Pete Recommends – Weekly highlights on cyber security issues January 18, 2020

Subject: Seniors

Seniors are often the target of fraud. However, with some basic understanding of how scam artists work, you can avoid fraud and protect your hard-earned money. Learning how to invest safely can mean a huge difference in your retirement years.We offer a number of on-line publications, listed below, that you can access immediately for free by clicking on them.  In addition, you can always call us, the SEC’s Office of Investor Education and Advocacy, with any questions you may have about investing. Our toll-free number is 1-800-732-0330.

Senior Specialists Designations – What Do They Mean?

Some financial professionals use designations that imply that they are experts at helping seniors with financial issues. The Securities and Exchange Commission and the Financial Industry Regulatory Authority (FINRA) do not endorse professional designations or titles such as “senior specialist” or “retirement advisor” that some financial professionals use to market themselves.  Read more…

Free On-line Publications (please click on them to read or download)

Guide for Seniors:  Protect Yourself Against Investment Fraud

Seniors are often the target of fraud. However, with some basic understanding of how scam artists work, you can avoid fraud and protect your hard-earned money. Learning how to invest safely can mean a huge difference in your retirement year.

Questions You Should Ask About Your Investments

“Ask Questions.”  That’s the best advice we can give you about how to invest wisely. We see too many investors who might have avoided trouble and losses if they had asked basic questions from the start.

Subject: Inspector General Warns Public About New Twist To Social Security Phone Scams
Source: Social Security Matters via Blog

The Inspector General of Social Security, Gail S. Ennis, is warning the public that telephone scammers may send faked documents by email to convince victims to comply with their demands. The Social Security Administration Office of the Inspector General (OIG) has received reports of victims who received emails with attached letters and reports that appeared to be from Social Security or Social Security OIG. The letters may use official letterhead and government “jargon” to convince victims they are legitimate; they may also contain misspellings and grammar mistakes.

If you receive a call or email that you believe to be suspicious, about a problem with your Social Security number or account, hang up or do not respond. We encourage the public to report Social Security phone scams using our dedicated online form, at Please share this information with your friends and family, to help spread awareness about phone scams. For more information, please visit

This entry was posted in Fraud


Subject: A Billion Medical Images Are Exposed Online As Doctors Ignore Warnings
Source: TechCrunch via beSpacific

TechCrunch: Every day, millions of new medical images containing the personal health information of patients are spilling out onto the internet. Hundreds of hospitals, medical offices and imaging centers are running insecure storage systems, allowing anyone with an internet connection and free-to-download software to access over 1 billion medical images of patients across the world. About half of all the exposed images, which include X-rays, ultrasounds and CT scans, belong to patients in the United States. Yet despite warnings from security researchers who have spent weeks alerting hospitals and doctors’ offices to the problem, many have ignored their warnings and continue to expose their patients’ private health information….

beSpacific Subjects: E-Records, Health Care, Internet, Medicine, Search Engines

Sample category RSS:


Subject: U.S. Government Issues Powerful Security Alert: Upgrade VPN Or Expect Cyber-Attacks
Source: CISA via Forbes

The United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert that strongly urges users and administrators alike to update a VPN with long-since disclosed critical vulnerabilities. “Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability,” the CISA alert warns, “can become compromised in an attack.” What has dictated the need for this level of Government agency interest and the urgency of the language used? The simple answer is the ongoing Travelex foreign currency exchange cyber-attack, thought to have been facilitated by no less than seven VPN servers that were late in being patched against this critical vulnerability. The vulnerability in question is CVE-2019-11510, first disclosed way back in April 2019 when Pulse Secure VPN also released a patch to fix it.Critical VPN security vulnerability timeline
The CISA alert provides a telling timeline that outlines how the Pulse Secure VPN critical vulnerability, CVE-2019-11510, became such a hot security potato. Pulse Secure first released an advisory regarding the vulnerabilities in the VPN on April 24, 2019.

Subject: Amazon fires employees over leak of customer phone numbers, emails
Source: Business Insider

  • Amazon fired multiple employees over leaking customer information including email addresses and phone numbers, Business Insider has learned.
  • “The individuals responsible for this incident have been terminated and we are supporting law enforcement in their prosecution,” Amazon’s spokesperson told Business Insider.
  • It’s unclear how many customers and employees were affected by the incident.
  • It’s the latest incident involving Amazon employees leaking customer data, but it also shows Amazon’s growing focus on protecting customer data.

Amazon notified a group of customers this week that at least one employee shared the customers’ email addresses and phone numbers “to a third-party in violation of our policies,” according to the email seen by Business Insider. It said the employee has been fired because of the leak, and that no other information related to the user accounts were shared externally.

The news was reported earlier by TechCrunch.

The move reflects Amazon’s recent efforts to further protect personal customer data. But it also shows how Amazon employees are looking to benefit from leaking customer data, as a similar incident was reported in 2018.

At the time, the Wall Street Journal reported that some Amazon employees sold customer data to third-party sellers and brokers, who then used the data to get better reviews and improve their sales. Those employees were also fired immediately, the report said.

Also, a number of sellers have told Business Insider recently that they are no longer able to view specific customer names and addresses on their order pages. The issue was brought up in Amazon’s public seller forum too, drawing dozens of responses from affected sellers.

Subject: NSA Takes Step Toward Protecting World’s Computers, Not Just Hacking Them
Source: New York Times via beSpacific

The New York Times: “The National Security Agency has taken a significant step toward protecting the world’s computer systems, announcing Tuesday that it alerted Microsoft to a vulnerability in its Windows operating system rather than following the agency’s typical approach of keeping quiet and exploiting the flaw to develop cyberweapons. The warning allowed Microsoft to develop a patch for the problem and gave the government an early start on fixing the vulnerability. In years past, the National Security Agency has collected all manner of computer vulnerabilities to gain access to digital networks to gather intelligence and generate hacking tools to use against American adversaries. But that policy was heavily criticized in recent years when the agency lost control of some of those tools, which fell into the hands of cybercriminals and other malicious actors, including North Korean and Russian hackers. By taking credit for spotting a critical vulnerability and leading the call to update computer systems, the National Security Agency appeared to adopt a shift in strategy and took on an unusually public role for one of the most secretive arms of the American government. The move shows the degree to which the agency was bruised by accusations that it caused hundreds of millions of dollars in preventable damage by allowing vulnerabilities to circulate…”

Subject: Verizon Media launches OneSearch a privacy-focused search engine
Source: VentureBeat via beSpacific

VentureBeat: “Verizon Media, the media and digital offshoot of telecommunications giant Verizon, has launched a “privacy-focused” search engine called OneSearch. The launch comes at a time when public trust in big technology companies has hit rock bottom following countless reports of breaches, lapses, and data harvesting escapades. Consequently, “privacy” is pretty much the buzzword of choice emanating from most of the big tech companies, and with its new search engine, it’s clear that Verizon is adopting a similar tack. With OneSearch, Verizon promises there will be no cookie tracking, no ad personalization, no profiling, no data-storing, and no data-sharing with advertisers…”

Subject: Initial Exchange Offerings (IEOs) – Investor Alert

Jan. 14, 2020The SEC’s Office of Investor Education and Advocacy is issuing this alert to urge investors to use caution before investing in so-called “initial exchange offerings” through online trading platforms.

Initial exchange offerings (IEOs) are a recent development in the rapidly evolving digital asset space. IEOs are similar to initial coin offerings (ICOs) in that they are initial offerings of digital assets (e.g., coins or tokens) to raise capital. However, IEOs are being touted as an innovation on ICOs because they are offered directly by online trading platforms on behalf of companies—usually for a fee—to provide immediate trading opportunities for the digital assets. These online trading platforms, which are typically not registered with the SEC and which may improperly refer to themselves as “exchanges,” may also claim to perform due diligence or other quality assessments of the IEOs.

Saying something is registered doesn’t make it so. In addition, be careful if the promoter of the IEO or the digital trading platform hosting the IEO states that they are approved or registered with the SEC.  There is no such thing as an SEC-approved IEO. It is common for a fraudster to make false and misleading statements or exaggerated claims about regulatory approvals and oversight to lure potential investors.  It pays to independently investigate these claims for yourself.

Additional Resources

  1. To learn more about red flags to consider with unregistered offerings, see our Investor Bulletin.
  2. To learn more about the dangers of unregistered trading platforms, see the Statement on Potentially Unlawful Online Platforms for Trading Digital Assets and the Statement on Digital Asset Securities Issuance and Trading by the SEC’s staff.
  3. For additional investor educational information, see the SEC’s website for individual investors, you are considering participating in an investment opportunity involving digital assets, see the SEC resources available at Spotlight on Initial Coin Offerings and Digital Assets.



Subject: Russians hack Burisma, company that played major role in Trump Ukraine scandal
Source: CNNPolitics
(CNN) Russian military hackers have successfully infiltrated the Ukrainian gas company at the heart of the impeachment drama surrounding President Donald Trump, former Vice President Joe Biden and his family, according to cybersecurity researchers.
Employees of the gas company, Burisma Holdings, were tricked into giving up their computer credentials by a sophisticated network of fake websites set up by Russian military intelligence, the GRU, said Area 1, an online security firm.

The websites were designed to look and feel like the same ordinary work products that Burisma employees would access on a daily basis, said Area 1 in its report.

Area 1 monitors the internet for so-called “phishing” attacks. It was founded in 2013 by two former National Security Agency officials and a computer scientist.
Posted in: Big Data, Blockchain, Cybercrime, Cybersecurity, E-Commerce, Email, Email Security, Health, Healthcare, Privacy