Internet Law

What Are Online Scam Factors?

Published on: August 21, 2017 | by Law Offices of Salar Atrizadeh

So, despite your best efforts, you may have been cat-fished, doxed or otherwise victim to an online scam. Your information is probably now out into the Internet and a stranger that you may have trusted now has personally identifying information. So, your next question may be “well, what comes next?” Naturally, there are certain measures that a person can take to freeze credit, change phone numbers, or otherwise make information unavailable. However, the real question, and the more frightening one to a person may be: “When might I need an attorney?” Naturally, the actions they take may result in damages, and in some cases, the actions of the scammer are against the law, and may provide civil remedies. That said, there are different factors that may make hiring an attorney a prudent act compared to other scenarios. What are these factors? Who might you recover against? What might make you want to use legal actions to protect yourself?

What are the online scam factors?

In any online scam, there are five factors that generally come into play:

What Are Catfishing Motives?

Published on: August 14, 2017 | by Law Offices of Salar Atrizadeh

Now that we’ve discussed Catfishing as a scam, let’s go into further detail regarding the motives. Like any scam, there must be some benefit to the scammer. This benefit is the primary motive for anyone to commit a catfishing scam. Previously, we mentioned that among other things, the perpetrator may ask for photographs, or for some information to “verify” a person’s age, or to enable their transportation to be “closer” to their target. So, what are the major risks to these actions? What exactly does a catfishing perpetrator want to get from a victim? How might the information provided be used against you?

For Financial Information

The more dangerous elements of catfishing tend to prompt for, as we discussed before, a financial component. This would include asking for money–to get transportation to the person’s location, clothing, or whatever reason the scammer may present–or for credit card information. In the case of the latter, this is usually done in conjunction with asking the individual to sign up through a different, new dating site compared to what the potential victim may be using, and generally to “verify” the age or identity of the person involved.

Catfishing Scams

Published on: August 7, 2017 | by Law Offices of Salar Atrizadeh

If you have been online, it is possible that a person has attempted to “catfish” you. However, you may not have been able to adequately understand it because you were not looking for the telltale signs. It is a type of an online scam, like phishing, meant to take advantage of the insecurities and loneliness of the targets. So, what is catfishing exactly? Furthermore, if you do fall to a catfishing scheme, how can you recover? Better yet, how can one protect against catfishing attempts?

What is Catfishing?

Catfishing is typically done through email or online dating websites. However, they are not exclusive methods. It can also happen on Facebook, Twitter, or other forums that allow people to interact. It involves a person promising companionship or intimate relations, and later on makes demands. It may involve requesting photographs, confidential information, credit card information, or money. This is akin to the old “Nigerian Prince” scheme where an individual would ask for a certain amount of funds to secure funds that would later be sent to the victim. Ultimately, presuming that the culprit succeeds, then he/she takes and uses personal information to conduct financial crimes.

The Petya Ransomware

Published on: June 19, 2017 | by Law Offices of Salar Atrizadeh

In March 2017, the WannaCry ransomware attack occurred which was believed to be one of the largest ransomware attacks in history. Discussions of this past attack and who should take the blame has been previously discussed in our blog and newsletter. Now, just a few months later there has been another major cyberattack. At the end of June 2017, another large ransomware attack occurred, which has been called Petya. This ransomware attack is similar to WannaCry in that it locks up the computer files using encryption and demands a ransom in order to unlock the files. This ransomware also takes advantage of the vulnerability within the Microsoft Windows computers that have not yet updated to the latest software.

This attack began in Europe and spread to the United States. The North American Treaty Organization (NATO) says that a “state actor” was behind the Petya ransomware attack. NATO also stated that there is a possibility that the attack was not done by a state actor, but that it would have been done by a non-state actor who had the approval and support from another state. They believe this because Petya was very complex and expensive to run. According to NATO, if it is found that Petya was done by a state actor, then it would mean that this cyberattack could potentially be viewed as an act of war.

The Petya attack has hit over 12,000 different devices in 65 countries. More than 30% of the institutions that were affected by this attack were financial organizations. Industrial organizations, such as, utilities, oil and gas, transportation, and other companies were also targeted and it is believed that they made up half of the targets.

Current Status of Net Neutrality

Published on: June 5, 2017 | by Law Offices of Salar Atrizadeh

Net Neutrality is the principle that Internet Service Providers (ISP) and the government should treat all web-related traffic equally regardless of the source. If there was no net neutrality, companies would have the ability to purchase priority access to the ISP customers. Larger and wealthier companies (e.g., Google) would be able to pay the ISPs to provide customers more reliable access to their websites instead of to competitors’ websites. This would negatively impact any new start-up service that would not be able to purchase a priority access.

On February 26, 2015, the Federal Communications Commission (FCC) voted to enact the “strongest net neutrality rules in history.” Millions of Americans contacted the FCC, called their Congress members, and wrote to the White House to express their support. Although, this decision was a bold move in favor of net neutrality, but more changes may be coming soon. This 2015 Rule meant that ISPs cannot block access to any websites and they cannot interfere with website loading speeds. This rule also banned paid prioritization, which means that ISPs are not able to give preferential treatment to websites that pay an additional fee.

On January 23, 2017, President Trump selected Ajit Pai to lead the FCC as the new Chairman. This Chairman has a record of previously promising to undo the 2015 landmark decision. Then on May 18, 2017, the FCC, led by Chairman Ajit Pai, voted to propose a review of the 2015 rules. Mr. Pai holds the opinion that the 2015 FCC rules are a “bureaucratic straitjacket” on the ISPs. The new FCC proposal, which is called “Restoring Internet Freedom” contemplates whether to undo the legal approach that enforced those rules and whether there was anything that warranted the rules in the first place.

The Growing Problem of Identity Theft

Published on: May 29, 2017 | by Law Offices of Salar Atrizadeh

Identity theft is an epidemic impacting people across America. During 2016, an estimated 15.4 million consumers experienced some kind of identity theft. This is an increase from 13.1 million in 2015. Another staggering statistic is that 1 in every 16 adults in the United States is a victim of identity theft.

This increase in identity theft notwithstanding the fact that 2016 was the first year that retailers were forced to accept EMV chip cards. The belief was that by switching to these EMV chip cards it would almost entirely eliminate card cloning, which is a major type of identity theft. Instead of lessening the amount of credit card fraud this switch has made criminals move away from card cloning and into different types of fraud. More criminals are starting to make online purchases where swiping or inserting a physical card is no longer necessary.

Over the past few years, we have seen numerous data breaches. Data breaches have been hitting financial, health, commercial, government, and education institutions. These breaches have ranged from password management services like LastPass, the OneLogin security breach, and Target security breach. All of these different breaches compromise our data and our identity. The above companies are just a few that have been hit by a security breach.

OneLogin Security Breach

Published on: May 22, 2017 | by Law Offices of Salar Atrizadeh

OneLogin recently suffered from a major security breach. This breach has compromised private and confidential information, which is managed by its datacenter. OneLogin provides a service that is used by organizations to secure their data. It is basically a password manager for corporations. It allows employees, customers, and partners to gain secure access to the company’s cloud and applications on any device. It allows its customers to integrate other websites and services like Microsoft Office 365, Slack, Amazon Web Services, Cisco, Webex, LinkedIn, and Google Analytics. The OneLogin website says that it currently has over 2,000 enterprise customers across 44 different countries. This includes well-known companies like Indeed, Pinterest, Midas, and Yelp.

How did this breach occur?

The breach occurred because the intruders were able gain unauthorized access to the OneLogin datacenter. Alvaro Hoyos, who leads the company’s risk management, security, and compliance efforts posted a blog about the risks. He wrote that a threat actor used one of our AWS keys to gain access to the AWS platform via API from an intermediate host with another, smaller service provider in the United States. He said his company’s staff was able to detect and stop the intrusion very quickly.

President’s Executive Order on Cybersecurity

Published on: May 8, 2017 | by Law Offices of Salar Atrizadeh

President Donald Trump has signed an executive order on cybersecurity as a response to the WannaCry ransomware attack. This executive order is entitled as “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” The executive order contains three main sections and a fourth category that includes some definitions of terms that are contained in the order.

The first section of the executive order is regarding Cybersecurity of Federal Networks. This section states that the United States Information Technology (IT) should have the data secured responsibly by the United States Government. The President said that he will also be holding the heads of executive departments and agencies accountable for managing cybersecurity risk to their enterprises. One of the findings included in this first section is that the executive branch has been too accepting of IT in that it is antiquated and difficult to defend. To manage these risks, the first section includes a risk management section, which includes ideas of how to reduce future cybersecurity risk. For example, the head of each agency must provide a risk report to the Secretary of Homeland Security and Director of Office of Management and Budget.

The second section of the executive order is regarding Cybersecurity of Critical Infrastructure. This section states that support must be provided to the critical infrastructure that faces the greatest risk. It also describes how the Secretary of Commerce and Secretary of Homeland Security will both go through an open process to try and improve how resilient the internet is, so they can reduce threats of automated attacks.

Who Is Responsible for the WannaCry Attack?

Published on: May 1, 2017 | by Law Offices of Salar Atrizadeh

On May 12, 2017, what is believed to be the largest ransomware attack in history occurred on the internet.

A global search is heating up trying to locate those who are responsible for the attack.

While this search is occurring, there is also a question of how much blame for the attack should be placed on Microsoft. This is because the WannaCry attack took advantage of a weakness that was already existing in the Microsoft operating systems.

Copyright Preemption Laws

Published on: April 24, 2017 | by Law Offices of Salar Atrizadeh

For example, you have a lawsuit against another party for infringing on your personal rights of privacy. The other party takes a photograph they had taken of you, and then licenses it to other individuals without your consent. Those individuals use it as a basis for a character in another work, making a large amount of profit. Naturally, this wouldn’t sound fair to the subject of the lawsuit. Yet, making matters worse is, given a current case, it’s suggested that the action would effectively have no remedy. This is due to the doctrine of preemption. So, what is the preemption doctrine? How does it apply to an individual in a case? How might preemption be avoided by the careful litigant?

Copyright Preemption

Before going into the relevant case, copyright preemption is a doctrine in copyright law, with Section 301 dictating that in cases where a personal right and copyrights may clash, the Copyright Act will take precedence, and other rights will be preempted by the copyright. Included in a “copyright” are rights against reproduction, as well as a right to control distribution, derivative works, and publication of works, in addition to others. This would also mean that preemption would cover far more than what is protected by copyright. This has the effect of removing the basis for a lawsuit as the plaintiff may not have a right in the copyrighted work.