Optery

Throw a stone on LinkedIn, and you’ll likely come across the oft-repeated claim that vigilance and awareness training are "our best defenses" or even “our only defenses” against phishing and other social engineering scams. This widespread belief is concerning, as it leaves many people thinking there is nothing better they can do. Awareness training is a necessary reactive measure that, if done right, can indeed help protect employees from falling victim to scams. But training alone, without proactive action, doesn’t address the root cause of the attacks, doesn’t prevent them or reduce their volume, and will likely fail against a sophisticated and determined adversary. Whether they come through phishing, smishing, or vishing, social engineering attacks depend upon and are fueled by exposed personal information. Without access to the personal data of human targets, these attacks would not even be possible. A proactive defense against social engineering requires making sure our personal data is not easily accessible for exploitation in the first place. This means opting out of data broker sites that make the source data for such attacks an internet search away, maximizing our privacy settings, and minimizing what we share online. Awareness training alone is like trying to outrun the bear 🐻; eventually, it’s going to catch you. When combined with personal data removal, however, the result is a much smaller attack surface and a less appealing target. The bear will then prefer to chase others who haven’t taken such precautions. While running is necessary, as a defensive measure it is ultimately insufficient—your safety depends more on your ability to hide. 😉 #phishing #socialengineering #defense

Optery CEO and Founder Lawrence Gentilello recently appeared on the “Unscripted” podcast with David Raviv! "Unscripted" is a podcast focused on making the intricacies of security, privacy, and technology more accessible to everyone. Hosted by enterprise cybersecurity expert David Raviv, each episode journeys through the minds of entrepreneurs and leaders, sharing unfiltered stories and insights. In this episode, David talks with Lawrence about his journey to founding Optery, how personal data collection has changed over time, the role of privacy laws like CCPA and GDPR, practical tips such as using temporary addresses and disposable emails, challenges with data brokers and state laws, the potential for federal privacy laws, strategies for dealing with exposed data on the dark web and data broker sites, how Optery helps users control their data, and much more! The episode provides practical advice on protecting your data and insights into the world of online privacy. Many thanks to David for the great conversation and for providing the below clip! 👉 Link to the full episode can be found in the comment section below. #databrokers #privacy #personaldataremoval

Optery is now featured on the Cybersecurity and Infrastructure Security Agency (CISA) resources page for high-risk communities! The page is a catalog of free and reduced cost cybersecurity tools and services for high-risk communities curated by CISA in partnership with the Joint Cyber Defense Collaborative (JCDC) participants and other leaders in cybersecurity and civil society. These resources are aimed at helping communities at heightened risk of being targeted by cyber threat actors because of their identity or work, and are designed to assess and mitigate risk, offer support during digital emergencies, and strengthen cyber defenses. Contributing to these resources, Optery offers free and discounted tools and services for high-risk groups to find and remove exposed personal information from the internet, significantly reducing the risk of both cyber and physical threats. Check out the resources here: https://lnkd.in/denb8Nvg A big thank you to CISA and its partners for curating these resources to protect the most vulnerable! #cybersecurity #personaldataremoval #privacy

In the third installment of our Privacy Protectors Spotlight, we are happy to feature Thomas O'Malley, a leading figure in the fight against identity theft. As a former state and federal prosecutor, Tom specialized in the investigation and prosecution of cybercrime, identity theft, and identity fraud. After becoming a data breach victim himself, he founded FrozenPii.com to provide free and accessible resources to safeguard against identity fraud. Tom’s efforts have empowered countless individuals to take control of their identity for free, before or after criminals attempt to use their stolen identities. Read our full spotlight on Tom O’Malley and join us in recognizing his important public service! https://lnkd.in/e3UXhjEc #IdentityTheft #IdentityFraud #Privacy

On July 1, 2024, newly enacted privacy laws in Texas and Oregon will come into effect. The new consumer data protection measures, along with authorized agent provisions, will enhance the control residents have over their personal data, aligning with the trend of increasing state-level privacy legislation across the U.S. Texas and Oregon have become the tenth and eleventh states, respectively, to enact general privacy legislation, following California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, and Montana. Like the groundbreaking privacy laws in California and those of other states, the Texas and Oregon laws will improve consumer privacy and security nationwide as more businesses move to comply with these regulations. With Optery as your authorized agent, you can put these privacy laws to work for you immediately. In our latest blog post, we highlight some of the consumer rights and obligations of businesses under the new Texas and Oregon laws. https://lnkd.in/dXBmRumD #privacylaws #personaldataremoval #authorizedagent

The Optery Global Privacy Control (GPC) Extension, a free browser tool designed to significantly reduce unwanted tracking and personal data collection, is now available on the Chrome Web Store! The Optery GPC browser extension sends a signal to websites you visit, informing them that you do not want your personal information sold or shared. It works on websites that respect the GPC standard and ensures your privacy preferences are automatically communicated without you having to do so manually on each site. Protect your personal information from being sold or shared by installing the Optery GPC Extension today! 👇 Check out the video below to get started.

Recent findings from Google Cloud's Mandiant threat intelligence team have spotlighted the activities of UNC3944, a sophisticated threat group leveraging personal data for social engineering attacks and physical threats. “Mandiant noted the threat actors spoke with clear English and targeted accounts with high privilege potential. Additionally, it has been noted that they already possessed the personally identifiable information (PII) of [their] victims to bypass help desk administrators' user identity verification. Mandiant observed use of verification information, such as the last four digits of Social Security numbers, dates of birth, and manager names and job titles with associated co-workers. The level of sophistication in these social engineering attacks is evident in both the extensive research performed on potential victims and the high success rate in said attacks.” “UNC3944 operators employed consistent social engineering tactics across various victims, often calling service desks to claim they were receiving a new phone, warranting a multi-factor authentication (MFA) reset. By interacting with service desk administrators, UNC3944 could not only reset passwords for privileged accounts but also bypass associated MFA protections. The social engineering techniques went beyond the call centers as extensive SMS phishing campaigns were also observed.” “Evidence also suggests UNC3944 has occasionally resorted to fearmongering tactics to gain access to victim credentials. These tactics include threats of doxxing personal information, physical harm to victims and their families, and the distribution of compromising material.” Since the attackers are conducting extensive reconnaissance on their targets and using personally identifiable information (PII) to bypass security protocols like user verification at help desks, conduct MFA reset scams, and make threats, organizations looking to proactively mitigate their risk of being targeted should reduce the availability of their employees’ exposed personal data. Removing this data from brokers and people search sites limits the ease with which threat actors can access and exploit this information in these kinds of attacks. https://lnkd.in/dSYQiCMA #socialengineering #PII #personaldataremoval

Executive protection alone is not enough; safeguarding all employees is essential… In the current cyber threat landscape, where a reputation-damaging breach regularly happens through mass SMS-phishing (smishing) campaigns aimed at credential harvesting, or even through compromising a single contractor, digital risk protection for executives alone is no longer enough. Protecting companies from today’s security threats now requires the scanning and removal of PII from the open web not only for executives but for the employee population at large. Scrubbing this personal information significantly reduces the attack surface for phishing, smishing, and vishing, and also protects high-profile and frontline workers from attacks in the physical world. The traditional practice of using personal data removal only for executives is insufficient; every employee's personal data needs safeguarding to prevent attacks and reduce the risk of breaches. Comprehensive employee PII removal is key to ensuring your people and your company are much harder targets for hackers. #executiveprotection #piiremoval #smishing

Optery is excited to announce our recognition as a winner of the 2024 Intellyx Digital Innovator Award! Intellyx, an industry analyst firm that focuses on enterprise digital transformation and the leading edge vendors that are driving it, honors innovators in the enterprise IT marketplace with its Digital Innovator Awards, which are given to vendors who make it through Intellyx’s rigorous briefing selection process. We are grateful to be acknowledged for our effectiveness at preventing PII-based attacks through comprehensive personal data removal! Read the full press release here: https://lnkd.in/eEvwRYge #phishingprevention #PII #cybersecurity

This week at the third annual Fast Company Impact Council Meeting at the New York Stock Exchange, our CEO, Lawrence Gentilello, joined the discussion on this year’s theme: AI and Social Impact. Over the past 18 months, AI has revolutionized the business landscape at an unprecedented pace, bringing with it new risks and opportunities. One aspect of the conversation the Impact Council had was how this transformative wave of technology can help mission-driven companies enhance personal safety and security. This dialogue underscored the importance of harnessing AI to protect against an array of dangers—from risks to individuals to broader national security threats. The work Optery is doing to remove personal information from data platforms and systems fits squarely into this new paradigm. Systems that collect and trade personal information without permission, are increasingly AI-based, and ultimately threaten us all. At Optery, our mission is to put people in control of their personal data, and we utilize AI to help our users reclaim their data security and privacy and protect against PII-based threats, both in the digital and physical worlds. Our efforts illustrate just one example of how AI can indeed be leveraged to have a positive real-world impact, demonstrating its potential to help ensure safer, more secure environments for individuals and communities alike. #FastCompany #ImpactCouncil #Optery #AI