Unacceptable Risk
AI job applicants and hiring systems, work-based learning, and synthetic ids take the cake this week!
Welcome to the SecFraudOps Newsletter. Enjoy some links that Matt thought were interesting this week. If this is your first time reading, take a moment to subscribe as well!
Security and Fraud
Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.
Those creating and using AI have consistently overlooked security and privacy concerns to expedite the speed to market on their products. This article shows just how bad this can be for the public.
Synthetic Identities Are One of the Fastest Growing Forms of Identity Theft
What do you get when you combine real identity data with fabricated data? You get what is commonly termed a “synthetic identity.” It exists only in the virtual world but can wreak havoc in the real one.
Synthetic Ids are not just being used by criminals either! Many credit washing companies end up creating synthetic ids for people to “improve” their credit. These synthetic ids actually end up causing more harm than good to not just financial institutions, but the people that use them and the identities they steal to complete the synthetic id.
Fun Zone
How Fake Job Seekers Are Stealing Remote Jobs
Deepfake job applicants are on the rise, with 17% of 1,000 U.S. hiring managers surveyed reporting encounters with them…
The statistics posted in this video are quite staggering. AI is helping people interview as a “different” identity, or copy their identity and apply on their behalf.
Resources
We take fraud, scam, phishing and spoofing attempts seriously. If you receive a correspondence you think may not be from Amazon, report it immediately.
Attack Flow is a language for describing how cyber adversaries combine and sequence various offensive techniques to achieve their goals.
Career Links
The Future of Work-Based Learning for Cyber Jobs
This roundtable report explores how practitioners, researchers, educators, and government officials view work-based learning as a tool for strengthening the cybersecurity workforce.
Through his research on the brain chemical oxytocin—shown to facilitate collaboration and teamwork—Zak has developed a framework for creating a culture of trust and building a happier, more loyal, and more productive workforce.
Bonus Links
CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’
The federal cybersecurity watchdog ordered all civilian agencies to immediately patch a vulnerability impacting several NetScaler products used by organizations to manage network traffic.
Vikings' Dallas Turner scammed out of $240K in bank fraud scheme
A search warrant affidavit obtained by Vikings On SI reveals that Turner was contacted by a scammer impersonating a banker.