The reports of my death have been greatly exaggerated.

Never before has the above Mark Twain quote been more appropriate. Social media and viral content spreads fake or exaggerated news at lightning speeds, including incorrect news of deaths.

Recently, I heard the story of a comedian who had fallen into a diabetic coma. When his friends learned of his eventual death, they rushed to Facebook to eulogize him. They all told great stories and wrote lovely sentiments in the comments section of a single post, which went viral. 

The problem? He wasn't dead. 

However, the post about the comedian being alive wasn't deemed popular enough by Facebook's algorithms, so it was buried (forgive the pun). The post on his death continued to spread. 

Hearing the story reminded me of Twain's quote, which is itself a half truth. Records indicate the famous author and humorist was actually misquoted.

Just goes to show, we must always double check our facts!

The dog days of summer are here. Hope you enjoy the puppy pics included in this month's Tips.

freshFresh Phish: Ransom Demand for Spicy Video
Popular scam claims to have salacious home movie... of you!

 

Take a look at the phishing scam below that ended up in my inbox. Even The Privacy Professor, who knows better than to fall for a trick like this, had a momentary adrenaline rush from reading such a shocking message

(WARNING: The email contains explicit language. But it's important to provide this example because messages like this are being distributed more frequently. I want readers to see just how graphic phishers get to shock and scare victims into doing what they want.)


I certainly knew a video like this did not exist. But what if a scammer put my name in the caption of a video with a faceless individual? Or worse, what if a digital editing expert managed to put my face into a video showing someone else? Something like that would be easy enough for a scammer to create, and not just for me, but for anyone, including my readers.

Rather than indulge in the 'what ifs' I followed the advice I have given countless friends, family and clients: I hit delete. (I also sent a copy to friends in agencies who investigate these types of messages.)
 
Can You Spot the Red Flags?

There are at least three common indicators in the above email that point to a scam:
  • Numerous spelling and grammar mistakes (although the sender tries to explain this away in the first line).
  • Name of sender (UK Parking Control) and email domain (AndrewAbel-Malik.com) are mismatched.
  • Scammer requires recipient to pay via cryptocurrency, in this case BTC (or Bitcoin as its more commonly known). 
There are others.  Can you spot  them ?  (I'll share one more at the end of this Tips message.)

hero2Privacy Hero: CVS Security Awareness Team     
 
 
 
Team effort raises employee awareness

Led by Julie Rinehart and Nicole Thibault (in the picture), CVS Health's annual Information Security conference is an internal effort aimed at continuing to grow the company's culture of security. 

The team also leverages October's National Cyber Security Awareness Month for a company-wide event that hosts speakers who address topics of interest to a wide audience. The topics apply both at home and work. 

Julie tells us that CVS Health believes privacy and cyber security go together. That is why they so adeptly blend the two issues throughout their programs. Support from CVS Health's leadership helps make each of their events possible year after year.

I was honored to be a part of CVS Health's 2017 Information Security conference. It was an impressive effort by a company with a large circle of influence. I was especially impressed by the obvious attention to detail and planning, and it sure paid off. The event attracted a large turnout of employees who had really great questions. 

Julie, Nicole and the leadership of CVS Health are to be commended!


We want to know: Who is your privacy hero?
 
Throughout 2018, we'll introduce an individual or team who has gone over and above to advance data security and/or privacy in their corner of the world. To nominate, simply  drop us a note and explain why we need to know your hero.
 
At the end of December, we will announce our Privacy Hero of 2018. The hero will receive a token of appreciation and commemoration of outstanding work.

dnaWho Has Your DNA?
Genealogy company breach has people wondering
  
My Stella with shed antlers she found in the woods.
Close to 100 million accounts were compromised when genealogy and DNA testing firm MyHeritage was breached in June. This for-profit entity makes money by analyzing the DNA samples of anyone willing to pay for the service.

While MyHeritage has said DNA files were not compromised, the vulnerability of their systems has to make the people who've sent profiles into the firm nervous.

What can someone in possession of your DNA profile do with it? Any number of disturbing things, including:
  • Leak your genetic markers for disease or mental illness to an employer, love interest, political foe, legal adversary or insurance provider.
  • Use your DNA to uncover a familial link to a known or suspected criminal.
  • Recreate or drop your DNA at the scene of a crime to send police on a wild goose chase.
  • Share your data with drug companies or researchers who then build profiles of you and fail to protect them from intrusions.
To learn more about the vulnerability of DNA and how it's currently being used, listen to this on-demand episode of my radio show Data Security & Privacy with The Privacy Professor with guest Mellissa Helligso.

worldWorld Cup Scam Alert
Con artists love global events like this

 
The U.S. FTC put out a warning for consumers to be on high alert to guard against World Cup scams. Here's a recap of the FTC's tips:
  • Ignore any email that claims you've won World Cup tickets.
  • Never pay a fee to claim a prize.
  • If you choose to buy tickets from a reseller or broker, you run the risk of receiving invalid tickets.
  • Buy tickets with a credit card to take advantage of card network protections.
Beware of fake team apparel online stores. Look for the https in the URL and read reviews. 
youngYoung Activist Addresses Swatting, Online Privacy
Teenager shocked to find address, political affiliation online


Although gun control is the issue Florida teenager David Hogg cares most deeply about, his time in the news has brought awareness to two additional troubles: swatting scams against police and the online availability of personal, private information.

The teenager and his local police department were the victims of a swatting scam last month. The scammer made a fake call into 911 claiming a hostage situation was underway at Hogg's home address.

And that home address was not difficult for the crook to find, Hogg points out to Motherboard. When he searched his name at VoterRecords.com, he found not only his address, but his name, age and party affiliation.

The accessibility of information like this is making swatting all the more easy to deploy with little to no sophistication. In fact, in many of the high-profile swatting cases reported, the scammer has been a teenager. 

Swatting often targets those with different views from those launching the swatting attack. One of the other Parkland shooting survivors, Cameron Casky, for example, has been a victim of swatting, as well.  

To learn more about swatting scams, including what you can do to help police detect and prevent them, listen to this on-demand episode of my radio show Data Security & Privacy with The Privacy Professor with my guest Tom Conley.


bornAll Privacy Pros Born on Jan. 1?
   
 
  
Put your personal information online at your own risk


Hi, Stella!
If you take a moment to search data privacy and security professionals on Facebook, you'll find many of them share the same birthday - January 1.

That's because we all know the dangers of revealing too much about ourselves online. Facebook was created for data sharing, not data protecting.

You may also see that many of these folks "live" in very unusual places (e.g. I "live" in Elephant Island, Antarctica).

On June 6, I visited the CWiowa morning show to talk about the risks of putting personal information on Facebook. Although the social giant has always included its intention to collect and share the data of its users, many only recently began to pay attention.
Here are a few other Facebook tips:
  • Turn off GPS tracking within Facebook. That data can create a history of where you've been, valuable information in divorce, insurance and other cases.

  • As the Washington Post points out, just say no to defaults. Question everything that's already checked for you when you download Facebook (or any app for that matter).

  • Every so often, check which apps you've connected to Facebook. Each of those third parties has access to as much as your entire Facebook data history. What's more, your friends' apps also have been able to access your personal data. Disturbingly, Facebook says it has no idea where all that data went, who has it now or how it is being used. 

  • Download and delete your Facebook history at least annually. If nothing else, the exercise allows you to see just how much information you're putting out there for contacts (and potentially others) to see. Instructions on downloading Facebook data
 

PPInewsWhere to Find the Privacy Professor  
  
 

In the classroom... 

After years of  providing a regularly updated set of online employee training modules for my SIMBUS business clients,  and on-site certification teaching for IAPP, I'm excited to now also be teaching online IAPP-approved CIPP certification classes. 

As an instructor for AshleyTrainingOnline, an IAPP-registered certified training partner, I will host a full schedule of classes . Hope to see you in the virtual classroom sometime soon!
    
Next Class

July 26-27: CIPT Certification 

 ** I also teach CIPM and CIPP/US classes, so if you are interested in those, let me know!**


On the road...

One of my favorite things to do is visit with leaders in different industries - health care and managed systems providers to insurance and energy (and beyond!). Below are a few of the events I have scheduled for the upcoming season.

June 26: Facilitated the online seminar, "Practical Steps to Scale Your Vendor Risk Management Program," at the IT GRC Executive Forum. Recording now available

July 13: Giving keynote, Electric Grid Security, at the Central Iowa Power Cooperative ( CIPCO) IT Users Group in Des Moines, Iowa. 

July 20: Presenting online session, "I mprove Your Cybersecurity: Work With Vendors to Protect Data," for ASAE. 

September 5: Giving keynote, "Understanding the Privacy Impact of Cloud Services & Social Media," at Spotlight on Security Speaker Series hosted by ISSA, ISACA, Women in Security, netskope and Sprint. Event is in Overland Park, Kansas.

September 19-20: Giving keynote and sessions at Data Privacy Asia, Manila, Philippines.

October 10-11: Giving keynote at SecureWorld Dallas in Texas. 

November 7-8: Giving keynote at SecureWorld Seattle in Washington. 


On the air... 

HAVE YOU LISTENED YET? 

I'm so excited to be hosting the radio show  Data Security & Privacy with The Privacy Professor on the  VoiceAmerica Business network . All episodes are available for on-demand listening on the VoiceAmerica site, as well as iTunes, Mobile Play, Stitcher, TuneIn, CastBox, Player.fm and similar apps and sites. 

Hear the perspectives of incredible guests as they talk through a wide range of hot topics. We've addressed identity theft, medical cannabis patient privacy, cybercrime prosecutions and evidence, government surveillance, swatting and GDPR, just to name a few. One of our recent guests even talked about his personal experiences with historical notables Jimmy Hoffa, Gloria Steinem and Fidel Castro

Several episodes provide career advice for those in, and wanting to pursue, cybersecurity, privacy and IT professionsPlease check out some of my recorded episodes, and let me know your feedback! I truly do use what I hear from listeners.


Do you have an idea for a show topic? Or would like to suggest someone who would be a great guest? Please let me know!


In the news... 

CityView


Credit Union Times


Health Care Info Security



Kyodo News Service

"GDPR articles with experts" available in  Japanese  in the "Clue"   Kyodo News service and "Eikon" Tomson Reuters service. SIDE NOTE: I'm interested in finding a Japanese-to-English translator so I can read the article! If you have any recommendations, please send them along

NBC News

Alexa privacy fail highlights risks of smart speakers

Tech Target



Recognition and honors...

Ponemon Institute

In June, I was thrilled to receive, and accept, a nomination from Dr. Larry Ponemon himself to become a Distinguished Fellow of the  Ponemon Institute . The community is a thought leadership group composed of around 100 professionals with deep expertise in information and cyber security, data protection and privacy. I'm very excited to join this group, as well as participate in monthly webinars and the annual RIM Renaissance event. 

Pro Resource

I was pleasantly surprised to be included in the Excellent Twitter Examples: Cybersecurity CEOs list.

Two really cool things about being on this list: 
  1. The others named (e.g. Robert Herjavec) are so outstanding and well known.
  2. Top billing! What an honor...

CWIowa Live

The morning TV broadcast regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes.

On June 6,we talked about what every consumer needs to understand about digital assistants and Facebook, namely that what you share with these places is collected, analyzed and shared, possibly with hundreds of third parties. 

Keep an eye on my YouTube channel, where you can catch up on many of my visits to CWIowa Live. 

Questions? Topics?

Have a topic I should discuss on the  CWIowa Live morning show or on my Voice America radio show? Or, a question I can answer in my next monthly Tips? Let me know!
flagPhishing Scam Red Flag

Here's another way I determined the above email was a scam: I copied a portion of the explicit part of the message, put the phrase in quotes and did an search. I found the same message reported in many other places. 

Do you see other clues? Let me know!


Hanging with Buster & Dotty, 1992
Anything you find, learn or explore on the Internet must be double checked. The great benefit of so much information so readily accessible is also a great downfall. Anyone can publish anything. Be aware of the source, and definitely don't share unless you are confident in the trustworthiness of that source! 

Have a wonderful, safe and privacy aware July!


Rebecca
Rebecca Herold, The Privacy Professor

Need Help?


Permission to Share

If you would like to share, please forward the Tips message in its entirety. You can share  excerpts, as well, with the following attribution:

Source: Rebecca Herold. July 2018 Privacy Professor Tips. www.privacyprofessor.com.

NOTE: Permission for excerpts does not extend to images.

Privacy Notice & Communication Infoprivpolicy

You are receiving this Privacy Professor Tips message as a result of:

1) subscribing through PrivacyGuidance.com
2) making a request directly to Rebecca Herold; or 
3) connecting with Rebecca Herold on LinkedIn

When LinkedIn users initiate a connection with Rebecca Herold, she sends a direct message stating that in the spirit of networking and in support of the encouraged communications by LinkedIn, she will send those asking for LinkedIn connections her Tips message monthly. If they do not want to receive the Tips message, LinkedIn connections are invited to let Rebecca know by responding to that LinkedIn message or contacting her at rebeccaherold@rebeccaherold.com. 

If you wish to unsubscribe, just click the SafeUnsubscribe link below.
 
 
The Privacy Professor
Rebecca Herold & Associates, LLC
SIMBUS, LLC 
Mobile: 515.491.1564

Visit my blog    Follow me on Twitter