A new feature to Chrome’s built-in password manager means that users will soon be able to store notes with their passwords. The feature, currently limited to Chrome’s latest Canary release, means that:

– A “Notes” field will appear in Google Chrome’s password manager underneath the username and password fields.

– The option will appear when either editing an existing password or adding a new password.

– The new field is designed to give context to the account, and house security questions or other pieces of relevant information.

A report by Security Company ‘Elevate’ has revealed that 3 per cent of users are responsible for 92 per cent of malware events for businesses, indicating that a small number of users create the most risk.

2016 to 2021   

‘The Size and Shape of Workforce Risk’ report, conducted on data provided to the Cyentia Institute by Elevate Security, included events starting in January 2016 through December 2021, and took into account 15.1m unique events associated with 168k users spread across more than 3.8k organisational departments.

Key Findings 

Some startling key findings of the report were that:

– 4 per cent of users are responsible for 80 per cent of phishing incidents, some clicking as often as twice a month.

– 3 per cent of users are responsible for 92 per cent of malware events.

– 1 per cent of users will average an incident every other week.

– 12 per cent of users are responsible for 71 per cent of secure browsing incidents.

– 1 per cent will trigger 200 events per week.

What Is A Risky User, and Why Are They Risky?  

As identified by the stats in the report, the risky users are those small percentages who cause security incidents, sometimes repeatedly. For example, where phishing emails are concerned, just over half of users never receive phishing emails but some users may simply receive a lot more phishing emails than others (100s per year vs. a few). This doesn’t necessarily make them risky because for the phishing emails that aren’t blocked in the first place, most users (75 per cent) click on phishing emails less than 10 per cent of the time. The Cyentia report, however, says that there is a small group (3.9 per cent of users) who have clicked 3 or more phishing emails and who account for 80 per cent of all phishing clicks. Within this group is the 1 per cent who click more than 52 a year – once a week. As the report suggests, these are the risky users.

Also, according to the report, where malware is concerned, although 94 per cent of users never encounter malware, some experience it weekly. Out of these users, 10 per cent average more than 11 events per year, with 1 per cent as high as 27 events per year. These are the high-risk user for malware.

Similarly, where browsing is concerned, only a small percentage of users account for most of the secure browsing events – i.e. 12 per cent cause 71 per cent of the events.

What To Do   

Elevate’s report recommends several ways that businesses and organisations can minimise the security risk caused by risky users. These are:

– Start measuring to identify which users pose an outsized risk

– Check the efficacy of controls – i.e. check how many phishing emails are getting through the filters, how uniformly AV software is installed, and make sure the controls are not just in place but are working properly for everyone.

– Identify risky users. Identify who’s generating the majority of security events and understand the reasons – e.g. a user may be an outsized target for attackers or someone who has slipped through the security controls or both. Also, consider checking the browsing history of a “click-happy user”.

– Start monitoring and helping the risky users. This could be done by setting up ‘guardrails’ and focused controls.

What Does This Mean For Your Business?  

This report emphasises how important it is to have blocking measures and controls in place, with employee cyber security training in the first place to stop the vast majority of phishing emails and malware (for example) from getting through. It also shows that a disproportionally small number of users may be responsible for most of the risk, but these will not be identified unless the business measures and monitors to find out who they are. The suggestion here is that, rather than subjecting all users to the same level/type of treatment, companies can put more effort into identifying the riskiest users and concentrate more help on them. This could be a smarter and more efficient way for companies to boost security.

Proofpoint researchers have reported that, starting in early February, there has been a 500 per cent jump in mobile malware delivery attempts in Europe.

Trend 

According to the researchers, this rise is in keeping with a trend that has been evident in the last few years where attackers have been increasing their attempts at smishing (SMS/text-based phishing) and sending malware to mobile devices.

Android Is A More Popular Target 

Research shows that Android is a far more popular target for cyber criminals than Apple iOS. This may be because Apple’s App Store has strict quality controls and iOS doesn’t allow sideloading. Most mobile malware is still downloaded from app stores, and this may be due to Android’s more open approach. For example, it is open to multiple app stores and users can easily sideload apps from anywhere.

What Mobile Malware Does 

The Proofpoint research shows that even though the basic purpose of malware (i.e to give attackers control of a system) remains the same, the latest versions are becoming more advanced. Proofpoint reports that some of this malware is capable of activities such as recording telephone and non-telephone audio and video, tracking locations, destroying or wiping content and data, to name but a few. Also, mobile banking malware lays in wait until the user activates a financial app and then intervenes to steal credentials or information.

Adapted For Different Languages, Regions, and Devices 

Proofpoint’s Cloudmark Mobile Threat Research has revealed that Mobile malware isn’t limited to any specific geographic region or language and that threat actors adapt their campaigns to a variety of languages, regions and devices.

Common Mobile Malware Types 

Some of the common types of mobile malware highlighted in Proofpoint’s research include:

– FluBot – spreads by accessing the infected device’s contacts list or address book and sending the information back to a command-and-control (C&C) server. This malware can access the internet, read and send messages, read notifications, make voice calls, and delete other installed applications.

– TeaBot – a multifunctional Trojan that can steal credentials and messages and stream an infected device’s screen contents to the attacker.

– TangleBot – Discovered by Proofpoint and Cloudmark researchers in 2021, this mobile malware spreads via fake package-delivery notifications.

– Moqhao – originating from China, this remote access Trojan has spying and exfiltration features so it can monitor device communications and grant an attacker remote access to the device.

How To Protect Your Device 

Ways to protect your device from becoming infected with mobile malware include:

– Use a mobile antivirus app from a trusted source (three quarters of users don’t have this on their smartphone).

– Be wary of unexpected or unrequested messages with links, URLs or requests for data of any type, and don’t click on the links.

– Report spam, smishing and suspected malware delivery to the Spam Reporting Service by using the spam reporting feature in your messaging client or forwarding suspicious text messages to 7726 (“SPAM” on the phone keypad).

What Does This Mean For Your Business? 

With many people now using their smartphone for many aspects of business, remote working and BYOD now commonplace, while mobile malware is surging and becoming more sophisticated, there is clearly an increased risk. Those with Android smartphones need to be particularly cautious. With three-quarters of users not having a trusted mobile antivirus app on their phone, downloading and using one would be a good place to start (while ensuring it’s a trusted one). Also, awareness should be raised among staff of the danger of clicking on links in unsolicited and suspicious messages (smishing risk) and of the danger of downloading apps outside of the Google Play Store. Caution should also be used when downloading apps within the Google Play Store as some may harbour malware. It’s good practice also to avoid using public Wi-Fi, especially without a VPN, and to keep Bluetooth and Wi-Fi disabled when they’re not in use to minimise the risk of hacking attempts.

In this article, we look at what Wordle is, and how a change of ownership has led to some online criticism.

What Is Wordle?  

Wordle is a free, web-based word game where players have six chances to guess a randomly selected five-letter word. Each day there’s a different word to guess. Players choose letters from a virtual keyboard and enter their choices into the five blank tiles/squares. Once a user is happy with their choices, they press a submit button. The right letter in the right tile shows up green, a correct letter but in the wrong tile shows up yellow, and a wrong letter (not in the word) shows up grey. If a user correctly guesses the word, they win the game and users who win the game two days in a row receive a winning streak.

As well as enjoying the brain-teasing aspect of the game, users share and compare their scores on social media. The game was created and developed by Welsh software engineer and former Reddit employee Josh Wardle and has only recently been sold and moved to the platform of The New York Times Company.

Popular 

It has been reported that Wordle now has 2 million players globally thanks to its viral appeal. Josh Wardle’s Twitter account shows how engaged many users have become with the game, with many sharing their Wordle ideas and stories.

Now Owned By The New York Times 

The New York Times bought Wordle from Josh Wardle in February 2022. It is reported that the NYT paid a seven-figure sum!

Where To Play Wordle  

Wordle can be played by going to www.nytimes.com/games/wordle.

Spoiler Bot Stopped

Just prior to the sale to the sale of Worldle to the NYT, Twitter had to ban a bot from its platform called “The Wordlinator,” because it was responding to peoples’ tweets by giving spoilers for the next day’s word. The bot was also issuing rude comments.

Trouble At Mill? 

When Josh Wardle sold the game to the NYT, he announced on his Twitter account that he “long admired the NYT’s approach to their games and the respect with which they treat their players”.

However, since the sale to the NYT, users have been loudly voicing several concerns online. These include:

– users who navigated to the game’s original home at powerlanguage.co.uk were redirected to its new home on the NYT website. Unfortunately, some people reported that the move to the new online home had wiped their winning streaks.

– Complaints that the game has become too difficult, and this has led to users breaking their much-valued winning streaks. For example, the difficulty of Wordle 245’s answer led to comments that it had ruined the day of some users.

– Criticism that the word choices had become more obscure and ‘random.’

What Does This Mean For Your Business? 

The New York Times made the point that acquiring Wordle gave “millions more people around the world another reason to turn to” its platform, so it is clear why it paid such a sum for a word game. Wordle, however, is an example of how engaged people can become with some games, brands, tv programmes and more to the point where they feel a sense of familiarity and ownership. This is particularly prominent with Wordle because it becomes part of not just a habit or daily ritual, but because it can become linked with a user’s view of ‘self’ (through ability to solve the puzzle), and self-image e.g., sharing the results with friends and competing with friends. How closely some users had become involved and engaged with the reward or negative reinforcement aspect of the game, and the emotional response was illustrated by the those who said their day had been ruined by not being able to guess the word.

This story also illustrates how taking over ownership or management of an established entity, where there are many engaged stakeholders with an emotional connection and existing culture and norms can be precarious situation. This becomes particularly apparent where changes or mistakes are made. No doubt the New York Times is paying very close attention to the daily management of the game and will be keen to avoid any further disruption which could have a negative rub-off effect on its brand and image.

In this insight, we look at what scalping is and why some people are looking to introduce legislation to stop it.

Scalping  

The term “scalping” refers to stockpiling popular products and reselling them at a higher price for profit (the secondary resale market). This being a tech insight, this article will look at how technology is used in scalping and how tech devices are often stockpiled and sold in this way.

High Demand and Scarce Tech Products  

Products such as some games consoles (e.g. the PS5 in 2021 and now the PlayStation 5) are in short supply, partly because of a global shortage of semiconductor chips. This scarcity means that demand is high and higher prices can be charged. This makes them an ideal product for scalping.

Using Bots  

Bots are used in scalping for buying gaming products and then reselling them at a higher price (scalping) because bots are faster and better at it than humans. This is because they can monitor websites for the moment stock is available and immediately complete the ordering process. The console scalping market is worth millions, and it is not unusual for consoles to be sold at many times their normal retail price. There have been reports of some scalpers using multiple computers operating 24/7 to maximise profits.

Some sellers have even set up their own reselling company that teaches others how to scalp, charging them subscriptions to learn.

Not Just Tech Products  

There are many products other than tech products that are also part of the secondary retail market e.g., trainers and toys.

Christmas Scalping 

The run up to Christmas is a time when scalping particularly frustrates buyers, particularly parents, as those engaging in scalping have bought the must-have toys and are selling them online for high prices.

What Is ‘Sniping’?  

Similar to scalping, but just on eBay is “sniping”. This is where a user waits until the last few seconds of an auction to make a winning bid. Just as bots are used in scalping, bid sniping software can be used to automate the process and get the edge on human bidders with last minute winning bids. Bid sniping software is allowed on eBay and examples include EZ Sniper, My ibidder, BidSlammer, GIXEN, Goofbid, and Justsnipe.

Seeking New Laws To Prevent Scalping  

Some politicians, however, are seeking to protect consumers and are looking for a ban on the resale of electronic goods bought by automated bots. For example, Douglas Chapman, Scottish National Party MP for Dunfermline and West Fife tried to introduce a bill in March 2021 to prohibit the automated purchase and resale of games consoles and computer components, and for connected purposes. In his speech at the House of Commons, he said: “Scalpers manipulate and skew the supply and demand chain to create an unfair advantage in the marketplace, using bot attacks to use up basic supplies of coveted goods, such as the next generation of games consoles and computer components, then selling them on at hugely inflated prices”.  

What Does This Mean For Your Business?  

The arguments against scalping and sniping are that they are unscrupulous practices used for profiteering, a form of legal market manipulation, they put other sellers at a disadvantage, and they don’t benefit the consumer who ends up having to pay inflated prices or go without. Scalping is clearly very profitable but has been likened to ‘ticket touting’. In terms of technology, bots are a vital element in the success of those engaged in scalping and the rise of the use of bots for all manner of activities and services is a trend that looks set to continue.

If you’ve started using Windows 11 and, as a long-time Windows user, you’d prefer the Start button to still be on the left rather than centred, here’s how to move it back:

– Press the Windows Key + I to open the ‘Settings’ app.

– Select ‘Personalisation’ and ‘Taskbar’.

– Select ‘Taskbar behaviours’.

– Click ‘Left’ under ‘Taskbar alignment’.