YouTube’s Spoon Feeding Pedophiles Kids Home Videos

YouTube uses a recommendation algorithm to help people view things they’d like to see. Recently, the algorithm seemingly encouraged pedophiles (YouTube would have no way of knowing this) to watch videos of children playing at home, videos that the family members uploaded.

safr.me

Do your kids make digital purchases with you money?

A report from the New York Times detailed how YouTube had been exploiting minor children through the automated recommendation system. According to the report, researchers at the Berkman Klein Center for Internet and Society at Harvard were studying the influence of YouTube in Brazil. This was when they noticed the alarming issue. The experiment used a server, which followed YouTube recommendations a thousand or more times, which build a map of sorts in the process. The map is designed to show how YouTube users are guided as to what they may want to watch.

During the experiment, recommendations stemmed from sexually-themed videos, which is when researchers noticed that the system showed videos that were extreme or bizarre, placing more emphasis on youth. In some cases, a video of females discussing sex led to videos of women breastfeeding or wearing just underwear. Many times, the women mentioned their ages, which ranged from 19 to 16 years old.

Deeper into the experiment, YouTube started recommending videos where adults wore children’s clothing or solicited payment from ‘sugar daddies.’

With such softcore fetish recommendations already being showed, YouTube showed videos of children who weren’t fully clothed, many of them in Latin America or Eastern Europe.

These videos were usually home videos that had been uploaded by their parents. Many times, parents want to easily share videos and pictures of their children with family and friends. However, YouTube’s algorithm can learn that people who view sexually-exploited children want to see these family videos and may recommend them without knowledge.

One mother, Christine C., was interviewed by the Times about her 10-year-old child. The child uploaded a harmless video of her and a friend playing in the pool. The video was viewed over 400,000 times in just a few days. The mother said that her daughter was excited about the view count, which alerted Christine that something was amiss.

This is just one of many incidents that unfolded after YouTube publicly confronted its issues with pedophilia earlier in 2019. Back in February, YouTube had to disable comments on minor children’s videos because pedophiles were reportedly commenting on the videos in ways to signal other predators.

Studies have shown that the recommendation system on YouTube can create a rabbit-hole effect where the algorithm recommends more extreme content as time goes on. The company denied that reality or skirted the topic. However, in May, Neal Mohan, the chief product officer at YouTube, said that extreme content doesn’t drive more engagement or watch time than other content options.

YouTube hasn’t made many comments about the recommendation system or that it creates the rabbit hole effect. Instead, journalists and reporters are referred to a particular blog that explains how the company focuses on protecting minors and that its videos don’t violate any policies and are posted innocently.

The announcement also focuses on the recent steps taken by YouTube to disable comments for videos that feature or are uploaded by minors. Minors are also going to be restricted so that they cannot live-stream unless a parent is on the video. Along with such, the company plans to stop recommending videos that depict minors in risky situations.

Researchers believe that it would be best to block children’s videos or videos depicting children and not allow those videos in the recommendation system at all. However, YouTube reported to the Times that it doesn’t plan to do that because the automated system is one of the largest traffic drivers and could harm creators.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Gift Cards: The Newest Scam that You Should Be Aware of

Hackers are making a lot of money thanks to phishing attacks these days, and now they are also focusing on gift card scams. One of the most notorious scam groups, Scarlet Widow, which is out of Nigeria, has been boosting its efforts to scam people with gift cards since 2015. This group generally focuses on people in the UK and US and also is known for tax scams, romance scams, and rental cons.

Are you at risk of getting scammed by Scarlet Widow? The group generally focuses on medium to large US businesses and nonprofits including the United Way, Boy Scouts of American, and YMCA chapter. The scammers send emails to employees of these organizations, and though most people understand that the emails are, indeed, scams, it only takes one person to put your organization at risk.

The Targets

From November 2017 to the present, Scarlet Widow has targeted thousands of nonprofits and individuals. It also targets the education industry and tax industry. Scarlet Widow only succeeds by getting access to these organizations’ email accounts. They might put malware in the emails or use malicious phishing links. Either way, eventually, these people are going to be able to scam the organizations.

The Scam

Though traditional phishing scams work for Scarlet Widow, it is really focusing on the gift card scam these days. In October 2018, more than a quarter of people who have been scammed during the year said that they were victims of a gift card scam. Scammers love these because they can get the cash quickly, they can be anonymous, and it’s very difficult to reverse. All the scammers have to do is convince someone to buy a gift card, then send them a photo, and they can take the money that is on there.

Scarlet Widow generally focuses on Google Play and iTunes gift cards, but other scammers will ask for cards from places like Target, Walgreens, or CVS. You might think it sounds strange that these people could con others into paying for business services with gift cards but remember…these scammers are experts at manipulation. They will certainly come up with some story with a sense of urgency, and people fall for it all of the time. For instance, there was an administrator in Australia who sent a scammer $1,800 in iTunes gift cards. The email she got seemed as if it was from the head of the finance department, so she believed it was legitimate. However, it was just a scammer.

A security awareness training financial advisor client of mine was conned too. Actually it was his assistant. She received an email that looked like it was coming from him requesting 5 $500.00 Apple gift cards to send to their top 5 clients. She went right out to Walgreens, bought 5 cards and the instructions were to scratch off back to reveal the codes and email pictures of the cards and codes back to him. Which she did. And then the scammers disappeared.

Though there are limitations to scammers using gift cards, these nefarious groups will use any method they can think of to get more money funneling in. So, if you ever get a request from a contractor or organization leader asking for a gift card, use an extreme amount of caution.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Medical Identity Theft: 12 Million Patients Breached

Quest Diagnostics is a US-based company that provides medical testing services, and announced that it used third-party billing collection companies that were hit by a severe data breach. In fact, about 11.9 million Quest customers were affected.

The compromised information could include personal data of the patients, including Social Security numbers, as well as medical and financial information. However, laboratory test results aren’t included in the breach.

What Happened?

The AMCA (American Medical Collection Agency) is a billing collection service provider and informed Quest Diagnostics that it had an unauthorized user who gained access to the AMCA system, which contained personal information that AMCA got from a variety of entities, including Quest. AMCA provides its collections services to Optum360, which is a Quest contractor. Both Optum360 and Quest are working with experts to investigate the issue.

The company also noted that it still doesn’t have much information about the data security incident at AMCA, and it doesn’t know for sure what data was compromised. However, the company no longer sends its collection requests to AMCA and won’t do so until the issue is resolved.

Quest filed an SEC filing, which revealed that the attackers gained access to the AMCA system between August 2018 and March 2019.

According to one data breach website, Gemini Advisory analysts first discovered the breach. The analysts noticed a CNP (Card Not Present) database, which had posted for sale on the dark web’s market. It figured out the data could have been stolen through the AMCA online portal. Gemini Advisory attempted to contact AMCA but received no response, so it contacted the US federal law enforcement agency.

A spokesperson for AMCA says that, upon receiving the information that there was a possible data breach from a compliance company that worked with other credit card companies, it conducted an internal investigation and took down its payments page online. The company also said it was investigating the breach with the help of an unnamed third-party forensics company.

The Quest breach targeted primarily financial data with personal information (SSNs). That kind of information is significantly more lucrative than health information, which isn’t really marketable by criminals, at least not yet. The financial information disclosed was comprehensive and included bank accounts and credit card numbers. Therefore, victims could get their identities stolen and have financial transactions completed in their name.

Users of the website or the company need to get a credit freeze and monitor their bank accounts and credit cards for any unusual activity and might want to freeze their credit reports so that no new credit lines can be taken out in their name.

Action needs to be taken now to freeze your information with the credit bureau and warn the credit bureaus that your financial information might have been compromised. Along with such, financial institutions usually have programs available to take corrective action, which can prevent your credit card or account from being used without permission if your account has been compromised.

The issue is that insurance and healthcare information doesn’t have such a centralized process, which makes it extremely tough to prevent the use of this information from someone who doesn’t have permission to use it.

The Cybersecurity evangelist of Thales, Jason Hart, chimed in with the fact that multi-factor encryption and authentication of the collected data might have saved the companies and victims from having problems.

The VP of innovation and global strategy at ForgeRock, Ben Goodman, noted that this is the second known breach for Quest in just three short years. As a public company, it could lead to a variety of serious repercussions with respect to brand reputation, shareholder trust, and stock prices. He also said that the exposed data might result in litigation. When First American Financial Corporation was breached, it took just a few days for the company to get hit with a class-action lawsuit when it exposed 885 million documents full of sensitive information just last week.

The CISO and Senior Director for Shared Assessments, Tom Garrubba, wants to see just how quickly the Office of Civil Rights (an overseer of HIPAA compliance), rushes in to get information about the breach and to determine if any negligence was there and if Quest is to blame (partially or fully).

Through the HIPAA Omnibus Rule, business associates must handle any data with the care provided to covered entities (outsourcers). Those business associates have to provide due diligence to the covered entity.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon.com author, CEO of Safr.Me, and the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.