LPRC - CrimeScience – The Weekly Review – Episode 105 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio
Episode Date: June 2, 2022LPRC Team will be at NRF Protect! Memorial Day weekend was plagued with gun violence! In this week’s episode, our co-hosts discuss the variants of COVID that continue to spread, Italy’s taxing cit...izens to grow cyber response force, the retailers listed as having the top supply chains according to Gartner, the growth of a malware that can change your computer settings remotely, new annual retail shrink report analysis by Hayes International, and the most common types of cyber crimes and their cost to Americans. Listen in to stay updated on hot topics in the industry and more! The post CrimeScience – The Weekly Review – Episode 105 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio appeared first on Loss Prevention Research Council.
Transcript
Discussion (0)
Hi, everyone, and welcome to Crime Science.
In this podcast, we explore the science of crime and the practical application of this
science for loss prevention and asset protection practitioners, as well as other professionals.
We would like to thank Bosch for making this episode possible.
Take advantage of the advanced video capabilities offered by Bosch to help reduce your shrink
risk.
Integrate video recordings with point-of-sale data for visual verification of transactions and exception reporting. Use video analytics for immediate notification of important
AP-related events and leverage analytics metadata for fast forensic searches for evidence and to
improve merchandising and operations. Learn more about extending your video system beyond simple
surveillance in zones one through four of LPRC's zones of influence by visiting Bosch
online at boschsecurity.com. Welcome everybody to another episode of Crime Science Podcast.
Today, the latest in our weekly update series and coming to you from Gainesville and other parts
around. And I'll be joined today by Tony D'Onofrio and Tom Meehan, as well as our producer Diego
Rodriguez.
And we're going to talk just a little bit about what's going on around the world, starting back again as we're still in COVID-19,
dealing with some of these different types of, I guess, the different strains and the offspring of Omicron in particular. And, you know, we've got the BA.2, BA.2, 0.1, 2.1, BA.4, BA.5, and so on.
They're just becoming increasingly infectious. They're probably the fastest spreading
respiratory virus in world history at this point. These new variants are, you know,
been described by Mayo Clinic and other research
institutions as hyper contagious. And a little bit of math, it's really interesting, according
to reports in Scientific American, that a single case, if the individual's viremic, one of us is
viremic, we're infected and infectious, could give rise to six cases after four days.
But that grows to 36 cases, of course, after eight days, 216 cases after 12 days.
So it just gives you an idea that that's what we have always talked about going viral.
That's what we're talking about. These coronaviruses are viruses and are going viral.
These Corona viruses are viruses and are going viral. And the fact that they continue to evolve, to morph, to adapt, to adjust, overcome, to get more efficient at spreading and propagating their own gene code, which is a primary objective of any virus, of course, is to do just that.
And so we'll be talking about probably researchers are predicting based on some of those numbers, 100 million Americans, 100 million of us will become infected with Omicron this year, 2022 into 23, really through new infections, reinfections. vaccination breakthroughs, of course. There are data that are showing if we are vaccinated or
have had natural infection, of course, we can have a breakthrough and a reinfection,
but that they are typically much milder infections and not right, but we may still be viremic
in addition to becoming infected. The other part of the Omicron, it looks like newer research emerging.
In addition to it being highly, highly transmissible, it's also seasonless. Typically,
we saw influenza or flu coming in the winter and leaving in the spring, but it looks like
in the U.S., Americans continue to experience a lot of COVID-19 infection year round.
And again, testing is way down compared to last year.
But you look at the daily infection rates over 100,000 currently here in 2022 compared to around 30,000 a day.
Americans new infections reported in 2021.
infections reported in 2021. So stay tuned, stay masked or whatever is going to best help you not get it. I read some research by some virologists, immunologists, infectious disease
experts, epidemiologists looking at, you know, some of the COVID and the infections and things
like that. But one thing they talked about was symptoms that we get.
We've all heard the symptoms from headaches and body aches.
Sometimes some of the other things that we're dealing with,
these symptoms are, but there are two things that happen.
One is where does the symptom come from?
And the researchers talking about, well, primarily, initially, especially,
but primarily these symptoms are indicating that's our immunity.
The immunity is working.
It's fighting the infection.
That's where the fever, the congestion comes up as our body elevates our temperature, as we produce flows to kind of evacuate the viral particles from us, things like that.
to kind of evacuate the viral particles from us, things like that, as T cells go into action and kill, if there are infected cells, kill those cells. You know, all these things can create
discomfort, pain, and even, of course, severe agony and worse, but that's what's going on.
The second reason, of course, is actually then, though, if the infection starts to win,
then it's causing some harm. So, when those of us might lose our smell, our breathing becomes constricted.
Now our bodies being overwhelmed by the viral particles, the rapid spread.
Also by sometimes we saw this, especially early on in the pandemic, where our sometimes our immunity, our immune function was in overdrive, was not responding properly,
or again, was not in an intent to overwhelm the virus, was actually overwhelming ourselves. So
that's kind of two symptoms and look at. So I think that those were the two, some of the main
points we wanted to have here around COVID, that infections are up. Vaccinations have still
remained steady and continue to grow. Billions now of humans have been vaccinated, and hundreds
and hundreds of millions have been naturally infected. So, you know, we're in a lot better
shape from that standpoint as far as serious diseases, including fatalities, go. Switching
over, looking at the LPRC front, we continue to have lab visits
and we want to encourage everybody, all our listeners, all our members and non-members alike,
schedule a visit with us. Come in, visit the team, brainstorm with us, tour our labs,
let us know what you're thinking. We've had a lot of visitors come through recently,
Let us know what you're thinking. We've we've had a lot of visitors come through recently, including, say, JCPenney team just just came in. But we've got many more scheduled this week and beyond.
We'll also look forward to seeing everybody at the National Retail Federation NRF Protect Conference in in Cleveland.
We'll be up there starting Sunday through that Wednesday in June. We'll have a
booth space that NRF graciously provides LPRC in the same way that RILA, FMI, and NACS and others
do as well. So we look forward to seeing you. Again, for any of these things, reach out to us.
We'd like you to subscribe to the Connect e-newsletter. It comes out weekly. It's short.
It's nice. It's got a lot of big pictures, connections, ways to get involved, pathways
to learn more, to ask questions, and so on. But for any of these things, again, reach out,
please, to operations at lpresearch.org, operations at lpresearch.org. And again,
we're always at l research dot org is our
website. We've got still looking at the product protection summit. That's all the data been
collected. The voting's occurred, the polling, the top contenders have been selected in all the
categories. Stay tuned again through the connect. And on this podcast we've got uh there's still heavy planning
getting ready for the supply chain protection working groups summit as the violent crime
working group summit also in august you're looking at the innovation working groups sock
and sensor summit or s3 that will be in gainesville the other two it looks like will be in Gainesville. The other two, it looks like, will be in Philadelphia.
So more research going on in the UF Safer Places Lab. I've got meetings today and this week with different partners. So stay tuned, stay connected with us. Let me go ahead and turn it over to Tony
D'Onofrio. Thank you. Again, I'm still in uh and there's a interesting retail here i've been
visiting many stores on and retail is coming back in europe although the war is taking a challenge
and inflation is still high for example italy where i'm at today just reported again very high
inflation and concern with the government but let me But let me start this week by going back to the U.S. and looking at the Jack L. Hayes International Just Results of their 34th Annual Retail Tax Survey, reports on over 200,000 shoplifters and dishonest employee apprehensions in 2021, but just 25
large companies who recovered over 240 million from their thieves.
As the report said, when it comes to shoplifting, the survey showed many retailers moved away
from apprehensions in 2021 and focused more on recoveries. The
survey revealed that shoplifting apprehensions were down 16% in 2021, while overall shoplifting
recoveries from apprehended and non-apprehendatives were up a staggering nearly 31%. Survey respondents noted the pandemic environment, staff safety, lower police response,
and higher risk as some of the reasons for less shoppers or apprehensions. There was an increase
in 2021 in both dishonest employee apprehensions and recovery dollars, up 6% and nearly 30% again,
very high respectively.
Survey respondents under the additional focus
enhance investigation methods and tools
and less associate supervision as some of the reasons
for increase in apprehension and recovery dollars
of dishonest employee.
My favorite section every year are the responses
from job applicants. To further evaluate the severity of employee theft, Hays International analyzed over 19,000 randomly selected applicant questionnaires, which are pre-employment honesty tests given to retail job applicants.
Of these, just over 19,000, of these, there was a total of just over 19,000, 12,000, just
over 12,200 were rated as low risk, and 3,700, or about 20% were rated high risk
and the rest were weighed medium risk.
Nearly 27%, and this is interesting,
nearly 27% of the high risk applicants
say they could be tempted to steal from their employers.
Over 17% admitted stealing money in the past three years.
Nearly 16% stole merchandise.
Previous TAFT admissions for the group of 3,700 high-risk applicants totaled just over $256,000, or nearly $70 per applicant,
$70 per applicant, while the admission for the group of low risk was just over $71,000 or about $6 per applicant.
Again, it is generally estimated the correct dollar amount for stolen money and merchandise
is approximately 10 times more than the admitted amount.
Therefore, based on admissions made by
the applicant's questionnaire, the average high-risk job applicant was responsible for the
theft of just over $692 compared to nearly $59 for the average low risk so interesting uh in terms of what employees uh actually report
in these surveys and interesting how honest they actually are about their theft activity so that's
something to watch and again it's one of my favorite annual report that i look to in terms of
what's happening uh to shrink trend let me switch topics and move to chain storage with all the talks of supply chain
i thought this week i will share from the 22 edition from garner which identified the leading
supply chains which includes nine retailers microsoft the debug actually appeared on the
list at number 10 the highest ranking retailer of nine companies with
significant direct-to-consumer retail operations on the list.
The other retailers include L'Oreal,
the Coca-Cola Company, Nike, Walmart,
Hewlett-Packard, Dell, BMW, and Alibaba.
Overall, Cisco Systems scores the overall top spot in the ranking for the third consecutive year,
followed by Schneider Electric, Koke Palmolive, Johnson & Johnson, and PepsiCo.
According to Gardner, supply chain executives are balancing long term investment in automation with immediate investments in technologies that reduce
cognitive load and prioritize time and attention to areas where people
perform better with machines
Such as relationship building and responding to new operating conditions
There are also cases where people perform better with machines
For example warehouse workers can increase
their productivity by working with robots.
So it's interesting how automation is coming,
but it's being balanced
and enhancing what workers are actually doing.
So supply chain continue to get focused,
and I think that will continue for quite some time.
And finally this week in support of Tom,
let me list the top five cyber crimes
according to the statistics for 2021.
And this is from an FBI report
and it lists a number of Americans that actually fell
to these types of crime that were impacted
by these types of crime in 2021.
Number one, the biggest by far was phishing,
phishing and smishing.
Nearly 324,000 people were hit in 2021.
Number two was non-payment and non-delivery,
just over 82,000.
Number three was personal data breach,
nearly 52,000.
Identity theft was number four, again, nearly 52,000.
Extortion was number five, just over 39,000.
And finally, what was interesting in the data
that was listed in the Statista infographic,
the impact of financially to these people
was an amazing $4 billion.
So these are big problem.
So listen to Tom every week in terms of what he talks about
in terms of getting protected from these types of things.
So from Europe, signing off for this week
and looking forward to continuing this podcast
and talking about how LPRC can engage on technologies.
Well, hello, everyone. Thank you, Reid. Thank you, Tony. We're going to cover some cyber risk,
like we always do, and just talk about some current events. But I wanted to start off by
a zero-day vulnerability. And just to remind everybody, a zero-day vulnerability is
a vulnerability that was previously unknown that just comes out
generally when you hear about these you you hear about all the horrific things that occur with them
this one is was confirmed by microsoft it's called flanilla it is a pretty significant
zero day and basically what makes this attack different than others is if you've been in the the business world using email for many years you might
remember macros on Excel documents or Excel sheets and scripts and Word
documents and when you used to open them are you sure you want to enable these
and that was because you could execute malicious code.
What's interesting about this zero day is that you don't actually need to enable a macro
to have this malicious code.
So it could just be a file in an email or a file that's downloaded.
And what this zero day does is it allows remote code to be used.
And basically what can occur is someone can get full access to your system.
So the remote code is executed, and then you can really,
threat actors can get in and elevate their own privileges to change settings on a computer,
more malicious code. It's a pretty nasty vulnerability.
We continue to see, you know, reports of these type of vulnerabilities, and we will. And I think
what is important to note is that this is not, when you're talking about zero-day, this is not
a hacking event. This is a vulnerability that was created by either a code error or just an unknown vulnerability,
and now you have bad actors taking advantage of this.
And it is being seen out in the wild.
Ultimately, it looks like the attackers that discovered it were actually going out
and using this in various attacks in the last 30 to 45 days.
So certainly something to keep an eye on.
It just serves as a stark reminder to just be sure to patch and update every time you see the ability to patch and update.
With zero days, the unfortunate part is that usually there's a little bit of a lag before
a patch comes out. Sometimes zero days are identified by researchers, others by bad actors,
and then sometimes inadvertently. But this one is a particularly nasty one because it takes
advantage of an Excel sheet or a document, and the way it works is it hasn't previously been seen. So
just get the computers patched and keep an eye on your emails and your attachments. If
you're not expecting something or it's an unknown sender, resist the urge to click.
And then just one of the things that's coming up is smishing. So we talk about phishing
and vishing and all these things, but what we're seeing is delivery scams, home delivery scams with a very professional feel.
So you'll get a text message or an email apologizing for not delivering your parcel or package.
We've known that that's been around for years. This is a little bit different because these scams have become
steadily more proficient and oftentimes are using more generic messages. We see these all of the
time during holidays, but now we're starting to see them pop up very, very regularly. And if you
use a credit monitoring service or any of the monitoring services that look at the dark web, you'll get a notification that says your cell phone
number is exposed and nothing else except for your cell phone number and name. And what
bad actors can do is they can create a malicious text message that is geared really specifically
towards you. So let's just say there was a data breach and your username and password
wasn't made available online, but your name and address and cell phone
number were. That allows a bad hacker using scripts to actually send a text
message that says, hey Tom we were supposed to deliver a package to this
address at this time and you weren't available. Click here you know to reroute
your package. A very authentic looking and
again that personal touch really adds that we've seen a huge huge increase of
these types of attacks outside of the normal holiday time and I think it's
it's important to note that outside the US there's been a huge huge huge
increase in the European both in the UK and Germany but we're
seeing this in the US as well and as your personal information becomes more readily available
so much more tailored messages so the submission text message becomes a very very
convincing text message and also as humans we like to click and see
what it is so one other one other things what can you do to protect yourself
is very similar to fishing an email as check your URLs or your website
very carefully steer clear of linked messages in your text message
an email if possible report compromised
cards or accounts immediately check your bank
accounts and statements and if you're using a credit monitoring service so a
great thing about all those suggestions help with a lot of different things not
just smishing so good good reminders to do everything and we often talk about
two-factor authentication and passwords I think those are just things to really keep an eye on.
Switching gears a little bit, but just thought
it was a very interesting note is Google
quietly bans deep fake training project on its Collab,
so its collaboration platform.
So they quietly banned this project.
And why this is so important is Collab really
allows you to use extremely powerful large-scale sharing resources tools. So you can use these
really heavy, powerful GPUs in the cloud and collaborate together. So this is a really good
kind of sign that you have the big tech companies monitoring, hey, what is this technology used for?
It's probably not used for something positive, so we're going to ban it.
So deep fakes are obviously, for those that don't know, are the ability to use artificial intelligence to create a video with someone else's face and make it look very, very authentic.
to create a video with someone else's face and make it look very, very authentic.
Placing a ban on deepfakes isn't always the best example, right?
You don't always want to ban things.
But in this case, I think Google has really done the right thing.
Although I don't think there was any nefarious actors involved in this particular case. It was more people just trying to see what they can get out of the ML and AI. This was really an interesting kind of take. And like I said, quietly,
this was very, very quiet, wasn't heavily announced. I saw it on bleepingcomputer.com,
something I read regularly. And I thought it was an interesting story to just talk about how you do have big tech really trying to balance the scales of you know getting
involved in things that they think could be misused another you're just switching
back to kind of traditional cybersecurity I thought this was an
interesting read Italy warns you know to brace for DD OSS attacks. So there's a Russian pro-activist group
that is attacking Italy.
And so Italy is going out and saying
that they believe the security incident response teams,
they believe that there'll be additional attacks.
And so just for the listeners,
DDoS attacks are when you flood traffic
to a particular server to try to make it fail or slow down.
They're doing it a little bit different, but I thought it was interesting that the Italian government had placed that warning out there.
We've seen similar warnings here in the United States, and I think it's important to note that there are a lot of tools that big companies are using to prevent DDS attacks.
But I think seeing a government making that statement is a very interesting kind of twist.
And we talk about how the government's taking a different role in cybersecurity.
This is a good example of that.
And then wrapping it up with kind of the somber Memorial Day coverage,
there was a lot of shootings over the Memorial Day weekend.
And so we continue to see violence throughout the United States and this increase in shootings.
I know that Reed and team are working on some projects about violence,
but 43 people were involved in gun violence over the weekend. It doesn't sound like a substantial number, but if you really think about Memorial
Day weekend, it is. Eight people were shot in Chicago over the weekend, 12 killed during
a parade in Philadelphia, 15 injured, seven people shot in New York City during Memorial
Day weekend, Baltimore, there were four dead during the weekend, 10 people shot in New York City during Memorial Day weekend, Baltimore, there were four dead during
the weekend, 10 people shot in 10 separate shootings in Portland, one killed and eight
wounded in California, and then one dead and seven injured in Oklahoma festival shootings.
So we continue to see this kind of media attention to gun violence as it should be,
but also what does that mean for all of us?
And I know that the LPRC is working on it.
We often talk about the fusion net here at the LPRC, and one of the things we're continuing to do is how can we at the LPRC
help share information in a more real-time collaborative fashion.
So I know we'll continue to activate
the fusion that when we see it but we're continuing to see this this violent
crime and it is an epidemic and I know that there's a lot of great research
here at the last prevention Research Council that will help with it and with
that I will turn it over to read Thank You Tony Thank You Tom and Thank You
Diego Rodriguez for all the producing,
all the great homework, and all your good insights. Most of all, we thank you all. Stay safe.
Stay connected. If you enjoyed today's episode, you can find more crime science episodes and valuable information at lpresearch.org.
The content provided in the Crime Science Podcast is for informational purposes only and is not a substitute for legal, financial, or other advice.
Views expressed by guests of the Crime Science Podcast are those of the authors and do not reflect the opinions or positions of the Loss Prevention Research Council.