My latest Guardian column, "Automated calls, fraud and the banks: a mismatch made in hell," reacts to the news that UK banks are using robo-call machines to check in with customers on possibly fraudulent transactions, and going about it in the worst way possible:
The banks, bless them, are only trying to prevent fraud, but this is a pretty silly way of going about it. For starters, there's the business of calling up people and asking them to give you all the information necessary to prove that they are indeed a bank customer – all the information that a fraudster needs to impersonate that person at the bank, in other words. The banks have spent decades systematically conditioning us to give our personal information to fraudsters, which is a strange way to prevent fraud.
But at least this silliness had one saving grace: a fraudster can only make so many calls per day, and so the scope of losses from such a programme of bad security education is limited by the human frailties of con-artists.
Enter the robo-caller. The banks are now outsourcing their fraud prevention to computers that can make dozens of calls all at once, around the clock, fishing (or phishing) for someone who just happened to have made an unusual purchase and is thus willing to spill all his details down the phone to get it approved. Note that most of the categories of purchase that trigger false positives from fraud detection systems are also the sort of thing that customers are anxious to see go off without a hitch. The unusual and the urgent often travel together.
Automated calls, fraud and the banks: a mismatch made in hell
Checkmarx researchers including Erez Yalon have created a "rogue Alexa skill" that bypasses Amazon's security checks: it lurks silently and unkillably in the background of your Alexa, listening to all speech in range of it and transcribing it, then exfiltrating the text and audio of your speech to the attacker.
Finnish security researchers Tomi Tuominen and Timo Hirvonen can clone many master hotel keys very quickly using their clever cryptography, an expired keycard from the hotel trash, and a $300 Proxmark RFID card reading and writing device. It takes them about one minute to create a master hotel key. Video demo below. From Wired: The […]
The Vingcard Vision locks are RFID-based hotel locks; at this week's Infiltrate conference in Miami, Tomi Tuominen and Timo Hirvonen from F-Secure will present a method for combining a $300 Proxmark RFID tool with any discarded key from a given hotel to derive the master keys that allow them to unlock every room in the […]
Our computers are home to a myriad of files and documents, many of which contain sensitive information. While storing this data on your computer is convenient, it’s not exactly safe, and with news headlines highlighting data leaks and ransomware attacks on what seems like a daily basis, moving them to a safer location is a […]
Total versatility isn’t something you’d typically find in a telescope. While magnification tech has come a long way, most telescopes are designed to either gaze upon the stars or view the landscapes beneath them. The Omegon Maksutov Telescope MightyMak 60 lets you do both, and thanks to its compact design, you can easily incorporate some sightseeing into […]
The web is an invaluable tool for connecting small businesses with their target audiences. However, when it comes to building a website and marketing online, the learning curve can be steep if you’re doing it on your own. The WordPress Essentials Lifetime Bundle can help you out by getting you up to speed with the platform […]