Aggrieved investors are suing their telecoms providers after falling victim to scammers using SIM-Swapping techniques.

Small-scale crypto investors are being increasingly targeted by hackers, according to one report published this week.

Cybercriminals are performing a fraudulent practice called SIM-swapping – within which a person’s phone number is switched to a new device. Several telecoms carriers are now embroiled in lawsuits brought by victims who feel they were not sufficiently protected.

Shielding yourself from SIM-Swapping involves limiting the personal information you put on social media and using tech like password managers and authenticator apps. [such as a time-based pseudo random number [ed.]

Crypto-Thieves Move on to Smaller Fish

Reporting in The Wall Street Journal details how one individual who invested their life savings in Bitcoin had their accounts emptied overnight, losing $80,000 or more in cryptocurrency value.

Small-time investors have been affected by these large-scale attacks in the past – but now, it seems cybercriminals are cutting out the middle man and going straight for the investors themselves via sim-swapping scams.

What is SIM-Swapping

SIM-swapping is an increasingly common way to subsume control of someone’s mobile number. This initially involves some social engineering on behalf of the hacker in question, as they will have to ‘verify’ who they are, duping the telephone carrier into thinking they are in fact their victim.

Legal Battles and FCC Action

Aggrieved investors have already opened legal proceedings against various phone carriers, which The Wall Street Journal says has already caused some providers to modify their security provisions.

(Newser) – You know from the get-go you’re in for an interesting read: “It’s a tale as old as Tinder: Girl meets Boy. Boy convinces Girl to hand over a large chunk of cash. Boy ghosts Girl.” That’s how David Voreacos and Francesco Maglione begin their tale at Bloomberg of an online romance scam that cost one woman a staggering $8 million. And while romance scams are nothing new these days—the FBI says they cost victims a collective $956 million in 2021, up 60% from the previous year—the story introduces what for many will be a new phrase in the lexicon of such schemes: “pig butchering.” It refers to scammers’ technique of fattening up a victim’s bank account before draining it, the better to earn their confidence. This particular story involves 25-year-old Divya Gadasalli of Texas, whose father’s death in 2015 left the family flush with cash.

It soon became clear the trading platform she was using was bogus, as was Bulasa, whom she never met in person.

Advertisers—and shady ad middlemen—are paying to violate your privacy hundreds of times every day you’re online.How many times do you think your privacy gets violated every day you spend surfing the web? Maybe once? Twice? A few dozen times? It turns out that daily number is in the hundreds, according to a new report from the Irish Council for Civil Liberties (ICCL). On average, a European user’s data is shared with advertising and adtech middlemen 376 times per day—and for Americans, it’s double that: 747 times daily, the report reads.

That’s how often people online across the world are exposed to a little-known process called “real-time bidding,” or RTB, the ICCL says, citing figures from a “confidential” source. RTB is the process that advertisers use to place bids on advertising slots on a page, auction style. Every time you load up a webpage, there’s a span of about 200 milliseconds where the webpage shares data about you and your browser. Then advertisers offer a dollar amount to target their ads towards that bundle of data. The highest bidder takes the slot, and their ad appears to you. RTB happens on your desktop, in your mobile browser, inside apps, or really anywhere ads are found.

…

Filed: Privacy and Security

A new advisory from three U.S. federal agencies is warning businesses of North Korean hackers pretending to be your friendly neighborhood IT professional looking for contract work. Imagine Tinker Tailor Soldier Spy but instead everyone’s on the internet, and suddenly it doesn’t seem like an international spy thriller and more like the all-too common story of people getting catfished by data-thirsty keyboard warriors.Reuters first reported on a new document released Monday by the U.S. Treasury and State Department along with the FBI. It advises public businesses of the potential threat of the Democratic People’s Republic of Korea corps of fake IT workers who pose as non-North Korean nationals looking for long-distance work.

…

Filed: Tech – News

The New York Times: “Are you an “insider threat?” The company [or federal government employer] you work for may want to know. Some corporate employers fear that employees could leak information, allow access to confidential files, contact clients inappropriately or, in the extreme, bring a gun to the office. To address these fears, some companies subject employees to semi-automated, near-constant assessments of perceived trustworthiness, at times using behavioral science tools like psychology …