Latest news with #ParameterSecurity
Yahoo
5 days ago
- Yahoo
Someone Might Be Watching You Through Your Home Security Camera. Here's What To Know.
It's unsettling to think your home may not be the safe space you intend it to be. As rewarding as technology is, it also carries home safety and privacy threats. You've probably heard stories of people and companies listening to your conversations through smart speakers or smartphones. (Yes, this really happens.) Maybe you've even heard about nightmare scenarios where people get access to a home camera system, which is a growing concern as in-home cameras from any number of brands — Blink, SimpliSafe, Ring, Nest, and Arlo — grow in popularity. Folks use these cameras in their homes to check in on kids, seniors, and pets. They also use them to monitor their homes for threats. Unfortunately, hackers can gain access to this footage, too. When it comes to hackers getting into your home camera systems, there are two possible scenarios: Someone accesses the live feed and watches you in real time, or someone hacks into your recorded videos from the past weeks, months or years, experts told HuffPost. How does this happen? And what can you do to protect yourself? Here's what security experts say: If you don't change the default password after buying your camera, it's more subject to hacking. Most people's home security cameras won't get hacked, but it does happen in certain scenarios. And, typically, when you talk about getting into in-home cameras, it's because of a bad password, said Dave Chronister, the CEO of Parameter Security. First, if you use a default password for your home camera, it's more vulnerable to nefarious activity, said Alex Hamerstone, the advisory solutions director for TrustedSec, an ethical hacking company. Your camera generally comes with a default username and password when you buy it, he explained. 'And hackers know, and scammers know, the default username and password so they can log into cameras if you have not changed the default username and password,' Hamerstone said. 'There's a site called Shodan that people oftentimes share links to, and what Shodan does is it goes on and looks for items with default passwords,' he added. 'So, whether it's a webcam or a router or something like that... it posts the footage from the cameras.' Hackers can also scan for default passwords associated with cameras to get into your system, Chronister said. 'We have found this in a lot of areas,' he said. Particularly, hackers will steal illicit videos of people in their homes and go on to share the footage on public websites and adult websites. If you are the target of a scam, you may also be at risk. Your camera could also be compromised if someone is targeting you or you're a victim of a phishing scandal, said Hamerstone. 'If I'm a specific target, somebody may try to phish me and find out my passwords whether it's for the camera or something else,' he said. 'And then they may, accurately, guess that someone's using the same password for all the different accounts, including cameras, and then log in that way,' he added. Then, they can gain access to your feed and any saved videos. In most cases, if you are being actively watched, the camera light should turn on. According to Chronister, the light that flashes on when you turn on a camera should turn on whenever that camera is in use, even when a hacker is in control. But, there may be camera manufacturers out there that don't have this feature — or, there could be a way to disable the light from turning on, he added. If you see your camera light turn on when you aren't actively using it, that's clearly a red flag — but isn't the only sign that someone is in your system. Bad actors can also get into your camera's files and look back through your recorded videos, which may not cause the light to switch on. There are a few things you can do to protect yourself: While you may never be victim to camera hacking, the risk is still there. 'My big thing is I just want people to be aware of the risk and then make an informed choice,' Hamerstone said. While having cameras in your house does mean someone could access your videos, there are a few things you can do to bolster your security. 'Number one, the biggest thing is disable any default passwords,' said Chronister. This is true for cameras and with anything else you buy, Hamerstone added. 'Hackers are lazy. If there are 10,000 cameras out there and 9,000 have the default password, they're not going to try to crack the other 1,000,' noted Chronister. Don't use your go-to password for your camera system. Really, you should never reuse old passwords, said Hamerstone, but especially for crucial things like cameras and banking. 'For most of us, if we have cameras we can go on our phone and log into that account and see [the footage or live feed],' Hamerstone said. You should turn on multi-factor authentication, like receiving a text code, when logging into the camera app. This makes the app more secure. Chronister said it's also important to keep your camera systems up-to-date. 'They are mini-computers. There should be an ability to update them to new firmware when needed,' Chronister said. Software can have vulnerabilities that require system updates to address the vulnerability and keep your account secure. If you have a camera in your home that has been installed yet unused for years and years, take it down, said Chronister. These cameras are old and outdated, which can open them up to security threats, he noted. Old cameras and old software don't have the same safety protections as newer alternatives. And make sure you don't have your cameras in the more private spaces in your home. It may sound like an oxymoron, but if you are going to have in-home cameras, keep them in the more public spaces in your home, said Hamerstone. 'So, maybe keep them in the kitchen, but not your bedroom or something like that,' he said. It may go without saying, but you should also keep cameras out of your bathroom, Chronister said. The risk outweighs the benefit when it comes to having cameras in your bedroom and bathroom, he added. If someone does access your in-home camera footage, you don't want it to be recordings of your most private moments. Someone watches you walk in your front door? Fine. Someone watches you have sex with your partner? Not fine. If you do install in-home cameras to watch loved ones or monitor your security, be sure to do it in the spaces that won't lead to problems if a bad actor eventually gets their hands on the article originally appeared on HuffPost.
Yahoo
17-04-2025
- Entertainment
- Yahoo
The Viral AI Action Figure Trend Could Be Putting Your Cybersecurity At Risk — Here's What To Know
If you're on social media, it's highly likely you're seeing your friends, celebrities and favorite brands transforming themselves into action figures through ChatGPT prompts. That's because, lately, artificial intelligence chatbots like ChatGPT are not just for generating ideas about what you should write ― they're being updated to have the ability to create realistic doll images. Once you upload an image of yourself and tell ChatGPT to make an action figure with accessories based off the photo, the tool will generate a plastic-doll version of yourself that looks similar to the toys in boxes. While the AI action figure trend first got popular on LinkedIn, it has gone viral across social media platforms. Actor Brooke Shields, for example, recently posted an image of an action figure version of herself on Instagram that came with a needlepoint kit, shampoo and a ticket to Broadway. People in favor of the trend say, 'It's fun, free, and super easy!' But before you share your own action figure for all to see, you should consider these data privacy risks, experts say. The more you share with ChatGPT, the more realistic your action figure 'starter pack' becomes — and that can be the biggest immediate privacy risk if you share it on social media. In my own prompt, I uploaded a photo of myself and asked ChatGPT to 'Draw an action figure toy of the person in this photo. The figure should be a full figure and displayed in its original blister pack.' I noted that my action figure 'always has an orange cat, a cake and daffodils' to represent my interests in cat ownership, baking and botany. But these action figure accessories can reveal more about you than you might want to share publicly, said Dave Chronister, the CEO of cybersecurity company Parameter Security. 'The fact that you are showing people, 'Here are the three or four things I'm most interested in at this point' and sharing it to the world, that becomes a very big risk, because now people can target you,' he said. 'Social engineering attacks today are still the easiest, most popular way for attackers to target you as an employee and you as an individual.' Tapping into your heightened emotions is how hackers get rational people to stop thinking logically. These cybersecurity attacks are most successful when the bad actor knows what will cause you to get scared or excited, and click on links you should not, Chronister said. For example, if you share that one of your action figure accessories is a U.S. Open ticket, a hacker would know that this kind of email is how they could fool you into sharing your banking and personal information. In my own case, if a bad actor tailored their phishing email based on orange-cat fostering opportunities, I might be more likely to click than I would on a different scam email. So maybe you, like me, should think twice about using this trend to share a hobby or interest that is uniquely yours on a large networking platform like LinkedIn, a site job scammers are known to frequent. The other potential data risk is how ChatGPT, or any tool that generates images through AI, will take your photo and store and use it for future model retraining, said Jennifer King, a privacy and data policy fellow at the Stanford University Institute for Human-Centered Artificial Intelligence. She noted that with OpenAI, the developer of ChatGPT, you must affirmatively choose to opt out and tell the tool to 'not train on my content,' so that anything you type or upload into ChatGPT will not be used for future training purposes. But many people will likely stick to the default of not disabling this feature, because they do not fully understand it's an option, Chronister said. Why could it be bad to share your images with OpenAI? The long-term implications of OpenAI training a model on your image are still unknown, and that in itself could be a privacy concern. OpenAI states on its site: 'We don't use your content to market our services or create advertising profiles of you — we use it to make our models more helpful.' But what kind of future help your images are going toward is not explicitly detailed. 'The problem is that you just don't really know what happens after you share the data,' King said. Ask yourself 'whether you are comfortable helping Open AI build and monetize these tools. Some people will be fine with this, others not,' King said. Chronister called the AI doll trend a 'slippery slope' because it normalizes sharing your personal information with companies like OpenAI. You may think, 'What's a little more data?' and one day in the near future, you are sharing something about yourself that is best kept private, he said. Thinking about these privacy implications interrupts the fun of seeing yourself as an action figure. But it's the kind of risk calculus that keeps you safer online. Are You Being 'Spoofed'? This Specific Type Of Scam Is Hard To Catch. If You Suspect You Are On A Scam Call, Do NOT Say This 1 Word What Those 'Hello' Scam Texts Everyone Is Getting Are REALLY About
Chicago Tribune
24-03-2025
- Business
- Chicago Tribune
Tax season is a prime time for scams. IRS uncertainty could add to the issues this year
NEW YORK — There's a lot of information (and money) on the table during tax season. That also makes it a prime time for scams. Year-round, fraudsters may use a handful of common tactics to try to steal your identity, money or other sensitive information. As you prepare your annual tax return, due April 15, experts stress it's important to be extra vigilant. This year, scammers might take particular advantage of uncertainty stemming from recent workforce cuts impacting thousands of jobs at the U.S. Internal Revenue Service. These layoffs and the potential for even more widespread reductions also raise questions about resources, including the IRS's bandwidth to respond to scams reported by consumers. Here's what to know about tax scams and how to stay safe: Identify the signs of tax scams Tax scammers may try to reach you in a number of different ways — from lookalike emails, texts or phone calls impersonating the IRS to unsolicited social media offers that promise a suspiciously high refund. But there are a handful of common red flags to keep an eye out for, including: — Sense of urgency — Isolation tactics or threats — Promises of a big payday — Suspicious website links Cybersecurity experts stress that scammers prey on emotion — and will often try to evoke fear or uncertainty. Many tax scams will ask you to act fast or click on a malicious link right away. Others will make you think you did something wrong, going as far as threatening an arrest if you don't respond. Scammers may also isolate you from contacting others, such as a trusted accounting professional or even a family member. Many tax scams also advertise big payouts, but at a price. Some 'ghost' preparers, for example, will charge you for preparing your tax return — often with promises of maximizing your refund — but never sign it. They may then file a fraudulent return in your name, with an inflated income or fake deductions to boost the refund, and switch the bank account listed to claim your money. The IRS will never initiate contact via email, text or social media with requests for your personal information — and urges consumers to only use trusted, accredited tax professionals if you need help preparing your return. Those who have fallen victim to scams are also encouraged to report them. You can find more information on the agency's official website. What's different this year? Tax scams can be all the more convincing if they meet the moment. And this year, experts warn that cyber criminals or 'social engineers' might take particular advantage of uncertainty around the IRS cuts. 'Uncertainty is probably one of the biggest motivating emotions that social engineers take advantage of,' said Dave Chronister, a prominent 'ethical hacker' and CEO of Parameter Security, noting that scammers might use news of these cuts and impersonate the IRS to falsely promise taxpayers 'new' ways of filing. Similar tactics emerged during the height of the COVID-19 pandemic and following legitimate rounds of federal aid — with some scammers making false claims about additional stimulus checks, for example. All it takes is just 'a little bit of common knowledge' to 'nudge you' into trusting them, Chronister explains. Beyond how scammers use the news, the IRS workforce cuts could slow the agency's ability to actually respond to scams, Chronister and others note. As a result, malicious websites or predatory social media campaigns may not be taken down as quickly — and victims of fraudulent returns could have to wait longer for answers. 'There is potential for reduced oversight,' said Chris Pierson, chief executive of cybersecurity firm BlackCloak. 'If you have less individuals to be proactive within an agency that is housing, I mean, an amazing treasure trove of data and information — that obviously is concerning … (and could) create a riskier environment for the consumer.' Asked for comment, the IRS pointed to its 'Dirty Dozen' list of common tax scams to watch out for this year, among other steps taxpayers can take to protect themselves from identity theft and fraud. But the agency did not immediately comment on whether recent or future workforce cuts would impact its enforcement resources. Scams are also becoming more sophisticated, most recently thanks to the rising adoption of generative artificial intelligence. Experts warn that this technology is being used create 'hyper-realistic' phishing messages, including video or audio deepfakes, and can allow scammers to target more people at once through automation. Pierson also warns of the fallout from recent high-profile data breaches — including the National Public Data breach, which made headlines last year for reportedly leaking a massive amount of sensitive information on the dark web, including full names, social security numbers, contact information and mailing addresses. Having that information out there could lead to more fraudulent filings, he explains, or 'confidence scams' — where cyber criminals share one piece of information they have, like an address, to get people to trust them and share more. How can I protect my information and money? File as soon as you can. Nobody is eager to sit down and do their taxes, but getting it out of the way early — and before any scammers potentially try to file something in your name — makes a huge difference, Chronister explains. He adds that taxpayers can play it safe by sticking to what they know. 'If you've always been using TurboTax, use TurboTax. If you always use an accountant, use your accountant,' Chronister said. He notes that you should also keep your information safe by password-protecting any past filings downloaded to your device and using a VPN when on public Wi-Fi. The IRS also suggests setting up an identity protection PIN, a six-digit number that can help protect you from someone else filing in your name. You can also freeze your credit — which experts recommend as an added line of defense against future identity theft and fraud, even if you haven't been scammed. Freezing your credit prevents any new credit accounts from being created in your name. And you can always temporarily 'unfreeze' if a check is needed to rent an apartment or apply for a loan. Credit freezes can be set up through three nationwide credit bureaus: Equifax, Experian and TransUnion. And, again, remember that the IRS won't randomly contact you by email, text or phone. When in doubt, go to the official IRS website and reach out directly. Avoiding scams can also come down to pausing before you click or act on anything. 'Take a breath, count to 10 and then go, 'OK … is this too good to be true?'' Chronister sad. ''Is my gut telling me something is off?'' Chronister adds that social engineering is about emotion, not intelligence — and anyone can fall for it. 'It's human to fall for these (scams),' he said. 'They've been here since the beginning of mankind … So you have to stay vigilant, but don't panic. Just keep your gut check going.'
The Independent
24-03-2025
- Business
- The Independent
Tax season is a prime time for scams. IRS uncertainty could add to the issues this year
There's a lot of information (and money) on the table during tax season. That also makes it a prime time for scams. Year-round, fraudsters may use a handful of common tactics to try to steal your identity, money or other sensitive information. As you prepare your annual tax return, due April 15, experts stress it's important to be extra vigilant. This year, scammers might take particular advantage of uncertainty stemming from recent workforce cuts impacting thousands of jobs at the U.S. Internal Revenue Service. These layoffs and the potential for even more widespread reductions also raise questions about resources, including the IRS 's bandwidth to respond to scams reported by consumers. Here's what to know about tax scams and how to stay safe: Identify the signs of tax scams Tax scammers may try to reach you in a number of different ways — from lookalike emails, texts or phone calls impersonating the IRS to unsolicited social media offers that promise a suspiciously high refund. But there are a handful of common red flags to keep an eye out for, including: — Sense of urgency — Isolation tactics or threats — Promises of a big payday — Suspicious website links Cybersecurity experts stress that scammers prey on emotion — and will often try to evoke fear or uncertainty. Many tax scams will ask you to act fast or click on a malicious link right away. Others will make you think you did something wrong, going as far as threatening an arrest if you don't respond. Scammers may also isolate you from contacting others, such as a trusted accounting professional or even a family member. Many tax scams also advertise big payouts, but at a price. Some "ghost' preparers, for example, will charge you for preparing your tax return — often with promises of maximizing your refund — but never sign it. They may then file a fraudulent return in your name, with an inflated income or fake deductions to boost the refund, and switch the bank account listed to claim your money. The IRS will never initiate contact via email, text or social media with requests for your personal information — and urges consumers to only use trusted, accredited tax professionals if you need help preparing your return. Those who have fallen victim to scams are also encouraged to report them. You can find more information on the agency's official website. What's different this year? Tax scams can be all the more convincing if they meet the moment. And this year, experts warn that cyber criminals or 'social engineers' might take particular advantage of uncertainty around the IRS cuts. 'Uncertainty is probably one of the biggest motivating emotions that social engineers take advantage of,' said Dave Chronister, a prominent 'ethical hacker' and CEO of Parameter Security, noting that scammers might use news of these cuts and impersonate the IRS to falsely promise taxpayers 'new' ways of filing. Similar tactics emerged during the height of the COVID-19 pandemic and following legitimate rounds of federal aid — with some scammers making false claims about additional stimulus checks, for example. All it takes is just 'a little bit of common knowledge' to 'nudge you' into trusting them, Chronister explains. Beyond how scammers use the news, the IRS workforce cuts could slow the agency's ability to actually respond to scams, Chronister and others note. As a result, malicious websites or predatory social media campaigns may not be taken down as quickly — and victims of fraudulent returns could have to wait longer for answers. 'There is potential for reduced oversight,' said Chris Pierson, chief executive of cybersecurity firm BlackCloak. 'If you have less individuals to be proactive within an agency that is housing, I mean, an amazing treasure trove of data and information — that obviously is concerning ... (and could) create a riskier environment for the consumer.' Asked for comment, the IRS pointed to its 'Dirty Dozen' list of common tax scams to watch out for this year, among other steps taxpayers can take to protect themselves from identity theft and fraud. But the agency did not immediately comment on whether recent or future workforce cuts would impact its enforcement resources. Scams are also becoming more sophisticated, most recently thanks to the rising adoption of generative artificial intelligence. Experts warn that this technology is being used create 'hyper-realistic' phishing messages, including video or audio deepfakes, and can allow scammers to target more people at once through automation. Pierson also warns of the fallout from recent high-profile data breaches — including the National Public Data breach, which made headlines last year for reportedly leaking a massive amount of sensitive information on the dark web, including full names, social security numbers, contact information and mailing addresses. Having that information out there could lead to more fraudulent filings, he explains, or 'confidence scams" — where cyber criminals share one piece of information they have, like an address, to get people to trust them and share more. How can I protect my information and money? File as soon as you can. Nobody is eager to sit down and do their taxes, but getting it out of the way early — and before any scammers potentially try to file something in your name — makes a huge difference, Chronister explains. He adds that taxpayers can play it safe by sticking to what they know. 'If you've always been using TurboTax, use TurboTax. If you always use an accountant, use your accountant," Chronister said. He notes that you should also keep your information safe by password-protecting any past filings downloaded to your device and using a VPN when on public Wi-Fi. The IRS also suggests setting up an identity protection PIN, a six-digit number that can help protect you from someone else filing in your name. You can also freeze your credit — which experts recommend as an added line of defense against future identity theft and fraud, even if you haven't been scammed. Freezing your credit prevents any new credit accounts from being created in your name. And you can always temporarily 'unfreeze' if a check is needed to rent an apartment or apply for a loan. Credit freezes can be set up through three nationwide credit bureaus: Equifax, Experian and TransUnion. And, again, remember that the IRS won't randomly contact you by email, text or phone. When in doubt, go to the official IRS website and reach out directly. Avoiding scams can also come down to pausing before you click or act on anything. 'Take a breath, count to 10 and then go, 'OK ... is this too good to be true?'" Chronister sad. "'Is my gut telling me something is off?'' Chronister adds that social engineering is about emotion, not intelligence — and anyone can fall for it. 'It's human to fall for these (scams)," he said. "They've been here since the beginning of mankind ... So you have to stay vigilant, but don't panic. Just keep your gut check going.'
