Search This Blog

Popular Posts

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Verification. Show all posts
Verification
Data & Privacy Google Phone Storage Technology Verification

Google Tests 5GB Gmail Storage Limit for New Users Without Phone Verification

 


Google is experimenting with a new Gmail policy that limits some newly created accounts to 5GB of cloud storage unless users add a phone number to their account. Once a phone number is linked, the full 15GB of free storage becomes available.

The company confirmed the trial to Android Authority, explaining that the initiative is being tested in select regions to ensure a “high-quality storage experience.” Google also stated that phone number verification can improve account security and make account recovery easier. However, critics argue that tying the standard storage allocation to phone number submission raises privacy concerns.

There are several reasons why Google may be considering such a move. Adding a phone number can provide an additional method for recovering access to an account. That said, users already have alternative recovery options available, including backup email addresses and recovery contacts.

Google further claims that linking a phone number can help strengthen account protection. However, cybersecurity experts often regard methods such as passkeys, authentication apps, and Google prompts as more secure than SMS-based verification, which remains vulnerable to SIM-swapping attacks, phishing attempts, and other security threats.

Another possible motivation is reducing spam and fraudulent account creation. Spammers and scammers frequently create multiple accounts, and requiring phone verification could make this process more difficult. Still, some regions already mandate phone verification during account registration, while cybercriminals can often access temporary or burner numbers through VoIP services. Additionally, the 5GB restriction may not significantly impact bad actors who only use accounts for short-term activities.

Since Google has described the initiative as a test, it may never become a permanent feature. Nevertheless, some observers question the approach, arguing that restricting two-thirds of the standard free storage allocation until users provide personal information is problematic. A more transparent option, they suggest, would be requiring phone verification during account creation rather than limiting storage afterward.

The reduced storage limit could also affect other Google services. Because Google Drive storage is shared across products, users relying on cloud backups—such as WhatsApp backups—could encounter limitations much sooner under the 5GB cap.

Google has previously incentivized users to enhance account security by rewarding them with additional storage. In earlier years, the company offered an extra 2GB of cloud storage to users who completed a security checkup. By contrast, the current test restricts access to storage users would typically receive for free.

The trial also places Gmail closer to Apple’s free iCloud Mail tier, which offers 5GB of storage. However, competitors such as Microsoft Outlook and Yahoo Mail continue to provide 15GB ori more of free storage in many regions.

Some critics view the test as another example of technology companies gradually reducing the benefits of free services while requesting either payment or additional personal information. Similar concerns emerged when Google Photos ended its unlimited free photo backup policy and shifted users to a shared 15GB storage limit in 2021. Others point to the company's efforts to promote YouTube Premium by making the free viewing experience less attractive.

One positive aspect is that the reported storage restriction currently appears to affect only new accounts. Existing Gmail users who already have less than 5GB of stored data do not seem to be impacted. However, individuals looking to create secondary email accounts may still find the policy inconvenient, despite Google allowing multiple accounts to be linked to a single phone number.

The timing of the test has also fueled privacy debates, particularly among users concerned about sharing additional personal information with major technology companies. As discussions around data privacy and government access to information continue, some users may be hesitant to provide more identifying details than necessary.

For now, the phone number-linked storage limit remains an experimental feature. While Google cites security, account recovery, and spam prevention as key reasons behind the test, questions remain about whether restricting storage is the right way to encourage users to verify their accounts.
Read more »
Verification
AI Cyber Fraud Cybersecurity Deepfake Fraud identity Recruitment Resume Verification

Fake Candidates, Real Threat: Deepfake Job Applicants Are the New Cybersecurity Challenge

 

When voice authentication firm Pindrop Security advertised an opening for a senior engineering role, one resume caught their attention. The candidate, a Russian developer named Ivan, appeared to be a perfect fit on paper. But during the video interview, something felt off—his facial expressions didn’t quite match his speech. It turned out Ivan wasn’t who he claimed to be.

According to Vijay Balasubramaniyan, CEO and co-founder of Pindrop, Ivan was a fraudster using deepfake software and other generative AI tools in an attempt to secure a job through deception.

“Gen AI has blurred the line between what it is to be human and what it means to be machine,” Balasubramaniyan said. “What we’re seeing is that individuals are using these fake identities and fake faces and fake voices to secure employment, even sometimes going so far as doing a face swap with another individual who shows up for the job.”

While businesses have always had to protect themselves against hackers targeting vulnerabilities, a new kind of threat has emerged: job applicants powered by AI who fake their identities to gain employment. From forged resumes and AI-generated IDs to scripted interview responses, these candidates are part of a fast-growing trend that cybersecurity experts warn is here to stay.

In fact, a Gartner report predicts that by 2028, 1 in 4 job seekers globally will be using some form of AI-generated deception.

The implications for employers are serious. Fraudulent hires can introduce malware, exfiltrate confidential data, or simply draw salaries under false pretenses.

A Growing Cybercrime Strategy

This problem is especially acute in cybersecurity and crypto startups, where remote hiring makes it easier for scammers to operate undetected. Ben Sesser, CEO of BrightHire, noted a massive uptick in these incidents over the past year.

“Humans are generally the weak link in cybersecurity, and the hiring process is an inherently human process with a lot of hand-offs and a lot of different people involved,” Sesser said. “It’s become a weak point that folks are trying to expose.”

This isn’t a problem confined to startups. Earlier this year, the U.S. Department of Justice disclosed that over 300 American companies had unknowingly hired IT workers tied to North Korea. The impersonators used stolen identities, operated via remote networks, and allegedly funneled salaries back to fund the country’s weapons program.

Criminal Networks & AI-Enhanced Resumes

Lili Infante, founder and CEO of Florida-based CAT Labs, says her firm regularly receives applications from suspected North Korean agents.

“Every time we list a job posting, we get 100 North Korean spies applying to it,” Infante said. “When you look at their resumes, they look amazing; they use all the keywords for what we’re looking for.”

To filter out such applicants, CAT Labs relies on ID verification companies like iDenfy, Jumio, and Socure, which specialize in detecting deepfakes and verifying authenticity.

The issue has expanded far beyond North Korea. Experts like Roger Grimes, a longtime computer security consultant, report similar patterns with fake candidates originating from Russia, China, Malaysia, and South Korea.

Ironically, some of these impersonators end up excelling in their roles.

“Sometimes they’ll do the role poorly, and then sometimes they perform it so well that I’ve actually had a few people tell me they were sorry they had to let them go,” Grimes said.

Even KnowBe4, the cybersecurity firm Grimes works with, accidentally hired a deepfake engineer from North Korea who used AI to modify a stock photo and passed through multiple background checks. The deception was uncovered only after suspicious network activity was flagged.

What Lies Ahead

Despite a few high-profile incidents, most hiring teams still aren’t fully aware of the risks posed by deepfake job applicants.

“They’re responsible for talent strategy and other important things, but being on the front lines of security has historically not been one of them,” said BrightHire’s Sesser. “Folks think they’re not experiencing it, but I think it’s probably more likely that they’re just not realizing that it’s going on.”

As deepfake tools become increasingly realistic, experts believe the problem will grow harder to detect. Fortunately, companies like Pindrop are already developing video authentication systems to fight back. It was one such system that ultimately exposed “Ivan X.”

Although Ivan claimed to be in western Ukraine, his IP address revealed he was operating from a Russian military base near North Korea, according to the company.

Pindrop, backed by Andreessen Horowitz and Citi Ventures, originally focused on detecting voice-based fraud. Today, it may be pivoting toward defending video and digital hiring interactions.

“We are no longer able to trust our eyes and ears,” Balasubramaniyan said. “Without technology, you’re worse off than a monkey with a random coin toss.”
Read more »
Subscribe to: Posts (Atom)