November Cyber Bytes


The holiday season is nearing. Soon millions of people will be looking to buy the perfect gifts, and many of us will shop online. Unfortunately, cyber criminals will be active as well, creating fake shopping websites and other online shopping scams to steal your information or money. Learn how you can find good deals without becoming a victim.

Fake Online Stores

Criminals create fake online stores that mimic the look of real sites or use the names of well-known stores or brands. When you search for the best online deals, you may find yourself at one of these fake sites. By purchasing from such websites, you can end up with counterfeit or stolen items, or your purchases might never be delivered. Take the following steps to protect yourself:

  • When possible, purchase from online stores you already know, trust, and have done business with previously. Bookmark these online stores.
  • Be suspicious of ads or promotions on search engines or social media that are significantly lower than those you see at the established online stores. If a deal sounds too good to be true, it may be a scam.
  • Be careful with websites that have no way to contact them, broken contact forms, or use personal email addresses.
  • Be suspicious if a website looks just like one you've used in the past, but the website domain name or the name of the store is different. For example, you may be used to shopping at Amazon, whose website address is, but end up at a fake website that looks similar but has the website address
  • Type the name of the online store or its web address into a search engine to see what others have said about it. Look for terms like "fraud," "scam," "never again," and "fake."
    Protect your online accounts by using a unique, strong password for each of your accounts. Can't remember all your passwords? Consider storing them all in a password manager.

Scammers on Legitimate Websites

Keep your guard up even when shopping at trusted websites. Online stores often offer products sold by third parties - different individuals or companies - that might have fraudulent intentions. Such online destinations are like real-world markets, where some sellers are more trustworthy than others.

  • Check each seller's reputation before placing the order by reading their reviews.
  • Be wary of sellers who are new to the online store, lack reviews, or who sell items at unusually low prices.
  • Review the online store's policy on purchases from such third parties.
  • When in doubt, purchase items sold directly by the online store, not by the third-party sellers that participate in its online marketplace.
  • Even with legitimate vendors, be sure that you understand the seller’s warranty and return policies before you make your purchase.

Online Payments for Purchases

Regularly review your credit card statements to identify suspicious charges. If possible, enable the option to notify you by email, text, or app when a charge is made. If you find any suspicious activity, report it to your credit card company immediately. Use credit cards instead of debit cards for online payments. Debit cards take money directly from your bank account; if fraud is committed, you'll have a much harder time getting your money back. Electronic payment services or e-wallets such as PayPal are also a safer option for online purchases, since they do not require you to disclose a credit card number to the vendor. Avoid websites that only accept payment in cryptocurrency or require obscure payment methods.

Just because an online store has a professional look does not mean it's legitimate. If the website makes you uncomfortable, don't use it. Instead, head to a well-known site you can trust or have safely used in the past. You may not find that incredible deal, but you are much more likely to avoid getting scammed.

You can now ask Google to stop your child's pictures from showing up in searches

(Source: Businessinsider)

Google is allowing anyone under the age of 18, or their parent or guardian, to remove their images from search results. This policy change was enacted on Wednesday and is part of what the company says is its larger shift towards protecting younger users on its platforms. Google originally announced increased protections for children and teens in August, allowing younger internet users to have safer avenues on the internet. For example, YouTube, which is owned by Google, is making its "take a break" and bedtime reminders default for all users ages 13 to 17 and limiting the visibility of videos posted by its younger users.

All requests will be reviewed by Google and its team may reach out for additional information for verification if needed. Once the image removal request is approved, it will no longer appear in the images tab or as thumbnails in any feature in Google Search and submitters will receive a notification, according to a Google blog post explaining the feature. Google did not respond to Insider's request to comment. "We believe this change will help give young people more control over their digital footprint and where their images can be found on Search," the company's post said. However, images that are removed from Google search results are not fully removed from the internet, Google warns. If users need an image removed online completely, Google recommends that users contact the site's webmaster where the image is hosted for removal. 

Google offers other features for its younger users to protect them "from shocking or harmful content." Some of these features include SafeSearch that limits explicit and inappropriate inquiries, content filters, and educational resources. On Tuesday, lawmakers met with representatives from Snapchat, TikTok, and YouTube to discuss child safety online. The Senate Commerce subcommittee on consumer protection, product safety, and data security asked questions about how the platforms have been misused by teenagers to promote dangerous and reckless behavior. None of the tech companies committed to any legislative proposals.

Facebook to Shut Down Facial Recognition System and Delete Billions of Records 

(Source: The Hacker News)

Facebook's newly rebranded parent company Meta on Tuesday announced plans to discontinue its decade-old "Face Recognition" system and delete a massive trove of more than a billion users' facial recognition templates as part of a wider initiative to limit the use of the technology across its products. The Menlo Park tech giant described the about-face as "one of the largest shifts in facial recognition usage in the technology's history." The shutdown, which is expected to take place over the coming weeks, will mean users who have previously opted into the setting will no longer be automatically recognized in Memories, photos and videos or see suggested tags with their name in photos and videos they may appear in. Furthermore, the company's Automatic Alt Text (AAT) tool, which creates image descriptions for visually impaired people, will no longer include the names of people identified in photos.

Facebook's discontinuing of the program comes in the wake of sustained privacy and ethical concerns raised using facial recognition that it could be abused to target marginalized communities, further racial bias, and normalize intrusive surveillance, leading to government bans across a number of cities in the U.S. such as Boston, San Francisco, New Orleans, and Minneapolis, among others. In May 2021, Amazon announced it would indefinitely extend a moratorium on law enforcement's use of its facial recognition systems. The company said it's making the change because of a need to "weigh the positive use cases for facial recognition against growing societal concerns, especially as regulators have yet to provide clear rules." That said, Meta said it will maintain the use of face recognition in "services that help people gain access to a locked account, verify their identity in financial products or unlock a personal device," nor does it rule out incorporating biometrics into its emerging metaverse business. Meta is also expected to retain DeepFace, the sophisticated algorithm that powers its photo-tagging facial recognition system, the company told the New York Times. Facebook introduced facial recognition in 2010 as a means to automatically tag photos and videos with names based on a "face recognition template" it generates from users' profile pictures as well as photos and videos that they have been already tagged in, alongside notifying users when they appear in multimedia content posted by other users and providing recommendations for whom to tag in the photos. Although enabled by default at launch, the feature was scaled back and made an explicit opt-in in September 2019, following which more than a third of Facebook's daily active users — about 640 million people — are said to have opted to turn on the setting.

If anything, Meta's decision to move away from facial recognition appears to be a step designed to pre-empt any regulatory scrutiny following years of legal woes, including a lawsuit in the U.S. state of Illinois that took the company to court for violating the Biometric Information Privacy Act (BIPA) and using the tech to identify Illinois residents photos without their consent. The company, earlier this March, was ordered to pay $650 million to settle the class-action suit. The development also arrives as Facebook attempts to rebrand and distance itself from a wide range of controversies that have plagued its products in recent years, what with the company recently coming under the lens for allegedly prioritizing engagement and profits over users' safety and real-world harms exacerbated by its platforms. "This is great news for Facebook users, and for the global movement pushing back on this technology," the Electronic Frontier Foundation said in a tweet.

Are your passwords on the dark web? How to check what leaked after a data breach 

(Source: CNET)

If your personal data has been compromised, you often won't learn about it until T-Mobile, Facebook, Marriott, DoorDash, LinkedIn or any other company you're trusted with your information notifies you about a data breach. By that time your birthday, Social Security number, credit card number, health records or other data will have already been exposed or stolen. 

Any stolen personal information that leads data thieves to your identity can let hackers do everything from making purchases and opening up credit accounts in your name, to filing for your tax refunds and making medical claims, all posing as you. What's worse, billions of these hacked login credentials are available on the dark web, neatly packaged for hackers to easily download for free.

You can't stop sites getting hacked, but you can take a few steps to check if your information may be compromised and to limit the damage done from a breach. If you use a password manager that creates unique passwords, you can ensure that if one site gets breached, your stolen password won't give hackers access to your accounts on other sites. A good password manager can also help you manage all your login information, making it easy to create and then use unique passwords.

After a cyberattack, a couple of monitoring tools can alert you to which of your stolen credentials are out in the wild on the dark web, giving you a running start at limiting the damage the thieves can do. Here's how to use two free monitoring tools -- Google's Password Checkup and Mozilla's Firefox Monitor -- to see which of your email addresses and passwords are compromised, so you can take action.

How to use Google's Password Checkup

As part of its password manager service, Google offers the free Password Checkup tool, which monitors usernames and passwords you use to sign into sites outside of Google's domain and notifies you if those login credentials have been exposed. (You may remember Password Checkup when it was a Chrome extension you had to add separately to Google's browser. This is the same tool folded into Google's password manager.)

  1. If you use Google's password service to keep track of your login credentials in Chrome or Android, head to Google's password manager site and tap Go to Check passwords.
  2. Tap Check Passwords and verify it's you.
  3. Enter the password for your Google account.
  4. After thinking for a bit, Google will display any issues it's found, including compromised, reused and weak passwords.
  5. Next to each reused or weak password is a Change password button you can tap to pick a more secure one.

How to use Mozilla's Firefox Monitor

Mozilla's free Firefox Monitor service helps you track which of your email addresses have been part of known data breaches.

  1. To start, head to the Firefox Monitor page.
  2. Enter an email address and tap Check for Breaches. If the email was part of a known breach since 2007, Monitor will show you which hack it was part of and what else may have been exposed.
  3. Below a breach, tap More about this breach to see what was stolen and what steps Mozilla recommends, such as updating your password.

You can also sign up to have Monitor notify you if your email is involved in a future data breach. Monitor scans your email address against those found data breaches and alerts you if you were involved.

  1. Near the bottom of the Firefox Monitor page, tap the Sign up for Alerts button.
  2. If you need to, create a Firefox account.
  3. Tap Sign in to see a breach summary for your email. 
  4. At the bottom of the page, you can add additional email addresses to monitor. Mozilla will then send you an email at each address you add with a subject line "Firefox Monitor found your info in these breaches" when it finds that email address involved in a breach, along with instructions about what to do about following the breach.

How else to watch for fraud

Besides the tools from Mozilla and Google, you can take a few additional steps to watch for fraud.

Monitor your credit reports. To help you spot identity theft early, you request one free credit report a year from each of the three major credit bureaus -- Equifax, Experian and TransUnion -- to check for unfamiliar activity, such as a new account you didn't open. (Note that Equifax was itself part of a massive data breach.) You should also check your credit card and bank statements for unexpected charges and payments. Unexpected charges can be a sign that someone has access to your account.

Sign up for a credit monitoring service. To take a more active hand in watching for fraud, sign up with a credit monitoring service that constantly monitors your credit report on major credit bureaus and alerts when it detects unusual activity. With a monitoring service, you can set fraud alerts that notifies you if someone is trying to use your identity to create credit. A credit reporting service like LifeLock can cost $9 to $26 a month -- or you could use a free service like the one from Credit Karma that will watch for credit fraud but not ID fraud, such as someone trying to use your Social Security number.