,"relevance":null},{"id":null,"name":"Password fatigue","type":null,"relevance":null},{"id":null,"name":"online payments","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"social media","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"SMS","type":"Technology","relevance":0.2},{"id":null,"name":"Alexander Weinert","type":"Person","relevance":0.2},{"id":null,"name":"Microsoft","type":"Company","relevance":0.8},{"id":null,"name":"SMTP","type":"Company","relevance":0.2},{"id":null,"name":"Director of Identity Security","type":"Position","relevance":0.2},{"id":null,"name":"smartphones","type":"Technology","relevance":0.2},{"id":null,"name":"s Director","type":"Position","relevance":0.2}],"writtenByForbesStaff":false,"templateType":"standard","enableSigfile":true,"blogId":"6533","pTagCount":16,"hashtags":["CyberSecurity"],"hideDescription":false,"sponsored":false,"doNotPaginate":false,"sentimentScore":-0.702877,"bvProgramType":"","embedData":[{"id":1,"type":"image","data":{"source":"dam","html":"","guid":"5e6421eb7d6f2600068eef00","caption":"","credit":"Microsoft/RSA Conference 2020","width":2548,"height":1422,"cropRatioName":"custom","alignment":"","imageType":"image/png","altText":"MS MFA Presentation","aspectRatio":55.80847723704867},"inflatedHTML":"

","position":"top"},{"id":6,"type":"embedly","data":{"embedType":"embedly","url":"https://www.youtube.com/watch?v=B_mhJO2qHlQ","description":"Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.","title":"Breaking Password Dependencies: Challenges in the Final Mile at Microsoft","html":"","version":"1.0","type":"video","caption":"","credit":"","width":854,"height":480,"iframe":"https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2FB_mhJO2qHlQ%3Ffeature%3Doembed&display_name=YouTube&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DB_mhJO2qHlQ&image=https%3A%2F%2Fi.ytimg.com%2Fvi%2FB_mhJO2qHlQ%2Fhqdefault.jpg&key=3ce26dc7e3454db5820ba084d28b4935&type=text%2Fhtml&schema=youtube","provider_url":"https://www.youtube.com/","author_name":"RSA Conference","thumbnail_width":480,"thumbnail_height":360,"author_url":"https://www.youtube.com/user/RSAConference","provider_name":"YouTube","thumbnail_url":"https://i.embed.ly/1/image?url=https%3A%2F%2Fi.ytimg.com%2Fvi%2FB_mhJO2qHlQ%2Fhqdefault.jpg&key=3ce26dc7e3454db5820ba084d28b4935"},"inflatedHTML":"

","position":"middle"},{"id":2,"type":"image","data":{"source":"dam","html":"","guid":"5e6425287d6f2600068eef05","caption":"","credit":"Microsoft/RSA Conference 2020","width":2542,"height":1338,"cropRatioName":"custom","alignment":"","imageType":"image/png","altText":"Microsoft/RSA Conference 2020","aspectRatio":52.63571990558616},"inflatedHTML":"

","position":"middle"}],"authorGroup":{"primaryAuthor":{"naturalId":"blogAuthorId/blog/author/3339159","name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","type":"Contributor","profileUrl":"/sites/zakdoffman/","twitterName":"@ukzak","authorType":"individual","facebookName":"ukzak","linkedIn":"https://www.linkedin.com/in/zakdoffman","email":"zakd@me.com","blog":false,"timestamp":1575706889105,"shortBio":"I write about security and surveillance.","blogName":"Zak Doffman","description":"

I am the Founder/CEO of Digital Barriers—developing advanced surveillance solutions for defence, national security and counter-terrorism. I write about the intersection of geopolitics and cybersecurity, as well as breaking security and surveillance stories. Contact me at zakd@me.com.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6533","shortUri":"http://bit.ly/2EBd8t3","displayChannel":"innovation","displaySection":"innovation","contributorSince":1540251025000,"slug":"zakdoffman","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","altEmail":"zakd@me.com","enableContribContact":true,"sigfile":"

Find me on Twitter or Linkedin or email zakd@me.com.nn

","enableTwitterFeed":false,"instagramHandle":"","disableCanonical":false,"disableDigest":false,"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":false},"publication":{"naturalId":"blogAuthorId/blog/author/blog-6533","name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","profileUrl":"https://blogs.forbes.com/zakdoffman/profile/","twitterName":"UKZak","authorType":"individual","linkedIn":"https://www.linkedin.com/in/zakdoffman/","blog":true,"timestamp":1565095792994,"primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6533","primaryContributor":"blogAuthorId/blog/author/3339159","primaryContributorData":{"naturalId":"blogAuthorId/blog/author/3339159","name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","type":"Contributor","profileUrl":"/sites/zakdoffman/","twitterName":"@ukzak","authorType":"individual","facebookName":"ukzak","linkedIn":"https://www.linkedin.com/in/zakdoffman","email":"zakd@me.com","blog":false,"timestamp":1575706889105,"shortBio":"I write about security and surveillance.","blogName":"Zak Doffman","description":"

I am the Founder/CEO of Digital Barriers—developing advanced surveillance solutions for defence, national security and counter-terrorism. I write about the intersection of geopolitics and cybersecurity, as well as breaking security and surveillance stories. Contact me at zakd@me.com.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6533","shortUri":"http://bit.ly/2EBd8t3","displayChannel":"innovation","displaySection":"innovation","contributorSince":1540251025000,"slug":"zakdoffman","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","altEmail":"zakd@me.com","enableContribContact":true,"sigfile":"

Find me on Twitter or Linkedin or email zakd@me.com.nn

","enableTwitterFeed":false,"instagramHandle":"","disableCanonical":false,"disableDigest":false,"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":false},"shortUri":"http://bit.ly/2EBd8t3","displayChannel":"innovation","displaySection":"innovation","contributorSince":1540236900000,"slug":"zakdoffman","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","enableContribContact":false,"enableTwitterFeed":true,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"UKZak","name":"Zak D","profileImageUrl":"http://pbs.twimg.com/profile_images/1051866334915678208/-tkpvHG7.jpg","description":"Founder/CEO @DigitalBarriers: Edge-AI and IOT surveillance for defence, security & counter-terrorism. Contributor @Forbes: Security & Surveillance.","createdDate":1305105697000,"location":"United Kingdom","url":"https://t.co/wevgXjxbna","expandedUrl":"http://www.digitalbarriers.com","displayUrl":"digitalbarriers.com","verified":false},"inactive":false,"allowEmail":false,"seniorContributor":false},"coAuthors":[]},"blogName":"Zak Doffman","bertieBadges":[],"metaEmbeds":{"thumbnail":{"id":-1,"type":"image","data":{"source":"dam","html":"Screenshot 2020-03-07 22.45.15(2)","guid":"5e642fa2e1e617000759182f","caption":"Screenshot 2020-03-07 22.45.15(2)","width":1198,"height":672,"cropWidth":960,"cropHeight":0,"cropX1":1,"cropX2":1195,"cropY1":0,"cropY2":672,"cropRatioName":"16:9","alignment":"","imageType":"image/png","aspectRatio":56.28140703517588},"damImageUrl":"https://specials-images.forbesimg.com/imageserve/5e642fa2e1e617000759182f/960x0.jpg?cropX1=1&cropX2=1195&cropY1=0&cropY2=672"}}},{"id":"5e6360343deadf000631e763","naturalId":"blogAndPostId/blog/post/6368-5e6360343deadf000631e763","source":"forbespress","author":"Davey Winder","title":"Samsung’s Surprise Security Move To Make 2FA Mandatory For Millions","date":1583575206174,"bodyAsDeltas":"[{"insert":{"figure":"2"}},{"insert":"Samsung has undoubtedly been pulling security rabbits out of the hat so far in 2020. Perhaps the revelation that Samsung Galaxy S20 smartphones will come with "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/daveywinder/2020/03/01/samsung-galaxy-s20-smartphone-security-surprise-secure-element-pixel-titanm-iphone-t2/"},"insert":"a secure element dedicated security chip"},{"insert":" being the highlight. Now the Android smartphone giant is bringing mandatory two-factor authentication (2FA) to the masses, with millions of users likely to benefit from this security update. \nWho is getting mandatory 2FA?"},{"attributes":{"header":2},"insert":"\n"},{"insert":"This security surprise may not be that surprising to those of you who have been following my advice to "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/daveywinder/2020/01/07/hidden-gmail-tricks-revealed-how-to-email-like-a-boss-in-2020/"},"insert":"make use of 2FA wherever possible"},{"insert":". I have been using 2FA as an additional security layer to help protect my Samsung Account since it was first introduced. What has changed, however, is that the Samsung Account app has now been updated to include a mandatory 2FA requirement. Once your Samsung Account app has been updated to version 11.1.01.3, all account logins will require this secondary layer of authentication. \nThe mandatory 2FA requirement will apply to both new and existing account holders. The latter will be required to enter a one-time code when logging in, regardless of whether they had already enabled 2FA or not. The slight fly in the security ointment is that those existing account holders won't be \"forced\" into the 2FA process while they remain logged in. Only once they have logged out of the account will mandatory 2FA kick-in during the next login attempt. Personally, speaking as something of a confessed security geek, I'd be happier if some force was applied. I'd rather see everyone logged out of their accounts following the app update and so required to re-authenticate and become part of the 2FA family. An attacker, whoever that may be, will be required to enter a 2FA code they don't have access to if they try and access your account, though, so security is maintained during the mandatory migration process.\nIs 2FA the security messiah?"},{"attributes":{"header":2},"insert":"\n"},{"insert":"Although such account access 2FA requirements won't save you from every security threat out there, like the "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/daveywinder/2020/03/04/critical-android-security-risk-confirmed-millions-of-devices-can-be-rooted—-update-now-if-you-can/"},"insert":"critical Android rooting vulnerability"},{"insert":" that emerged earlier this week or the, admittedly rather unlikely, "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/daveywinder/2020/03/02/this-silent-5-smartphone-hack-can-compromise-iphone-pixel-and-galaxy-devices/"},"insert":"$5 SurfingAttack hack"},{"insert":", it's not to be sniffed at. With the ready "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/daveywinder/2020/01/23/paypal-users-are-being-actively-targeted-by-indonesian-cyber-army-threat/"},"insert":"availability of off-the-shelf phishing kits"},{"insert":" on the dark web and the sheer "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/daveywinder/2019/12/12/has-your-password-been-stolen-how-to-find-out-crime-hacking-tutorial-tech-help/"},"insert":"number of data breaches that expose login data"},{"insert":", passwords are a known weak point. Especially when "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/daveywinder/2019/12/14/ranked-the-worlds-100-worst-passwords/"},"insert":"reused across accounts"},{"insert":" as so many still do or constructed in such a fashion that they aren't strong enough in the first place. As an aside, the FBI, of all people, has some "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/daveywinder/2020/02/22/the-fbi-wants-you-to-stop-using-passwords-and-do-this-instead/"},"insert":"good advice to help with the password construction problem"},{"insert":" that's worth reading. \nEnable 2FA without waiting for the Samsung Account app update\n"},{"attributes":{"header":2},"insert":"\n"},{"insert":"Although it's not clear at this point how long it will take for the Samsung Account app update to roll out globally, I would advise readers to pre-empt it and ensure you have 2FA enabled anyway. You can check what version your account app is by going to Settings|Accounts and backup\\Accounts and selecting your Samsung Account. From here, use the vertical ellipsis menu to select \"About Samsung account\" and find out if an update is available to you. If not, go back a step and select the \"Password and security\" option from where you can enable 2FA anyway. Once you've entered your password or used your fingerprint to access the 2FA options, you can then follow the straightforward instructions to get this vital extra layer of protection added to your account. You'll be happy to learn, I'm sure, that there is an option for using an authenticator app rather than relying on the much less secure code delivered by SMS to your smartphone 2FA route. \n\n"}]","image":"https://specials-images.forbesimg.com/imageserve/665542432/960x0.jpg","type":"blog","uri":"https://www.forbes.com/sites/daveywinder/2020/03/07/samsungs-surprise-security-move-to-make-2fa-mandatory-for-millions/","comments":[],"visible":true,"authors":[{"name":"Davey Winder","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/daveywinder/","type":"Contributor","profileUrl":"/sites/daveywinder/","authorType":"individual","blog":false,"allowEmail":false},{"name":"Davey Winder","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/daveywinder/","profileUrl":"https://blogs.forbes.com/daveywinder/profile/","authorType":"individual","blog":false,"allowEmail":false}],"channelSection":[{"channelId":"channel_74"},{"channelId":"channel_74","sectionId":"section_1275"},{"channelId":"channel_74","sectionId":"section_1162"},{"channelId":"channel_74","sectionId":"section_1575"}],"blogType":"individual","displayChannel":"innovation","displaySection":"innovation","newsKeywords":["Samsung","Galaxy","Smartphone","2FA","Passwords","Two-factor authentication","Apps","Update","Infosecurity","Cybersecurity","phones","Samsung Account","security"],"primaryChannelId":"channel_74","primarySectionId":"section_1275","siteSlug":"daveywinder","timestamp":1583575206177,"statsEntities":[{"id":null,"name":"Smartphones","type":null,"relevance":null},{"id":null,"name":"Mobile phones","type":null,"relevance":null},{"id":null,"name":"Computing","type":null,"relevance":null},{"id":null,"name":"Technology","type":null,"relevance":null},{"id":null,"name":"Android","type":null,"relevance":null},{"id":null,"name":"Smartphone","type":null,"relevance":null},{"id":null,"name":"Samsung Electronics","type":null,"relevance":null},{"id":null,"name":"Multi-factor authentication","type":null,"relevance":null},{"id":null,"name":"BlackBerry Limited","type":null,"relevance":null},{"id":null,"name":"Samsung Galaxy S series","type":null,"relevance":null},{"id":null,"name":"Samsung Galaxy S","type":null,"relevance":null},{"id":null,"name":"IPhone","type":null,"relevance":null},{"id":null,"name":"dark web","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Samsung","type":"Company","relevance":0.8},{"id":null,"name":"SMS","type":"Technology","relevance":0.2},{"id":null,"name":"secure element dedicated security chip","type":"Technology","relevance":0.2},{"id":null,"name":"Android","type":"Technology","relevance":0.2},{"id":null,"name":"Federal Bureau of Investigation","type":"Organization","relevance":0.2},{"id":null,"name":"smartphones","type":"Technology","relevance":0.2},{"id":null,"name":"Android","type":"OperatingSystem","relevance":0.2},{"id":null,"name":"smartphone","type":"Technology","relevance":0.8},{"id":null,"name":"secure element dedicated security chip","type":"IndustryTerm","relevance":0.2}],"writtenByForbesStaff":false,"templateType":"standard","enableSigfile":true,"blogId":"6368","pTagCount":7,"hashtags":["CyberSecurity"],"hideDescription":false,"sponsored":false,"doNotPaginate":false,"sentimentScore":-0.50998,"bvProgramType":"","embedData":[{"id":2,"type":"image","data":{"source":"getty","html":"Your Samsung smartphone is about to become a bit more secure.","guid":"665542432","caption":"Your Samsung smartphone is about to become a bit more secure.","credit":"AFP via Getty Images","width":4149,"height":2807,"cropRatioName":"custom","alignment":"","imageType":"image/jpeg","altText":"Samsung banner seen in a Samsung retail outlet","aspectRatio":67.65485659194987},"position":"top"}],"authorGroup":{"primaryAuthor":{"naturalId":"blogAuthorId/blog/author/3338793","name":"Davey Winder","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/daveywinder/","type":"Contributor","profileUrl":"/sites/daveywinder/","twitterName":"happygeek","authorType":"individual","linkedIn":"https://www.linkedin.com/in/happygeek/","email":"happygeek@gmail.com","blog":false,"timestamp":1574798691505,"shortBio":"I report and analyse breaking cybersecurity and privacy stories","webSite":"https://authory.com/DaveyWinder","blogName":"Davey Winder","description":"

I'm a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called 'Threats to the Internet.' In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6368","shortUri":"http://bit.ly/2NwgOAa","displayChannel":"innovation","displaySection":"innovation","contributorSince":1537547927000,"slug":"daveywinder","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","altEmail":"davey@happygeek.com","enableContribContact":true,"sigfile":"

Follow me on Twitter for more cybersecurity news, opinion and chat.

","enableTwitterFeed":false,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"happygeek","name":"Davey Winder","profileImageUrl":"http://pbs.twimg.com/profile_images/1047911296841203712/b9Ljhl5v.jpg","description":"Veteran cybersec hack. Currently contributing to https://t.co/sG6gezpBLV, The Times (via Raconteur Reports), SC Mag, Infosecurity, PC Pro, IT Pro, DigitalHealth","createdDate":1171286441000,"location":"West Yorkshire, UK","url":"https://t.co/5o821H1ydC","expandedUrl":"https://happygeek.com","displayUrl":"happygeek.com","verified":false},"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":true},"publication":{"naturalId":"blogAuthorId/blog/author/blog-6368","name":"Davey Winder","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/daveywinder/","profileUrl":"https://blogs.forbes.com/daveywinder/profile/","twitterName":"happygeek","authorType":"individual","linkedIn":"https://www.linkedin.com/in/happygeek/","blog":true,"timestamp":1552058111879,"primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6368","primaryContributor":"blogAuthorId/blog/author/3338793","primaryContributorData":{"naturalId":"blogAuthorId/blog/author/3338793","name":"Davey Winder","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/daveywinder/","type":"Contributor","profileUrl":"/sites/daveywinder/","twitterName":"happygeek","authorType":"individual","linkedIn":"https://www.linkedin.com/in/happygeek/","email":"happygeek@gmail.com","blog":false,"timestamp":1574798691505,"shortBio":"I report and analyse breaking cybersecurity and privacy stories","webSite":"https://authory.com/DaveyWinder","blogName":"Davey Winder","description":"

I'm a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called 'Threats to the Internet.' In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6368","shortUri":"http://bit.ly/2NwgOAa","displayChannel":"innovation","displaySection":"innovation","contributorSince":1537547927000,"slug":"daveywinder","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","altEmail":"davey@happygeek.com","enableContribContact":true,"sigfile":"

Follow me on Twitter for more cybersecurity news, opinion and chat.

","enableTwitterFeed":false,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"happygeek","name":"Davey Winder","profileImageUrl":"http://pbs.twimg.com/profile_images/1047911296841203712/b9Ljhl5v.jpg","description":"Veteran cybersec hack. Currently contributing to https://t.co/sG6gezpBLV, The Times (via Raconteur Reports), SC Mag, Infosecurity, PC Pro, IT Pro, DigitalHealth","createdDate":1171286441000,"location":"West Yorkshire, UK","url":"https://t.co/5o821H1ydC","expandedUrl":"https://happygeek.com","displayUrl":"happygeek.com","verified":false},"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":true},"shortUri":"http://bit.ly/2NwgOAa","displayChannel":"innovation","displaySection":"innovation","contributorSince":1537533840000,"slug":"daveywinder","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","enableContribContact":false,"enableTwitterFeed":true,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"happygeek","name":"Davey Winder","profileImageUrl":"http://pbs.twimg.com/profile_images/1047911296841203712/b9Ljhl5v.jpg","description":"Veteran cybersec hack. Currently contributing to https://t.co/sG6gezpBLV, The Times (via Raconteur Reports), SC Mag, Infosecurity, PC Pro, IT Pro, DigitalHealth","createdDate":1171286441000,"location":"West Yorkshire, UK","url":"https://t.co/5o821H1ydC","expandedUrl":"https://happygeek.com","displayUrl":"happygeek.com","verified":false},"inactive":false,"allowEmail":false,"seniorContributor":false},"coAuthors":[]},"blogName":"Davey Winder","bertieBadges":[{"id":"5e663af6131d45000613b7c9","slug":"editors-pick","displayName":"Editors' Pick","status":"active","priority":8888,"streamUrl":"https://www.forbes.com/editors-picks","display":true}],"metaEmbeds":{"thumbnail":{"id":-1,"type":"image","data":{"source":"getty","html":"Your Samsung smartphone is about to become a little bit more secure, whether you like it or not","guid":"665542432","caption":"Your Samsung smartphone is about to become a little bit more secure, whether you like it or not","credit":"AFP via Getty Images","width":4149,"height":2807,"cropRatioName":"custom","alignment":"","imageType":"image/jpeg","altText":"Samsung banner seen in a Samsung retail outlet","aspectRatio":67.65485659194987},"position":"top"}}},{"id":"5e627e098b5e61000690baf9","naturalId":"blogAndPostId/blog/post/5678-5e627e098b5e61000690baf9","source":"forbespress","author":"Kate O'Flaherty","title":"Meet Lockdown, The App That Reveals Who’s Tracking You On Your iPhone","date":1583517025670,"bodyAsDeltas":"[{"insert":{"figure":"0"}},{"insert":"In an era of mass data collection by tech giants such as "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/kateoflahertyuk/2020/01/28/this-new-facebook-privacy-feature-is-surprisingly-revealing/#545bd52950b3"},"insert":"Facebook"},{"insert":" and "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/kateoflahertyuk/2020/02/21/googles-2-billion-fitbit-deal-time-to-quit-your-smartwatch/#23350c723108"},"insert":"Google"},{"insert":", it helps to be informed. Many companies are less than transparent about what they do with people’s data, leaving it down to the user to protect their own privacy.\nApple has made progress in increasing its users’ "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/kateoflahertyuk/2020/01/28/apple-ios-1331-drops-with-this-essential-new-iphone-privacy-tool/#2b86d2482784"},"insert":"privacy"},{"insert":" and security in "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/kateoflahertyuk/2019/09/01/apple-ios-13-launch-confirmed-5-iphone-security-features-coming-this-month/#42980e402f2c"},"insert":"iOS 13"},{"insert":", which gives you more "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/kateoflahertyuk/2019/09/22/apple-ios-13-is-facebook-and-googles-worst-nightmare-coming-true/#12d79f9c765f"},"insert":"control over the data apps are able to collect"},{"insert":". However, even if you lock down your permissions, it’s still possible for apps to track you as you browse. \nEnter "},{"attributes":{"color":"","link":"https://lockdownhq.com/"},"insert":"Lockdown"},{"insert":", an iPhone "},{"attributes":{"color":"","link":"https://9to5mac.com/2020/02/13/free-open-source-firewall-for-mac-lockdown/"},"insert":"and now Mac"},{"insert":" app founded by two former Apple engineers Johnny Lin and Rahul Dewan. "},{"attributes":{"color":"","link":"https://www.macrumors.com/2019/07/24/lockdown-firewall-app-privacy-protection/"},"insert":"Launched last July"},{"insert":", its users are growing fast: 100,000 people use the app and Lockdown has blocked a whopping 1 billion trackers. \n"},{"attributes":{"bold":true},"insert":"What is Lockdown?  "},{"attributes":{"header":2},"insert":"\n"},{"insert":{"figure":"1"}},{"insert":"Lockdown is an open source and on-device firewall with the ability to block trackers. It uses Apple’s VPN set up to function, but it is not a VPN itself and won’t obscure your IP address.\nHowever, Lockdown also offers a paid for VPN. Dewan says the Lockdown VPN is different from many similar services on the market, which can "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/kateoflahertyuk/2019/04/19/heres-why-you-need-a-vpn-and-which-one-to-choose/#3a8b6c1023c9"},"insert":"collect data logs"},{"insert":". This is because the servers for its VPN upgrade are "},{"attributes":{"color":"","link":"https://confirmedvpn.com/openly-operated"},"insert":"openly operated"},{"insert":". “This means you can prove our privacy policy that we do not log or collect any data from users except to run the service, and we have zero access to it,” Dewan explains.\nI tried Lockdown on my iPhone over a period of three weeks and have to say I was impressed. The VPN was pretty quick and I didn’t notice a lag. In order to put the firewall aspect to the test, I also reinstalled the "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/kateoflahertyuk/2019/08/14/did-facebook-just-give-13-billion-users-a-reason-to-delete-their-account/#7bf8876b1662"},"insert":"Facebook"},{"insert":" app I had deleted long ago. After all, Facebook is already a known offender, right?\n"},{"attributes":{"bold":true},"insert":"Where do the trackers come from?"},{"attributes":{"header":2},"insert":"\n"},{"insert":"But the trackers originate not just from the Facebook and Google apps; they are embedded inside other apps you use every day, as well as the websites you visit on Apple Safari and other browsers.\n“They silently collect data on what you're looking at, your actions–every swipe, tap, and button click–your location, and more,” Johnny Lin, cofounder and CTO at Lockdown told me. \nThis happens even if the app isn't active in the foreground, and when you're not using your phone.\n“When this data is collected, it's sent out to advertisers, data brokers, and analytics companies,” Lin says. “By collecting this data on individuals from different sources, these companies build super-specific ‘shadow’ profiles of each individual.”\nThe profiles contain what you like and dislike, as well as frankly creepy details such as what time you wake up, who you're connected to and in what way, where you live and the places you go, your diet, and even extremely sensitive"},{"attributes":{"bold":true},"insert":" "},{"attributes":{"color":"","link":"https://www.cnet.com/news/these-menstrual-tracking-apps-reportedly-shared-sensitive-data-with-facebook/"},"insert":"health data"},{"insert":". “Those are the tracking attempts that you see being blocked in the block log,” Lin tells me. \n"},{"attributes":{"bold":true},"insert":"Breaking down my block log"},{"attributes":{"header":2},"insert":"\n"},{"insert":{"figure":"2"}},{"insert":"I asked Lin to break down my block log and this is what he told me: \n"},{"attributes":{"color":"","link":"http://chartbeat.net/"},"insert":"chartbeat.net"},{"insert":" is a data collection company whose "},{"attributes":{"color":"","link":"https://chartbeat.com/privacy/"},"insert":"privacy policy"},{"insert":" says the firm tracks and saves personal identifiers: My real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number or other similar identifiers, browsing history, geolocation, and more."},{"attributes":{"list":"bullet"},"insert":"\n"},{"attributes":{"color":"","link":"http://doubleclick.net/"},"insert":"doubleclick.net"},{"insert":" is an advertising company owned by Google. Aside from Facebook, according to Lin, this is likely the largest source of "},{"attributes":{"color":"","link":"https://www.nytimes.com/2010/08/30/technology/30adstalk.html"},"insert":"Behavioral Retargeting"},{"insert":", which “follows you around the web with its massive ad network.”"},{"attributes":{"list":"bullet"},"insert":"\n"},{"attributes":{"color":"","link":"http://scorecardresearch.com/"},"insert":"scorecardresearch.com"},{"insert":" is a market research company owned by comScore. It sells your data to third parties as outlined in its "},{"attributes":{"color":"","link":"https://www.comscore.com/About/Privacy-Policy"},"insert":"privacy policy"},{"insert":"."},{"attributes":{"list":"bullet"},"insert":"\n"},{"attributes":{"color":"","link":"http://connect.facebook.net/"},"insert":"connect.facebook.net"},{"insert":" is Facebook's infamous tracking platform that collects profiles on billions of users using their activity on apps and sites, even if they don't use Facebook and aren't logged into Facebook, Lin says."},{"attributes":{"list":"bullet"},"insert":"\n"},{"attributes":{"color":"","link":"http://app-measurement.com/"},"insert":"app-measurement.com"},{"insert":" is a tracking tool used by a company called Firebase, which was acquired by Google. “It was reverse-engineered to find a surprising amount of private data "},{"attributes":{"color":"","link":"https://medium.com/@crash__/firebase-the-cost-of-its-free-service-a758a95227b2"},"insert":"being sent"},{"insert":",” Lin tells me."},{"attributes":{"list":"bullet"},"insert":"\n"},{"insert":"That’s just a portion of my Block Log from 3:38PM to 3:54PM on one day.\n"},{"attributes":{"bold":true},"insert":"Trackers on your iPhone: Why you should care "},{"attributes":{"header":2},"insert":"\n"},{"insert":"Knowing just how much I am being tracked every day on my phone is certainly an incentive to continue using the app. But I care about my privacy, and you should too. \nOn an individual level, everyone has things they want to keep private, Lin points out. “Users currently have no idea what they're sharing, who they're sharing it with, and how it's shared. We tell our devices things we wouldn't tell our closest friends and family, so why should the data and behaviors on them be available to people and companies we've never met?”\nEven if you don't care about privacy at all, trackers affect your phone’s performance: “Having dozens of trackers constantly phoning home results in performance issues like draining your battery, racking up data usage, and causing slowdowns,” Lin points out.\nLin says Lockdown cares about transparency–which is why the app is 100% open source. “Anyone can see what it’s doing, and just as importantly, what it’s not doing.” "},{"attributes":{"color":"","link":"https://techcrunch.com/2019/02/21/facebook-removes-onavo/"},"insert":"?"},{"insert":"\nTrust is of course important, and as an added bonus Lockdown is free and easy to use. I’d certainly recommend downloading the app on your iPhone so you can see the sheer amount of trackers for yourself. \n"}]","image":"https://specials-images.forbesimg.com/imageserve/1194063482/960x0.jpg","type":"blog","uri":"https://www.forbes.com/sites/kateoflahertyuk/2020/03/06/meet-lockdown-the-app-that-reveals-whos-tracking-you-on-your-iphone/","comments":[],"visible":true,"authors":[{"name":"Kate O'Flaherty","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/kateoflahertyuk/","type":"Contributor","profileUrl":"/sites/kateoflahertyuk/","authorType":"individual","blog":false,"allowEmail":false},{"name":"Kate O'Flaherty","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/kateoflahertyuk/","profileUrl":"https://blogs.forbes.com/kateoflahertyuk/profile/","authorType":"individual","blog":false,"allowEmail":false}],"channelSection":[{"channelId":"channel_74"},{"channelId":"channel_74","sectionId":"section_1275"},{"channelId":"channel_74","sectionId":"section_1162"}],"blogType":"individual","displayChannel":"innovation","displaySection":"Business","primaryChannelId":"channel_74","primarySectionId":"section_1275","siteSlug":"kateoflahertyuk","timestamp":1583661697910,"statsEntities":[{"id":null,"name":"Technology_Internet","type":null,"relevance":null},{"id":null,"name":"Operating systems","type":null,"relevance":null},{"id":null,"name":"Software","type":null,"relevance":null},{"id":null,"name":"Computing","type":null,"relevance":null},{"id":null,"name":"Mobile operating systems","type":null,"relevance":null},{"id":null,"name":"Smartphones","type":null,"relevance":null},{"id":null,"name":"Microformats","type":null,"relevance":null},{"id":null,"name":"Nofollow","type":null,"relevance":null},{"id":null,"name":"Search engine optimization","type":null,"relevance":null},{"id":null,"name":"Spamming","type":null,"relevance":null},{"id":null,"name":"Internet privacy","type":null,"relevance":null},{"id":null,"name":"IOS 13","type":null,"relevance":null},{"id":null,"name":"IOS","type":null,"relevance":null},{"id":null,"name":"driver","type":"Position","relevance":0.2},{"id":null,"name":"cofounder and CTO","type":"Position","relevance":0.2},{"id":null,"name":"iPhone","type":"Product","relevance":0.8},{"id":null,"name":"firewall","type":"Technology","relevance":0.2},{"id":null,"name":"massive ad network","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"IP","type":"Technology","relevance":0.2},{"id":null,"name":"online identifier","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"comScore","type":"Company","relevance":0.5},{"id":null,"name":"VPN","type":"Technology","relevance":0.2},{"id":null,"name":"advertising","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Internet Protocol address","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Rahul Dewan","type":"Person","relevance":0.2},{"id":null,"name":"Johnny Lin","type":"Person","relevance":0.8},{"id":null,"name":"Google","type":"Company","relevance":0.2},{"id":null,"name":"the Facebook","type":"Company","relevance":0.5},{"id":null,"name":"Facebook","type":"Company","relevance":0.5},{"id":null,"name":"similar services","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Apple","type":"Company","relevance":0.5},{"id":null,"name":"Meet Lockdown","type":"Person","relevance":0.2},{"id":null,"name":"Firebase","type":"Company","relevance":0.2}],"writtenByForbesStaff":false,"templateType":"standard","enableSigfile":true,"blogId":"5678","pTagCount":23,"hashtags":["CyberSecurity"],"hideDescription":false,"sponsored":false,"doNotPaginate":false,"sentimentScore":-0.63911,"bvProgramType":"","embedData":[{"id":0,"type":"image","data":{"source":"getty","html":"Lockdown is an open source and on-device firewall with the ability to block trackers on your Apple iPhone.","guid":"1194063482","caption":"Lockdown is an open source and on-device firewall with the ability to block trackers on your Apple iPhone.","credit":"NurPhoto via Getty Images","width":3500,"height":2333,"cropRatioName":"custom","alignment":"","imageType":"image/jpeg","altText":"Apple Logo","aspectRatio":66.65714285714286},"inflatedHTML":"

","position":"top"},{"id":1,"type":"image","data":{"source":"dam","html":"Lockdown's firewall includes a block log showing who is tracking you.","guid":"5e628b327d6f2600068edcb4","caption":"Lockdown's firewall includes a block log showing who is tracking you.","credit":"Lockdown","width":1005,"height":1359,"cropRatioName":"custom","alignment":"","altText":"Lockdown-firewall-app-Apple-iPhone","aspectRatio":135.22388059701493},"inflatedHTML":"

","position":"middle"},{"id":2,"type":"image","data":{"source":"dam","html":"A set of logs sent to Lockdown for analysis. ","guid":"5e628ba47d6f2600068edcbc","caption":"A set of logs sent to Lockdown for analysis. ","credit":"Lockdown","width":828,"height":1792,"cropRatioName":"custom","alignment":"","imageType":"image/png","altText":"Locdown-blocklog-iphone","aspectRatio":216.42512077294685},"inflatedHTML":"

","position":"middle"}],"authorGroup":{"primaryAuthor":{"naturalId":"blogAuthorId/blog/author/3337005","name":"Kate O'Flaherty","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/kateoflahertyuk/","type":"Contributor","profileUrl":"/sites/kateoflahertyuk/","twitterName":"@KateOflaherty","authorType":"individual","email":"Kate.oflaherty@techjournalist.co.uk","blog":false,"timestamp":1580473701350,"shortBio":"I’m a cybersecurity journalist.","blogName":"Kate O'Flaherty","description":"

I'm a freelance cybersecurity journalist with over a decade’s experience writing news, reviews and features. I report and analyze breaking cybersecurity and privacy stories with a particular interest in cyber warfare, application security and data misuse. Contact me at kate.oflaherty@techjournalist.co.uk.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-5678","shortUri":"http://bit.ly/2HVamNj","displayChannel":"innovation","displaySection":"Business","contributorSince":1524578118000,"slug":"kateoflahertyuk","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","enableContribContact":true,"enableTwitterFeed":false,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"KateOflaherty","name":"Kate O'Flaherty","profileImageUrl":"http://pbs.twimg.com/profile_images/1074393892563357696/PE2MpZv8.jpg","description":"Freelance technology journalist. Cyber security and telecoms. @guardian, @Forbes @WiredUK @SCMagazineUK @MobileEurope kate.oflaherty@techjournalist.co.uk","createdDate":1240938419000,"location":"Edenbridge, South East","url":"https://t.co/AdCH9GfPE9","expandedUrl":"http://www.techjournalist.me","displayUrl":"techjournalist.me","verified":false},"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":true},"publication":{"naturalId":"blogAuthorId/blog/author/blog-5678","name":"Kate O'Flaherty","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/kateoflahertyuk/","profileUrl":"https://blogs.forbes.com/kateoflahertyuk/profile/","twitterName":"KateOflaherty","authorType":"individual","blog":true,"timestamp":1545064725933,"primaryBlogNaturalId":"blogAuthorId/blog/author/blog-5678","primaryContributor":"blogAuthorId/blog/author/3337005","primaryContributorData":{"naturalId":"blogAuthorId/blog/author/3337005","name":"Kate O'Flaherty","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/a1c9acc2f0117eb2112b3b0a18255dc9?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/kateoflahertyuk/","type":"Contributor","profileUrl":"/sites/kateoflahertyuk/","twitterName":"@KateOflaherty","authorType":"individual","email":"Kate.oflaherty@techjournalist.co.uk","blog":false,"timestamp":1580473701350,"shortBio":"I’m a cybersecurity journalist.","blogName":"Kate O'Flaherty","description":"

I'm a freelance cybersecurity journalist with over a decade’s experience writing news, reviews and features. I report and analyze breaking cybersecurity and privacy stories with a particular interest in cyber warfare, application security and data misuse. Contact me at kate.oflaherty@techjournalist.co.uk.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-5678","shortUri":"http://bit.ly/2HVamNj","displayChannel":"innovation","displaySection":"Business","contributorSince":1524578118000,"slug":"kateoflahertyuk","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","enableContribContact":true,"enableTwitterFeed":false,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"KateOflaherty","name":"Kate O'Flaherty","profileImageUrl":"http://pbs.twimg.com/profile_images/1074393892563357696/PE2MpZv8.jpg","description":"Freelance technology journalist. Cyber security and telecoms. @guardian, @Forbes @WiredUK @SCMagazineUK @MobileEurope kate.oflaherty@techjournalist.co.uk","createdDate":1240938419000,"location":"Edenbridge, South East","url":"https://t.co/AdCH9GfPE9","expandedUrl":"http://www.techjournalist.me","displayUrl":"techjournalist.me","verified":false},"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":true},"shortUri":"http://bit.ly/2HVamNj","displayChannel":"innovation","displaySection":"Business","contributorSince":1524564240000,"slug":"kateoflahertyuk","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","enableContribContact":false,"enableTwitterFeed":false,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"KateOflaherty","name":"Kate O'Flaherty","profileImageUrl":"http://pbs.twimg.com/profile_images/1074393892563357696/PE2MpZv8.jpg","description":"Freelance technology journalist. Cyber security and telecoms. @guardian, @Forbes @WiredUK @SCMagazineUK @MobileEurope kate.oflaherty@techjournalist.co.uk","createdDate":1240938419000,"location":"Edenbridge, South East","url":"https://t.co/AdCH9GfPE9","expandedUrl":"http://www.techjournalist.me","displayUrl":"techjournalist.me","verified":false},"inactive":false,"allowEmail":false,"seniorContributor":false},"coAuthors":[]},"blogName":"Kate O'Flaherty","bertieBadges":[{"id":"5e663af6131d45000613b7ca","slug":"editors-pick","displayName":"Editors' Pick","status":"active","priority":8888,"streamUrl":"https://www.forbes.com/editors-picks","display":true}],"metaEmbeds":{"thumbnail":{"id":-1,"type":"image","data":{"source":"getty","html":"Lockdown is an open source and on-device firewall with the ability to block trackers on your Apple iPhone.","guid":"1194063482","caption":"Lockdown is an open source and on-device firewall with the ability to block trackers on your Apple iPhone.","credit":"NurPhoto via Getty Images","width":3500,"height":2333,"cropRatioName":"custom","alignment":"","imageType":"image/jpeg","altText":"Apple Logo","aspectRatio":66.65714285714286},"position":"bottom","damImageUrl":"https://datingscams101.com/wp-content/uploads/2020/03/1583758071_267_960x0.jpg"}}},{"id":"5e62593be4b10a0007cb2859","naturalId":"blogAndPostId/blog/post/6368-5e62593be4b10a0007cb2859","source":"forbespress","author":"Davey Winder","title":"Microsoft Warns Of 'Devastating' Cybersecurity Threat To Windows Users: Here's What You Need To Know","date":1583504243858,"bodyAsDeltas":"[{"insert":{"figure":"0"}},{"insert":"Microsoft's threat protection intelligence team has warned of a \"significant and growing\" cybersecurity threat that can deliver a devastating payload. The FBI has warned about "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/daveywinder/2019/10/03/fbi-issues-high-impact-cyber-attack-warningwhat-you-need-to-know/"},"insert":"how high impact a threat ransomware is"},{"insert":", and now Microsoft is adding to the voices of vigilance. While ransomware threats such as the newly discovered strain of NetWalker that can "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/daveywinder/2020/03/05/beware-of-this-new-windows-10-ransomware-threat-hiding-in-plain-sight/"},"insert":"inject malicious code right into the Windows 10 explorer executable process"},{"insert":" are bad enough, they are but the tip of a very worrying cyber-iceberg. The Microsoft threat protection intelligence team has described in comprehensive detail how one type of ransomware attack poses a significant and growing threat, particularly to business users, calling it one of the \"most impactful trends in cyberattacks\" that we face today. The good news is that despite being able to deploy what Microsoft refers to as devastating payloads, the attacks and the fallout that follows are preventable.\nAll ransomware is not the same"},{"attributes":{"header":2},"insert":"\n"},{"insert":"The critical message to digest from the Microsoft deep dive into this threat is that not all ransomware is the same. The automated, bot-driven worm-like ransomware that spits out across the interwebs like a cyber-blunderbuss is damaging enough, for sure. However, the Microsoft threat protection intelligence team is warning about the type of hands-on, human-operated, highly targeted threat that is more commonly associated with the credential-stealing and data exfiltration antics of nation-state actors. Indeed, there is a similarity beyond the targeting; some of these ransomware attack methodologies have evolved to exfiltrate as well as encrypt data. DoppelPaymer, which recently hit the headlines when I reported how "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/daveywinder/2020/03/02/lockheed-martin-spacex-and-tesla-caught-in-cyber-attack-crossfire/"},"insert":"Lockheed Martin, SpaceX and Tesla had all been caught in the crossfire of one cyber-attack"},{"insert":" on a business in their supply chains, is an excellent example of the breed. More of that in a moment, though. First, let's look at the attack tactics and techniques Microsoft is alerting users to.\nHuman-operated ransomware attack tactics"},{"attributes":{"header":2},"insert":"\n"},{"insert":"Just like your nation-state, advanced persistent threat (APT) attackers, human-operated ransomware will target particular victims. The cybercriminals behind these attacks will already know plenty about you, by reconnaissance involving probing networks for common security misconfiguration errors or using open-source intelligence (OSINT) methodologies to glean publicly available data that can be useful in the social engineering side of such attacks. \"These attacks are known to take advantage of network configuration weaknesses and vulnerable services to deploy devastating ransomware payloads,\" Microsoft said in the report, but it doesn't stop there. If a human attacker can see other opportunities before them, then further malicious payloads will be dropped, credentials stolen and data exfiltrated. \nThe Microsoft researchers found that these ransomware campaigns do not bother too much with a stealthy approach; if they can get into your networks, then they operate without worrying about covering their tracks. Perhaps even more surprising to many, will be that the attacks themselves start in an unsophisticated manner, employing commodity malware and using vectors that routinely trigger detection alerts in business systems. They don't care because the warnings are low level, with security teams determining them to be of little importance and so get left uninvestigated in a timely fashion, if at all. This opens the attack window for long enough to enable the attacker to jump right through it. Even if a common payload gets intercepted by the security solution in place, the attack will simply try others until one sneaks through the defenses. They will even, having got admin status on a system, disable antivirus protection to enable relatively unfettered payload action. \nThe DoppelPaymer threat in more detail"},{"attributes":{"header":2},"insert":"\n"},{"insert":"Microsoft warns that DoppelPaymer threat actors have \"caused havoc\" in several attacks, with ransoms reaching into millions of dollars territory in some cases. Spread by human-operators, within compromised networks, and within an attack framework involving other malicious software such as banking Trojans (Dridex is often found on machines compromised by DoppelPaymer) shows the level of unfettered confidence these cybercriminals have. \"The success of attacks relies on whether campaign operators manage to gain control over domain accounts with elevated privileges after establishing initial access,\" Microsoft said. While Microsoft Defender ATP generates alerts for myriad activities as a result of these attacks, if the affected network segments are not actively monitored, these do not get the response they demand. Because DoppelPaymer attacks tend not to \"fully infect\" the networks they compromise, but rather only a subset of machines with the malware and then a further subset with data encryption and exfiltration, there's even more chance of them going unnoticed. The big difference between this type of ransomware and the more \"traditional\" file-encryptors we are used to, is that DoppelPaymer and its ilk will also exfiltrate data to use as ransom leverage. As was the case in "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/daveywinder/2020/03/02/lockheed-martin-spacex-and-tesla-caught-in-cyber-attack-crossfire/"},"insert":"the Visser Precision attack"},{"insert":", the criminals will happily release data into the public domain, usually on cybercrime forums, to persuade the victim they are serious. If ransoms are still not paid, the criminals have data that can then be sold on those markets so that they still successfully monetize the attack.\nMitigating against the human-operated ransomware threat"},{"attributes":{"header":2},"insert":"\n"},{"insert":"So, what does Microsoft recommend you do to protect your systems, and your data, from these human-operated ransomware attackers? Apply the basics of good security, would be the simple yet obvious answer. \"The top recommendations for mitigating ransomware and other human-operated campaigns,\" Microsoft said, \"are to practice credential hygiene and stop unnecessary communication between endpoints.\" This removes the lateral movement ability of the attackers and can reduce the impact of any attack. \nI would recommend you read the full "},{"attributes":{"color":"","link":"https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/"},"insert":"Microsoft threat protection intelligence team report"},{"insert":" to understand the mitigating tactics to be applied fully. A brief recap, however, includes the following:\nUse attack surface reduction rules, turn on tamper protection, use the Windows Defender Firewall and harden all internet-facing assets.\n"}]","image":"https://specials-images.forbesimg.com/imageserve/5e42b65fb0d2760007abde85/960x0.jpg","type":"blog","uri":"https://www.forbes.com/sites/daveywinder/2020/03/06/microsoft-warns-of-devastating-cybersecurity-threat-to-windows-users-heres-what-you-need-to-know/","comments":[],"visible":true,"authors":[{"name":"Davey Winder","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/daveywinder/","type":"Contributor","profileUrl":"/sites/daveywinder/","authorType":"individual","blog":false,"allowEmail":false},{"name":"Davey Winder","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/daveywinder/","profileUrl":"https://blogs.forbes.com/daveywinder/profile/","authorType":"individual","blog":false,"allowEmail":false}],"channelSection":[{"channelId":"channel_74"},{"channelId":"channel_74","sectionId":"section_1275"},{"channelId":"channel_74","sectionId":"section_1162"},{"channelId":"channel_74","sectionId":"section_1575"},{"channelId":"channel_1"}],"blogType":"individual","displayChannel":"innovation","displaySection":"innovation","newsKeywords":["Microsoft","Windows","Warning","Cyber Threaty","Threat Intelligence","Ransomware","Information Security","Data Protection","Cybersecurity"],"relatedContentList":[{"title":"U.S. And U.K. Governments Issue Update Now Warning For Windows, macOS And Linux Users","uri":"http://www.forbes.com/sites/daveywinder/2019/10/08/us-and-uk-governments-issue-update-now-warning-for-windows-macos-and-linux-users/"},{"title":"U.S. Government Announces Critical Warning For Microsoft Windows Users","uri":"http://www.forbes.com/sites/daveywinder/2019/06/18/u-s-government-announces-critical-warning-for-microsoft-windows-users/"}],"primaryChannelId":"channel_74","primarySectionId":"section_1275","siteSlug":"daveywinder","timestamp":1583504243862,"statsEntities":[{"id":null,"name":"Technology_Internet","type":null,"relevance":null},{"id":null,"name":"Security","type":null,"relevance":null},{"id":null,"name":"Security breaches","type":null,"relevance":null},{"id":null,"name":"Prevention","type":null,"relevance":null},{"id":null,"name":"Safety","type":null,"relevance":null},{"id":null,"name":"Cyberwarfare","type":null,"relevance":null},{"id":null,"name":"Cybercrime","type":null,"relevance":null},{"id":null,"name":"Computer security","type":null,"relevance":null},{"id":null,"name":"Ransomware","type":null,"relevance":null},{"id":null,"name":"Espionage","type":null,"relevance":null},{"id":null,"name":"Computer worm","type":null,"relevance":null},{"id":null,"name":"Malware","type":null,"relevance":null},{"id":null,"name":"Advanced persistent threat","type":null,"relevance":null},{"id":null,"name":"data encryption","type":"Technology","relevance":0.2},{"id":null,"name":"banking","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"The Microsoft","type":"Company","relevance":0.8},{"id":null,"name":"Microsoft Windows","type":"OperatingSystem","relevance":0.8},{"id":null,"name":"vulnerable services","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Federal Bureau of Investigation","type":"Organization","relevance":0.2},{"id":null,"name":"Microsoft","type":"Company","relevance":0.8},{"id":null,"name":"Firewall","type":"Technology","relevance":0.2},{"id":null,"name":"malicious software","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"security solution","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"internet-facing assets","type":"IndustryTerm","relevance":0.2}],"writtenByForbesStaff":false,"templateType":"standard","enableSigfile":true,"blogId":"6368","pTagCount":10,"hashtags":["CyberSecurity"],"hideDescription":false,"sponsored":false,"doNotPaginate":false,"sentimentScore":-0.710173,"bvProgramType":"","embedData":[{"id":0,"type":"image","data":{"source":"getty","html":"Microsoft's threat protection intelligence team has warned of a "significant and growing" cybersecurity threat","guid":"5e42b65fb0d2760007abde85","caption":"Microsoft's threat protection intelligence team has warned of a "significant and growing" cybersecurity threat","credit":"AFP via Getty Images","width":5677,"height":2887,"cropRatioName":"custom","alignment":"","altText":"The Microsoft logo and company name shown on a banner in black and white","aspectRatio":50.85432446714814},"position":"top"}],"authorGroup":{"primaryAuthor":{"naturalId":"blogAuthorId/blog/author/3338793","name":"Davey Winder","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/daveywinder/","type":"Contributor","profileUrl":"/sites/daveywinder/","twitterName":"happygeek","authorType":"individual","linkedIn":"https://www.linkedin.com/in/happygeek/","email":"happygeek@gmail.com","blog":false,"timestamp":1574798691505,"shortBio":"I report and analyse breaking cybersecurity and privacy stories","webSite":"https://authory.com/DaveyWinder","blogName":"Davey Winder","description":"

I'm a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called 'Threats to the Internet.' In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6368","shortUri":"http://bit.ly/2NwgOAa","displayChannel":"innovation","displaySection":"innovation","contributorSince":1537547927000,"slug":"daveywinder","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","altEmail":"davey@happygeek.com","enableContribContact":true,"sigfile":"

Follow me on Twitter for more cybersecurity news, opinion and chat.

","enableTwitterFeed":false,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"happygeek","name":"Davey Winder","profileImageUrl":"http://pbs.twimg.com/profile_images/1047911296841203712/b9Ljhl5v.jpg","description":"Veteran cybersec hack. Currently contributing to https://t.co/sG6gezpBLV, The Times (via Raconteur Reports), SC Mag, Infosecurity, PC Pro, IT Pro, DigitalHealth","createdDate":1171286441000,"location":"West Yorkshire, UK","url":"https://t.co/5o821H1ydC","expandedUrl":"https://happygeek.com","displayUrl":"happygeek.com","verified":false},"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":true},"publication":{"naturalId":"blogAuthorId/blog/author/blog-6368","name":"Davey Winder","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/daveywinder/","profileUrl":"https://blogs.forbes.com/daveywinder/profile/","twitterName":"happygeek","authorType":"individual","linkedIn":"https://www.linkedin.com/in/happygeek/","blog":true,"timestamp":1552058111879,"primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6368","primaryContributor":"blogAuthorId/blog/author/3338793","primaryContributorData":{"naturalId":"blogAuthorId/blog/author/3338793","name":"Davey Winder","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/8a069902e650272875adc931f812febd?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/daveywinder/","type":"Contributor","profileUrl":"/sites/daveywinder/","twitterName":"happygeek","authorType":"individual","linkedIn":"https://www.linkedin.com/in/happygeek/","email":"happygeek@gmail.com","blog":false,"timestamp":1574798691505,"shortBio":"I report and analyse breaking cybersecurity and privacy stories","webSite":"https://authory.com/DaveyWinder","blogName":"Davey Winder","description":"

I'm a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called 'Threats to the Internet.' In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6368","shortUri":"http://bit.ly/2NwgOAa","displayChannel":"innovation","displaySection":"innovation","contributorSince":1537547927000,"slug":"daveywinder","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","altEmail":"davey@happygeek.com","enableContribContact":true,"sigfile":"

Follow me on Twitter for more cybersecurity news, opinion and chat.

","enableTwitterFeed":false,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"happygeek","name":"Davey Winder","profileImageUrl":"http://pbs.twimg.com/profile_images/1047911296841203712/b9Ljhl5v.jpg","description":"Veteran cybersec hack. Currently contributing to https://t.co/sG6gezpBLV, The Times (via Raconteur Reports), SC Mag, Infosecurity, PC Pro, IT Pro, DigitalHealth","createdDate":1171286441000,"location":"West Yorkshire, UK","url":"https://t.co/5o821H1ydC","expandedUrl":"https://happygeek.com","displayUrl":"happygeek.com","verified":false},"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":true},"shortUri":"http://bit.ly/2NwgOAa","displayChannel":"innovation","displaySection":"innovation","contributorSince":1537533840000,"slug":"daveywinder","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","enableContribContact":false,"enableTwitterFeed":true,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"happygeek","name":"Davey Winder","profileImageUrl":"http://pbs.twimg.com/profile_images/1047911296841203712/b9Ljhl5v.jpg","description":"Veteran cybersec hack. Currently contributing to https://t.co/sG6gezpBLV, The Times (via Raconteur Reports), SC Mag, Infosecurity, PC Pro, IT Pro, DigitalHealth","createdDate":1171286441000,"location":"West Yorkshire, UK","url":"https://t.co/5o821H1ydC","expandedUrl":"https://happygeek.com","displayUrl":"happygeek.com","verified":false},"inactive":false,"allowEmail":false,"seniorContributor":false},"coAuthors":[]},"blogName":"Davey Winder","bertieBadges":[{"id":"5e663af6131d45000613b7cb","slug":"editors-pick","displayName":"Editors' Pick","status":"active","priority":8888,"streamUrl":"https://www.forbes.com/editors-picks","display":true}],"metaEmbeds":{"thumbnail":{"id":-1,"type":"image","data":{"source":"getty","html":"Microsoft's threat protection intelligence team has warned of a "significant and growing" cybersecurity threat","guid":"5e42b65fb0d2760007abde85","caption":"Microsoft's threat protection intelligence team has warned of a "significant and growing" cybersecurity threat","credit":"AFP via Getty Images","width":5677,"height":2887,"cropRatioName":"custom","alignment":"","altText":"The Microsoft logo and company name shown on a banner in black and white","aspectRatio":50.85432446714814},"position":"top"}}},{"id":"5e6210f108d7ed000710f179","naturalId":"blogAndPostId/blog/post/6533-5e6210f108d7ed000710f179","source":"forbespress","author":"Zak Doffman","title":"Advantage Trump—Severe Huawei Setbacks: Sales Plummet And U.K. Confirms 5G Inquiry (Updated)","date":1583489554008,"bodyAsDeltas":"[{"insert":{"figure":"4"}},{"insert":"Remember "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/2020/01/28/spectacular-huawei-defeat-confirmed-this-is-how-trump-got-it-so-completely-wrong/#57f96cbc507b"},"insert":"Huawei’s stunning victory"},{"insert":" over U.S. President Trump in late January? After months of lobbying, America’s key security ally, the U.K., elected to choose Shenzhen over Washington. "},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/2020/02/07/huawei-plays-dangerous-game-in-russia-as-trumps-fury-rages-on/#3ffcabb35a89"},"insert":"Trump was apoplectic with fury"},{"insert":", Boris Johnson’s U.K. government was accused of betrayal. Well, it turns out that the happy ending celebrated by Huawei’s management at the time may have been premature.\nLate on March 6 came the news that the "},{"attributes":{"color":"","link":"https://uk.reuters.com/article/uk-britain-huawei/uk-defence-committee-to-probe-security-of-5g-network-on-huawei-concerns-idUKKBN20T2SV"},"insert":"U.K. Defence Committee is to launch an inquiry into 5G security"},{"insert":", for which you can read an inquiry into the decision to allow Huawei into the U.K.’s next-generation network. Tobias Ellwood, the committee’s chairperson said “we will work to understand the legitimate concerns around the decision to allow Huawei to contribute to the 5G network in the U.K.,” adding that “we will not shy away from tackling the public’s concerns head on.”\nWith smartphone sales in the balance, a setback in 5G sales in the U.K., especially given the potential to impact other markets, is the last thing the company needs. You can tell there is concern that a revisit of the U.K. decision might be on the cards by Huawei’s response to the latest news. “Over the last 18 months,” the company said in a statement, “the [U.K.] government and two parliamentary committees have conducted detailed assessments of the facts and concluded there is no reason to ban Huawei from supplying 5G equipment on cybersecurity grounds.”\nWashington’s immediate public response to the U.K. decision in January appeared muted—but, behind closed doors, it was the very opposite. Advisers reported that one telephone call between the leaders descended into an angry tirade. But, even so, Trump’s decision to keep an itchy Twitter finger under control was seen as a positive sign that damage to the security alliance might not suffer too badly.\nBut for the more hawkish politicians in Washington, there has been no such pause. And in the latest move, Republican Senators Marco Rubio (R-FL), Tom Cotton (R-AR), Ted Cruz (R-TX) and Josh Hawley (R-MO) have penned the "},{"attributes":{"color":"","link":"https://www.cotton.senate.gov/files/documents/ROS20122.pdf"},"insert":"Protecting America from Foreign Investors Compromised by the CCP Act"},{"insert":", which seeks to threaten the U.K.’s “whitelist” insider status as regards investment in the U.S.\nSuch a move would damage the integrated nature of the U.K. and U.S. industrial defense and security alliance that sees companies work seamlessly cross-border. \nAs Rubio explained in a "},{"attributes":{"color":"","link":"https://www.rubio.senate.gov/public/index.cfm/press-releases?ContentRecord_id=B8092C26-B443-4F80-B8B4-A8D5D1F9E9FA"},"insert":"statement"},{"insert":", “the U.K.’s recent misguided decision to allow Chinese telecommunications equipment into their 5G infrastructure puts the security and economic interests of the U.S. and our allies at risk. The U.S. must now reevaluate how we engage with our important ally.”\nCruz went further, calling Huawei “a global espionage operation masquerading as a telecom company,” and warning that “Britain is putting the national security of the U.S. and our allies in jeopardy by allowing Huawei to build its 5G infrastructure... This legislation will help protect the U.S. against the dangers posed by deals such as the one our British allies are pursuing.”\nAnd that sentiment is now fairly widespread across U.S. lawmakers—enough that there could be some unexpected consequences on the U.K. that have been thought unlikely until now. On March 3, 20 cross-party U.S. senators wrote to the U.K. parliament, expressing “"},{"attributes":{"color":"","link":"https://www.sasse.senate.gov/public/_cache/files/040d4bec-953e-49fd-866c-3f44785b2134/03.03.20-sasse-schumer-letter-to-uk-parliament.pdf"},"insert":"significant concerns” and urging the decision is “revisited."},{"insert":"”\nThis is a campaign to force the U.K. to change its mind. And while the U.S. pressure is heating up, the real pressure on the U.K. government to change course is coming from closer to home. The U.K.’s hawkish politicians had lobbied furiously for a ban on Huawei prior to the government decision, and they have not toned down their lobbying or their rhetoric since it was made in late-January. \n“We have been operating in Britain for nearly 20 years,” Huawei said in its statement, “and played a vital role in the development and delivery of 3G and 4G for people across the U.K. Cybersecurity requires high and common standards across the telecoms industry, which Huawei has always supported. Creating a 5G Britain rightly requires scrutiny and we will work with the Select Committee to address their questions in the coming months.”\n“"},{"attributes":{"color":"","link":"https://www.telegraph.co.uk/news/2020/02/09/never-make-huawei-safe-must-stripped-uk-networks-quickly-possible/"},"insert":"This makes no logical sense"},{"insert":",” former party leader Sir Iain Duncan-Smith wrote in a column on February 9. “It is inconceivable that such a decision should be made in the face of all the evidence of the threat that China poses to us and our allies.”\nThis week, a "},{"attributes":{"color":"","link":"https://hansard.parliament.uk/Commons/2020-03-04/debates/9023564F-30E1-40C4-A9DE-E19DB8139E02/HuaweiAnd5G"},"insert":"meeting of U.K. parliamentarians"},{"insert":" debated the issue and their options. With the decision made, the consensus among that growing group of politicians is that the agreed cap on Huawei equipment, now 35%, should be reduced to 0% in the next few years, meaning no Huawei kit in the U.K.’s 5G network.\n“We have infuriated the Americans and our other allies in the Five Eyes,” Tory MP Owen Paterson warned the meeting. “Should we not have a concerted programme now with the Five Eyes allies to get to 0% over a short period of time? \nThis will come to a head next week, on Tuesday (March 10), when those Tory MPs seek to force a law through parliament to amend the U.K. government decision. The cut-off they ask for will be 2022, a move to appease the U.S. but give U.K. networks time to plan, they say, without impacting too heavily on 5G deployment plans.\nAs "},{"attributes":{"color":"","link":"https://www.ft.com/content/3f6320e2-5ef1-11ea-b0ab-339c2307bcd4"},"insert":"reported"},{"insert":" by the "},{"attributes":{"italic":true},"insert":"Financial Times"},{"insert":", the amendment would bar networks from using “equipment supplied by companies deemed to be ‘high risk vendors’ by the National Cyber Security Centre” after that date, but may well be “onerous for operators—the U.K.’s four mobile networks have all launched 5G services using Huawei kit.”\nThe hope for Huawei is that the group cannot summon enough votes to force the government’s hand. According to the "},{"attributes":{"italic":true},"insert":"FT"},{"insert":", one of the group claimed “as many as 40 Conservatives could back them—sufficient to inflict a defeat on the government... Another predicted up to 60 Tory MPs could support the amendment... But one prominent rebel said the number was currently nearer 20.”\nThe stakes are high, and given the angry U.S. response and a groundswell on the Tory back-benches for a revision, a cut-off date might be the most graceful exit for the government. As John Hemmings from the Henry Jackson Society warned in a column on March 4, the U.K. sticking to its decision on Huawei’s 5G inclusion "},{"attributes":{"color":"","link":"https://www.telegraph.co.uk/politics/2020/03/04/uk-risks-plunging-five-eyes-alliance-crisis/"},"insert":"risks grave consequences"},{"insert":". “The Five Eyes partners are not about to stop working together—but such a deep and special partnership will not last unless all its members trust that they are working for the same ends.”\nIf the U.K. is forced to backtrack, that will be a hugely damaging blow to Huawei, which had lauded the example of the U.K. as vindication of its security position. The U.K. is seen as a litmus test for many other nations, given its expertise on cyber and its long-term use of Huawei. The country also has the most extensive setup for evaluating Huawei security risks anywhere in the world. \nAnd to add to this worry, the Information reported on March 6 that the Chinese tech giant is now projecting “"},{"attributes":{"color":"","link":"https://www.theinformation.com/articles/huawei-projects-big-drop-in-smartphone-sales-amid-u-s-sanctions?utm_content=article-4314&utm_campaign=article_email&utm_source=sg&utm_medium=email"},"insert":"a big drop in smartphone sales amid U.S. sanctions"},{"insert":"—in what would be its first year-on-year decline.” The leaked numbers are material, up to a 20% decline, and that could get worse as the impact of coronavirus takes hold. According to the report, this decline, reversing a decade of uninterrupted growth, “stems from expected weak sales in Europe and other overseas markets—a result of U.S. sanctions that block the company from using Google’s mobile services.”\nDespite those sanctions, Huawei still posted smartphone growth in 2019, and maintained its global number two spot behind Samsung and ahead of Apple. The company initially forecast up to 300 million device shipments last year, but ended up shipping 240 million, a smaller than expected 17% uplift on 2018. A 20% decline on this would take them back down below 200 million units, below that 2018 level. \nAt the start of the year, Huawei chairman Eric Xu said the company was “"},{"attributes":{"color":"","link":"https://www.forbes.com/sites/zakdoffman/2020/12/30/huawei-warns-2020-will-be-difficult-survival-will-be-our-first-priority/#3824c4c88e67"},"insert":"standing strong in the face of adversity,"},{"insert":"” but admitted that this year would be harder than last, forecasting this slowing of growth but stopping short of predicting a sharp decline. “Survival will be our first priority,” Xu said, blaming the U.S.\nMeanwhile, the challenge Huawei faces in convincing the world of the lack of substance in U.S. charges has taken two other blows recently. First claims that "},{"attributes":{"color":"","link":"https://uk.reuters.com/article/us-huawei-iran-sanctions-exclusive/exclusive-newly-obtained-documents-show-huawei-role-in-shipping-prohibited-u-s-gear-to-iran-idUKKBN20P1VA"},"insert":"proof of sanctions abuses in Iran"},{"insert":" has come to light, and then with a subsequent "},{"attributes":{"color":"","link":"https://www.cyberscoop.com/huawei-andy-purdy-tim-danks-rsac-china-iran/"},"insert":"admission from one of the company’s security chiefs"},{"insert":" that a company of Huawei’s size can’t be certain its equipment is not used for malicious purposes. That point is fair—no tech giant can be, but the timing of such an acknowledgement is unfortunate. \nTwists and turns. Again. Huawei had hoped the worst might be behind it with the U.K.’s decision in January, the next few days, though, could be a major setback for the company and throw everything back into the mix.\n—\n"},{"attributes":{"italic":true},"insert":"Updated later on March 6, first with the Information report on smartphone sales and then with the U.K. Defence Committee news and Huawei’s response."},{"insert":"\n"}]","image":"https://specials-images.forbesimg.com/imageserve/1201532622/960x0.jpg","type":"blog","uri":"https://www.forbes.com/sites/zakdoffman/2020/03/06/huawei-faces-surprise-new-d-day-in-trump-fight-next-tuesday-could-be-a-disaster/","comments":[],"visible":true,"authors":[{"name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","type":"Contributor","profileUrl":"/sites/zakdoffman/","authorType":"individual","blog":false,"allowEmail":false},{"name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","profileUrl":"https://blogs.forbes.com/zakdoffman/profile/","authorType":"individual","blog":false,"allowEmail":false}],"channelSection":[{"channelId":"channel_74"},{"channelId":"channel_74","sectionId":"section_1275"},{"channelId":"channel_74","sectionId":"section_1162"}],"blogType":"individual","displayChannel":"innovation","displaySection":"innovation","newsKeywords":["huawei trump","huawei china","trump china","huawei update","5g huawei","uk 5g huawei"],"primaryChannelId":"channel_74","primarySectionId":"section_1275","siteSlug":"zakdoffman","timestamp":1583574648516,"statsEntities":[{"id":null,"name":"Politics","type":null,"relevance":null},{"id":null,"name":"Telecommunications","type":null,"relevance":null},{"id":null,"name":"Technology","type":null,"relevance":null},{"id":null,"name":"Companies","type":null,"relevance":null},{"id":null,"name":"Mobile telecommunications","type":null,"relevance":null},{"id":null,"name":"Internet of things","type":null,"relevance":null},{"id":null,"name":"Huawei","type":null,"relevance":null},{"id":null,"name":"5G","type":null,"relevance":null},{"id":null,"name":"Touchscreen mobile phones","type":null,"relevance":null},{"id":null,"name":"Nofollow","type":null,"relevance":null},{"id":null,"name":"Criticism of Huawei","type":null,"relevance":null},{"id":null,"name":"Concerns over Chinese involvement in 5G wireless networks","type":null,"relevance":null},{"id":null,"name":"America","type":"Continent","relevance":0.2},{"id":null,"name":"Josh Hawley","type":"Person","relevance":0.2},{"id":null,"name":"Ar","type":"Person","relevance":0.2},{"id":null,"name":"President","type":"Position","relevance":0.2},{"id":null,"name":"Owen Paterson","type":"Person","relevance":0.2},{"id":null,"name":"telecommunications equipment","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Trump","type":"Person","relevance":0.2},{"id":null,"name":"smartphone","type":"Technology","relevance":0.8},{"id":null,"name":"Eric Xu","type":"Person","relevance":0.2},{"id":null,"name":"U.K. Defence Committee","type":"Organization","relevance":0.8},{"id":null,"name":"U.K. government","type":"Organization","relevance":0.2},{"id":null,"name":"5G infrastructure","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Tory MP","type":"Position","relevance":0.2},{"id":null,"name":"Huawei","type":"Company","relevance":0.8},{"id":null,"name":"Boris Johnson","type":"Person","relevance":0.2},{"id":null,"name":"Twitter","type":"Company","relevance":0},{"id":null,"name":"Google","type":"Company","relevance":0.2},{"id":null,"name":"National Cyber Security Centre","type":"Organization","relevance":0.2},{"id":null,"name":"Iran","type":"Country","relevance":0.2},{"id":null,"name":"5G","type":"Product","relevance":0.2},{"id":null,"name":"FINANCIAL TIMES","type":"Company","relevance":0},{"id":null,"name":"Iain Duncan-Smith","type":"Person","relevance":0.2},{"id":null,"name":"Ted Cruz","type":"Person","relevance":0.2},{"id":null,"name":"John Hemmings","type":"Person","relevance":0.2},{"id":null,"name":"U.K. parliament","type":"Organization","relevance":0.2},{"id":null,"name":"CCP","type":"Company","relevance":0.2},{"id":null,"name":"Tom Cotton","type":"Person","relevance":0.2},{"id":null,"name":"Shenzhen","type":"City","relevance":0.2},{"id":null,"name":"Financial Times","type":"PublishedMedium","relevance":0.2},{"id":null,"name":"Henry Jackson Society","type":"Company","relevance":0.2},{"id":null,"name":"chairman","type":"Position","relevance":0.2},{"id":null,"name":"5G network","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"United States","type":"Country","relevance":0.8},{"id":null,"name":"Europe","type":"Continent","relevance":0.2},{"id":null,"name":"Henry Jackson Society","type":"Organization","relevance":0.2},{"id":null,"name":"Boris Johnson?s U.K. government","type":"Organization","relevance":0.2},{"id":null,"name":"s 5G network","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Tobias Ellwood","type":"Person","relevance":0.2},{"id":null,"name":"Select Committee","type":"Organization","relevance":0.2},{"id":null,"name":"Washington","type":"City","relevance":0.2},{"id":null,"name":"chairperson","type":"Position","relevance":0.2},{"id":null,"name":"s next-generation network","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Samsung","type":"Company","relevance":0.2},{"id":null,"name":"United Kingdom","type":"Country","relevance":0.8},{"id":null,"name":"China","type":"Country","relevance":0.2},{"id":null,"name":"3G","type":"Technology","relevance":0.2},{"id":null,"name":"5G equipment","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"5G services","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Marco Rubio","type":"Person","relevance":0.2},{"id":null,"name":"APPLE","type":"Company","relevance":0.2},{"id":null,"name":"Advantage Trump","type":"Person","relevance":0.2},{"id":null,"name":"Europe","type":"Country","relevance":0.2}],"writtenByForbesStaff":false,"templateType":"standard","enableSigfile":true,"blogId":"6533","pTagCount":28,"hashtags":["CyberSecurity"],"hideDescription":false,"sponsored":false,"doNotPaginate":false,"sentimentScore":-0.605122,"bvProgramType":"","embedData":[{"id":4,"type":"image","data":{"source":"getty","html":"","guid":"1201532622","caption":"","credit":"SOPA Images/LightRocket via Getty Images","width":4000,"height":2670,"cropRatioName":"custom","alignment":"","altText":"More twists and turns in Huawei Vs Trump.","aspectRatio":66.75},"inflatedHTML":"

","position":"top"}],"authorGroup":{"primaryAuthor":{"naturalId":"blogAuthorId/blog/author/3339159","name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","type":"Contributor","profileUrl":"/sites/zakdoffman/","twitterName":"@ukzak","authorType":"individual","facebookName":"ukzak","linkedIn":"https://www.linkedin.com/in/zakdoffman","email":"zakd@me.com","blog":false,"timestamp":1575706889105,"shortBio":"I write about security and surveillance.","blogName":"Zak Doffman","description":"

I am the Founder/CEO of Digital Barriers—developing advanced surveillance solutions for defence, national security and counter-terrorism. I write about the intersection of geopolitics and cybersecurity, as well as breaking security and surveillance stories. Contact me at zakd@me.com.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6533","shortUri":"http://bit.ly/2EBd8t3","displayChannel":"innovation","displaySection":"innovation","contributorSince":1540251025000,"slug":"zakdoffman","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","altEmail":"zakd@me.com","enableContribContact":true,"sigfile":"

Find me on Twitter or Linkedin or email zakd@me.com.nn

","enableTwitterFeed":false,"instagramHandle":"","disableCanonical":false,"disableDigest":false,"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":false},"publication":{"naturalId":"blogAuthorId/blog/author/blog-6533","name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","profileUrl":"https://blogs.forbes.com/zakdoffman/profile/","twitterName":"UKZak","authorType":"individual","linkedIn":"https://www.linkedin.com/in/zakdoffman/","blog":true,"timestamp":1565095792994,"primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6533","primaryContributor":"blogAuthorId/blog/author/3339159","primaryContributorData":{"naturalId":"blogAuthorId/blog/author/3339159","name":"Zak Doffman","avatars":[{"size":136,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=136&d=mm&r=g"},{"size":40,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=40&d=mm&r=g"},{"size":400,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=400&d=mm&r=g"},{"size":62,"image":"https://secure.gravatar.com/avatar/9e81c73adca937778db3039d8ba72b45?s=62&d=mm&r=g"}],"url":"http://www.forbes.com/sites/zakdoffman/","type":"Contributor","profileUrl":"/sites/zakdoffman/","twitterName":"@ukzak","authorType":"individual","facebookName":"ukzak","linkedIn":"https://www.linkedin.com/in/zakdoffman","email":"zakd@me.com","blog":false,"timestamp":1575706889105,"shortBio":"I write about security and surveillance.","blogName":"Zak Doffman","description":"

I am the Founder/CEO of Digital Barriers—developing advanced surveillance solutions for defence, national security and counter-terrorism. I write about the intersection of geopolitics and cybersecurity, as well as breaking security and surveillance stories. Contact me at zakd@me.com.

","primaryBlogNaturalId":"blogAuthorId/blog/author/blog-6533","shortUri":"http://bit.ly/2EBd8t3","displayChannel":"innovation","displaySection":"innovation","contributorSince":1540251025000,"slug":"zakdoffman","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","altEmail":"zakd@me.com","enableContribContact":true,"sigfile":"

Find me on Twitter or Linkedin or email zakd@me.com.nn

","enableTwitterFeed":false,"instagramHandle":"","disableCanonical":false,"disableDigest":false,"inactive":false,"division":"EU","allowEmail":true,"seniorContributor":false},"shortUri":"http://bit.ly/2EBd8t3","displayChannel":"innovation","displaySection":"innovation","contributorSince":1540236900000,"slug":"zakdoffman","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","enableContribContact":false,"enableTwitterFeed":true,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"UKZak","name":"Zak D","profileImageUrl":"http://pbs.twimg.com/profile_images/1051866334915678208/-tkpvHG7.jpg","description":"Founder/CEO @DigitalBarriers: Edge-AI and IOT surveillance for defence, security & counter-terrorism. Contributor @Forbes: Security & Surveillance.","createdDate":1305105697000,"location":"United Kingdom","url":"https://t.co/wevgXjxbna","expandedUrl":"http://www.digitalbarriers.com","displayUrl":"digitalbarriers.com","verified":false},"inactive":false,"allowEmail":false,"seniorContributor":false},"coAuthors":[]},"blogName":"Zak Doffman","bertieBadges":[],"metaEmbeds":{"thumbnail":{"id":-1,"type":"image","data":{"source":"getty","html":"","guid":"1201532622","caption":"","credit":"SOPA Images/LightRocket via Getty Images","width":4000,"height":2670,"cropRatioName":"custom","alignment":"","altText":"More twists and turns in Huawei Vs Trump.","aspectRatio":66.75},"position":"top","damImageUrl":"https://datingscams101.com/wp-content/uploads/2020/03/1583758071_264_960x0.jpg"}}},{"id":"5e621fa351c40800065c3dee","naturalId":"blogAndPostId/blog/post/2604-5e621fa351c40800065c3dee","source":"forbespress","author":"Emma Woollacott","title":"Facebook Takes Legal Action Over Alleged Cybersquatting","date":1583489455438,"bodyAsDeltas":"[{"insert":{"figure":"0"}},{"insert":"Facebook is attempting to crack down on 'deceptive' domain names that, it says, impersonate the company and can be used for scams and fraud. \nThe company is suing Arizona-based domain name registrar Namecheap, along with its proxy service, Whoisguard. Namecheap, it says, has been allowing customers to register domain names that imply they are affiliated with Facebook apps. \n\"These domain names can trick people into believing they are legitimate and are often used for phishing, fraud and scams,\" says Christen Dubois, Facebook's director and associate general counsel, IP litigation. \n"},{"attributes":{"color":"","link":"https://about.fb.com/news/2020/03/domain-name-lawsuit/"},"insert":"According to"},{"insert":" Facebook, Whoisguard registered or used 45 domain names that impersonated Facebook and its services, including instagrambusinesshelp.com, facebo0k-login.com and whatsappdownload.site. \n \"We sent notices to Whoisguard between October 2018 and February 2020, and despite their obligation to provide information about these infringing domain names, they declined to cooperate,\" says Dubois. \nBut Namecheap says it is standing firm, insisting that it won't hand over domain registrants’ private details without a court-ordered subpoena. \n\"Where there is no clear evidence of abuse, or when it is purely a trademark claim, Namecheap will direct complainants, such as Facebook, to follow industry-standard protocol,\" says CEO Richard Kirkendall in a statement. \n\"Outside of said protocol, a legal court order is always required to provide private user information.\" \nHe accused Facebook of an 'attack on privacy and due process'. \nIt's not the first time that Facebook has taken action over alleged domain name fraud. Last October, it filed a lawsuit in California against domain name registrar OnlineNIC and its proxy service ID Shield for allowing the registration of domain names including www-facebook-login.com and facebook-mails.com. That lawsuit is still ongoing. \nThe company says there are tens of millions of domain names on the web that have been registered using these proxy services, but that most registrars cooperate to take down offending domains. \nLast year, the World Intellectual Property Organization (WIPO) "},{"attributes":{"color":"","link":"https://www.wipo.int/pressroom/en/articles/2019/article_0003.html?utm_source=WIPO+Newsletters&utm_campaign=0f54e33541-EMAIL_CAMPAIGN_2019_03_14_08_54&utm_medium=email&utm_term=0_bcb3de19b4-0f54e33541-253503401"},"insert":"said"},{"insert":" that 3,447 cybersquatting disputes were filed during 2018 - a record number, and up 15 per cent from the year before. While banking and finance represented the greatest proportion of complaints at 12 per cent of the total, internet and IT companies were close behind at 11 per cent. \n\"Domain names involving fraud and phishing or counterfeit goods pose the most obvious threats, but all forms of cybersquatting affect consumers,\" commented WIPO director general Francis Gurry.\n"}]","image":"https://specials-images.forbesimg.com/imageserve/5e622131e1e617000758fe38/960x0.jpg","type":"blog","uri":"https://www.forbes.com/sites/emmawoollacott/2020/03/06/facebook-takes-legal-action-over-alleged-cybersquatting/","comments":[],"visible":true,"authors":[{"name":"Emma Woollacott","avatars":[{"size":136,"image":"https://blogs-images.forbes.com/files/2018/05/Emma-Woollacott_avatar_1527002646-136x136.jpg"},{"size":40,"image":"https://blogs-images.forbes.com/files/2018/05/Emma-Woollacott_avatar_1527002646-40x40.jpg"},{"size":400,"image":"https://blogs-images.forbes.com/files/2018/05/Emma-Woollacott_avatar_1527002646-400x400.jpg"},{"size":62,"image":"https://blogs-images.forbes.com/files/2018/05/Emma-Woollacott_avatar_1527002646-62x62.jpg"}],"url":"http://www.forbes.com/sites/emmawoollacott/","type":"Contributor","profileUrl":"/sites/emmawoollacott/","authorType":"individual","blog":false,"allowEmail":false},{"name":"Emma Wollacott","avatars":[{"size":0},{"size":0},{"size":0},{"size":0}],"url":"http://www.forbes.com/sites/emmawoollacott/","profileUrl":"https://blogs.forbes.com/emmawoollacott/profile/","authorType":"individual","blog":false,"allowEmail":false}],"channelSection":[{"channelId":"channel_74"},{"channelId":"channel_74","sectionId":"section_1275"},{"channelId":"channel_74","sectionId":"section_1277"}],"blogType":"individual","displayChannel":"technology","newsKeywords":["Facebook","cybersquatting","Namecheap","Whoisguard","phishing"],"primaryChannelId":"channel_74","primarySectionId":"section_1275","siteSlug":"emmawoollacott","timestamp":1583489455442,"statsEntities":[{"id":null,"name":"Technology_Internet","type":null,"relevance":null},{"id":null,"name":"World Wide Web","type":null,"relevance":null},{"id":null,"name":"Domain name system","type":null,"relevance":null},{"id":null,"name":"Computing","type":null,"relevance":null},{"id":null,"name":"Digital technology","type":null,"relevance":null},{"id":null,"name":"Cybercrime","type":null,"relevance":null},{"id":null,"name":"Confidence tricks","type":null,"relevance":null},{"id":null,"name":"Deception","type":null,"relevance":null},{"id":null,"name":"Fraud","type":null,"relevance":null},{"id":null,"name":"Namecheap","type":null,"relevance":null},{"id":null,"name":"Cybersquatting","type":null,"relevance":null},{"id":null,"name":"Phishing","type":null,"relevance":null},{"id":null,"name":"Domain name","type":null,"relevance":null},{"id":null,"name":"world intellectual property organization (wipo)","type":"Company","relevance":0.2},{"id":null,"name":"registrar","type":"Position","relevance":0.2},{"id":null,"name":"whatsappdownload.site","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"banking","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Francis Gurry","type":"Person","relevance":0.2},{"id":null,"name":"director and associate general counsel, IP litigation","type":"Position","relevance":0.2},{"id":null,"name":"proxy services","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Richard Kirkendall","type":"Person","relevance":0.2},{"id":null,"name":"CEO","type":"Position","relevance":0.2},{"id":null,"name":"World Intellectual Property Organization","type":"Organization","relevance":0.2},{"id":null,"name":"finance","type":"IndustryTerm","relevance":0.2},{"id":null,"name":"Christen Dubois","type":"Person","relevance":0.2},{"id":null,"name":"director general","type":"Position","relevance":0.2},{"id":null,"name":"Arizona","type":"ProvinceOrState","relevance":0.2},{"id":null,"name":"Facebook","type":"Company","relevance":0.2},{"id":null,"name":"Facebook","type":"Organization","relevance":0.2},{"id":null,"name":"Namecheap","type":"Person","relevance":0.2}],"writtenByForbesStaff":false,"templateType":"standard","enableSigfile":true,"blogId":"2604","pTagCount":15,"hashtags":["CyberSecurity"],"hideDescription":false,"sponsored":false,"doNotPaginate":false,"sentimentScore":-0.837445,"bvProgramType":"","embedData":[{"id":0,"type":"image","data":{"source":"getty","html":"Photo by Indranil Aditya/NurPhoto via Getty Images","guid":"5e622131e1e617000758fe38","caption":"Photo by Indranil Aditya/NurPhoto via Getty Images","credit":"NurPhoto via Getty Images","width":4851,"height":2213,"cropRatioName":"custom","alignment":"","altText":"Facebook logo on phone","aspectRatio":45.61945990517419},"position":"top"}],"authorGroup":{"primaryAuthor":{"naturalId":"blogAuthorId/blog/author/759977","name":"Emma Woollacott","avatars":[{"size":136,"image":"https://blogs-images.forbes.com/files/2018/05/Emma-Woollacott_avatar_1527002646-136x136.jpg"},{"size":40,"image":"https://blogs-images.forbes.com/files/2018/05/Emma-Woollacott_avatar_1527002646-40x40.jpg"},{"size":400,"image":"https://blogs-images.forbes.com/files/2018/05/Emma-Woollacott_avatar_1527002646-400x400.jpg"},{"size":62,"image":"https://blogs-images.forbes.com/files/2018/05/Emma-Woollacott_avatar_1527002646-62x62.jpg"}],"url":"http://www.forbes.com/sites/emmawoollacott/","type":"Contributor","profileUrl":"/sites/emmawoollacott/","twitterName":"EmmaWoollacott","authorType":"individual","facebookName":"Emma Woollacott","email":"emmawoollacott@gmail.com","blog":false,"timestamp":1574798695371,"blogName":"Emma Wollacott","topics":["games","techonomy","tech","lifestyle","politics","media--entertainment","business","arts--entertainment","small-business-roundtable","law","game-changers","washington","regulation","policy","science--technology","powering-productivity","security","social-media"],"description":"I've been writing about technology for most of my adult life, focusing mainly on legal and regulatory issues. I write for a wide range of publications: credits include the Times, Daily Telegraph and Financial Times newspapers, as well as BBC radio and numerous technology titles. Here, I'll be covering the ways content is controlled on the internet, from censorship to online piracy and copyright. You can follow my posts by clicking the '+ Follow' button under my name.","recentActivityCount":0,"latestActivityDate":1447686300000,"dailyActivityCount":0,"primaryBlogNaturalId":"blogAuthorId/blog/author/blog-2604","shortUri":"http://onforb.es/12M2dTu","displayChannel":"technology","contributorSince":1365704055000,"slug":"emmawoollacott","showNoVestPocket":false,"embargo":false,"primarySectionId":"section_1275","enableContribContact":true,"sigfile":"Follow me on Twitter: @EmmaWoollacott","enableTwitterFeed":false,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"EmmaWoollacott","name":"Emma Woollacott","profileImageUrl":"http://pbs.twimg.com/profile_images/458892917323468800/-3IrIQhF.jpeg","description":"Freelance journalist: technology, business, consumer affairs. Forbes, Raconteur, Private Eye, BBC Radio, AOL.","createdDate":1398242135000,"location":"Oxford, UK","url":null,"expandedUrl":null,"displayUrl":null,"verified":false},"inactive":false,"division":"EU","allowEmail":false,"seniorContributor":true},"publication":{"naturalId":"blogAuthorId/blog/author/blog-2604","name":"Emma Wollacott","avatars":[{"size":0},{"size":0},{"size":0},{"size":0}],"url":"http://www.forbes.com/sites/emmawoollacott/","profileUrl":"https://blogs.forbes.com/emmawoollacott/profile/","twitterName":"EmmaWoollacott","authorType":"individual","blog":true,"timestamp":1531248558866,"topics":["games","techonomy","tech","mobile","lifestyle","media--entertainment","arts--entertainment","business","politics","regulation","small-business-roundtable","sports--leisure","law","washington","innovation-and-science","policy","gear","game-changers","workplace-management","talent-strategies","culture-and-books","world-affairs","going-global","social-media","asia-outlook","science--technology","security","powering-productivity","europe","healthcare-innovation","health","asia","transformational-tech","sales-and-marketing","on-demand","data-driven","asia-pacific"],"recentActivityCount":2,"latestActivityDate":1447686300000,"dailyActivityCount":0,"primaryBlogNaturalId":"blogAuthorId/blog/author/blog-2604","primaryContributor":"blogAuthorId/blog/author/759977","primaryContributorData":{"naturalId":"blogAuthorId/blog/author/759977","name":"Emma Woollacott","avatars":[{"size":136,"image":"https://blogs.forbes.com/files/2018/05/Emma-Woollacott_avatar_1527002646-136x136.jpg"},{"size":400,"image":"https://blogs.forbes.com/files/2018/05/Emma-Woollacott_avatar_1527002646-400x400.jpg"},{"size":40,"image":"https://blogs.forbes.com/files/2018/05/Emma-Woollacott_avatar_1527002646-40x40.jpg"},{"size":62,"image":"https://blogs.forbes.com/files/2018/05/Emma-Woollacott_avatar_1527002646-62x62.jpg"}],"blog":false,"shortBio":"I cover the control of content on the internet.","description":"I've been writing about technology for most of my adult life, focusing mainly on legal and regulatory issues. I write for a wide range of publications: credits include the Times, Daily Telegraph and Financial Times newspapers, as well as BBC radio and numerous technology titles. Here, I'll be covering the ways content is controlled on the internet, from censorship to online piracy and copyright. You can follow my posts by clicking the '+ Follow' button under my name.","allowEmail":false},"shortUri":"http://onforb.es/12M2dTu","displayChannel":"technology","contributorSince":1365689759000,"slug":"emmawoollacott","showNoVestPocket":false,"embargo":false,"primaryChannelId":"channel_74","primarySectionId":"section_1275","enableContribContact":false,"enableTwitterFeed":true,"disableCanonical":false,"disableDigest":false,"forbesTwitterProfile":{"screenName":"EmmaWoollacott","name":"Emma Woollacott","profileImageUrl":"http://pbs.twimg.com/profile_images/458892917323468800/-3IrIQhF.jpeg","description":"Freelance journalist: technology, business, consumer affairs. Forbes, Raconteur, Private Eye, BBC Radio, AOL.","createdDate":1398242135000,"location":"Oxford, UK","url":null,"expandedUrl":null,"displayUrl":null,"verified":false},"inactive":false,"allowEmail":false},"coAuthors":[]},"blogName":"Emma Wollacott","bertieBadges":[{"id":"5e663af6131d45000613b7cc","slug":"editors-pick","displayName":"Editors' Pick","status":"active","priority":8888,"streamUrl":"https://www.forbes.com/editors-picks","display":true}],"metaEmbeds":{"thumbnail":{"id":-1,"type":"image","data":{"source":"getty","html":"Photo by Indranil Aditya/NurPhoto via Getty Images","guid":"5e622131e1e617000758fe38","caption":"Photo by Indranil Aditya/NurPhoto via Getty Images","credit":"NurPhoto via Getty Images","width":4851,"height":2213,"cropRatioName":"custom","alignment":"","altText":"Facebook logo on phone","aspectRatio":45.61945990517419},"position":"top"}}}],"tracking":{"author":"Zak Doffman","bertie":"true","bertieBadgeSlugs":"","blogType":"individual","brandVoice":"","bvCategory":[],"bvContentSource":"","bvProgramType":"","categories":"Innovation,Consumer Tech,Cybersecurity","channelNames":"Innovation","coAuthor":"","coAuthorControl":"false","contribActive":"true","contribDivision":"EU","contribType":"Contributor","coreBrands":"","coverStory":"","customPage":"https://www.forbes.com/sites/zakdoffman/2020/03/09/alarming-paypal-scam-alert-this-stupidly-simple-new-hack-puts-you-at-risk-heres-how-it-works/","desktopArticle":true,"dfpZone":"article-d","edit":"","editorsPick":false,"entitySegments":["cybersecurity","savings","moneymarket","techbrands"],"fastAt":"individual","fastAu":"blogAuthorId/blog/author/3339159","fastCh":"channel_74","fastI":"blogAndPostId/blog/post/6533-5e64f68c45ae1a0006c9048d","fastN":"","fastPt":"blog","fastSe":"section_1275","fastSu":"https://www.forbes.com/sites/zakdoffman/2020/03/09/alarming-paypal-scam-alert-this-stupidly-simple-new-hack-puts-you-at-risk-heres-how-it-works/","gamZone":"article/standard/default/standard","hashtags":"CyberSecurity","hashtagsTrending":"","heroImage":"false","imageCount":4,"insights":"","isGroupBlog":false,"login":"false","naturalID":"blogAndPostId/blog/post/6533-5e64f68c45ae1a0006c9048d","newsKeywords":"paypal security,PayPal update,android security,iOS security,windows security","pageNumber":"1","pageTotal":"1","pageType":"blog:standard","paidContentBrand":"","paidContentType":"","paragraphs":18,"primaryChannel":"Innovation","primarySection":"Cybersecurity","publicationAuthor":"Zak Doffman","publishDate":"2020-03-09","publishHour":"05","sectionNames":"Innovation:Consumer Tech,Innovation:Cybersecurity","sections":"EU,Innovation,Cybersecurity","seniorContributor":"false","sentimentCompanies":"","signedIn":"not signed-in","siteSlug":"zakdoffman","slot":"","streamPosition":0,"templateType":"standard","title":"Alarming PayPal Security Alert: This Stupidly Simple New Hack Puts You At Risk—Here’s How It Works","updateDate":"2020-03-09","updateHour":"06","version":"ss-article-desktop","videoLocation":"","weekdayPublish":"Monday","wordCount":"1114"}}


Source link

————————————————————–

Source link
>