Steve Weisman’s latest USA Today column

June 27, 2015 Posted by Steven Weisman, Esq.

Here is a link to Steve’s latest column for USA Today about online travel scams:

http://www.usatoday.com/story/money/personalfinance/2015/06/27/beware-of-online-vacation-scams/29354675/

Update on June 26, 2015 Scam of the day

June 27, 2015 Posted by Steven Weisman, Esq.

Yesterday, I reported to you about Samsung’s disabling of Microsoft’s automatic Windows Update by which Microsoft automatically sends the latest security patches and updates to your computer and thereby prevents any delays in protecting your computer if you use Microsoft Windows.  After much protest, Samsung has agreed to stop disabling Windows Update and issued the following public statement:  “We will be issuing a patch through the Samsung Software Update notification process to revert back to the recommended automatic Windows Update settings within a few days.”

Scam of the day – June 27, 2015 – Attorney General announces 243 Medicare fraud arrests

June 27, 2015 Posted by Steven Weisman, Esq.

Recently, Attorney General Loretta Lynch announced the arrests of 243 people around the country as a result of numerous investigations by the FBI, Medicare Fraud Units and other law enforcement agencies regarding Medicare and Medicaid fraud throughout the country.  Health care fraud costs taxpayers tens of billions of dollars each year as doctors, nurses, pharmacy owners and just plain criminals cheat the health care system by billing for medical equipment that isn’t provided or needed, services that never were performed and, in one of the fastest growing areas of health care fraud billing for drugs that are never dispensed.

TIPS

As for us as individuals, the question becomes what can we do both to protect ourselves from health care fraud and to also help keep the system itself more secure.  One of the most important things all of us can do is to carefully read the Explanation of Benefits form we receive from our medical insurers including Medicare that detail payments by our health care insurers.  Too many people merely look at the bottom right corner to merely see if anything must be paid out of pocket and fail to notice early evidence of insurance fraud.   Also never sign a blank insurance claim form or give blanket authorization to a medical care provider to bill for services rendered.  There are no free lunches or medical equipment for that matter so if you are told that you can receive free medical equipment merely by providing your Medicare number or insurance information you should be wary.

 

Scam of the day – June 26, 2015 – Samsung disables Windows Updates

June 25, 2015 Posted by Steven Weisman, Esq.

Samsung is not having a particular good week.  First, as I reported to you in June 21st’s Scam of the Day a long standing security flaw in millions of Samsung’s Galaxy smartphones was disclosed and, as of today, still remains unpatched and now, Microsoft engineer Patrick Barker has found a program with Samsung’s computer software that disables Windows Updates from running automatically.  This means that if you have a Samsung computer, it is necessary for you to manually update your computer with the latest Windows security patches each time they are issued.  Not only is this an inefficient way to install critical security updates that are necessary to protect you from hacking and other dangers, but most Samsung computer users probably did not even know that this Samsung disabling program even existed.  For regular readers of Scamicide, you are at least protected to some extent because whenever Microsoft issues a new Windows security update, we publish it with the links you need to download the necessary patches.  However, automatic updating of your computer’s software is always the better option.  Hackers and identity thieves consistently take advantage of people, companies and government agencies that fail to promptly update their software when security patches are released.

TIPS

If you have a Samsung computer, there is nothing you can do to turn off your computer’s software program that disables Windows Updates from running automatically because even if you turn Windows Updates back on, your computer will automatically disable it again the very next time your computer is rebooted.  Therefore it is incumbent upon you, if you have a Samsung computer to make sure that you update your Windows software with the latest security patches on your own as soon as they become available.  You can either monitor Microsoft’s website or just follow Scamicide each day and we will alert you when updates are issued.

Scam of the day – June 25, 2015 – Online hotel booking scams

June 24, 2015 Posted by Steven Weisman, Esq.

Booking a hotel room online for a vacation can be an easy and cost-effective way to start a vacation.  It can also be an easy way to be scammed. It has been estimated that as many as 2.5 million annual hotel bookings end up being scams.  The scam starts when you go online to search for a good deal on a hotel room in a popular vacation location.  Often people start their search using a search engine, such as Google and type in words like “discount hotel in Orlando.”  Merely because a website comes up high in a Google search does not mean that it is legitimate. It only means that the scammer knows how to manipulate the algorithms used by Google to get a good position in a search.  Sometimes the scam website uses the logos of well-known hotel chains although they are not connected to the hotel chain.  When you make a reservation with these scam websites, you run the risk of one of two problems.  The first is that you will end up paying more than you would have at a legitimate website because of hidden charges or second and worst, you many not get anything other than your credit card number stolen and used to make you a victim of identity theft.

So how do you recognize a scam travel website?

TIPS

Probably the best thing to do is to stick with well-established discount travel sites such as Kayak, Expedia, Trivago or Orbitz.  You also may get a good deal by going directly to the website of the hotel chain in which you are interested.  You should also not use your debit card for a reservation.  Using a credit card will make it easier for you to dispute and have removed any fraudulent charges.  Finally, make sure whenever you transmit personal information such as a credit card online that the URL is preceded by “https” rather than just “http.”  The “s” means that your data is being protected by encryption while being transmitted.

Scam of the day – June 24, 2015 – Flood damaged car scams

June 24, 2015 Posted by Steven Weisman, Esq.

The recent horrendous rain storms and flooding experienced in the Midwest and Southeast areas of the United States will undoubtedly bring back a scam in which unscrupulous scam artists will purchase water damaged cars, bring them to another state to re-register them and then attempt to sell them to unwary consumers without informing them of the storm damage which the cars underwent.  This practice of transporting a car to another state and re-registering it in an effort to hide the damage is called “title washing.”

TIPS

Whenever you purchase a used car you should always get a full report on its history.  The United States Department of Justice operates The National Motor Vehicle Title Information System (NMVTIS) which provides much information about used cars.  The NMVTIS provides a list of various companies such as Carfax that have been approved to provide reliable reports.  these companies charge between $2.95 and $12.99 for a report that will provide detailed information on any used car you are considering purchasing.    It is also important to understand the terminology in these reports.  A “salvage title” means the car was declared a total loss by the insurance company while a “flood title” means the car has incurred damage from water deep enough to fill the engine compartment.  Either designation should give you pause. Also, you should have a mechanic whom you trust always check out any used car that you are considering buying.

Scam of the day – June 23, 2015 – Another major health care data breach

June 23, 2015 Posted by Steven Weisman, Esq.

Medical software company, Medical Informatics Engineering (MIE) became the latest of a long line of companies in the health care industry to become a victim of a significant data breach.  As I warned people in my USA Today column last December in which I made my predictions for the year 2015, data breaches in the health care industry will be happening with greater frequency as a result of the unfortunate combination of the health care industry in general not doing a particularly good job of protecting its data and its data being very attractive to identity thieves. http://www.usatoday.com/story/money/personalfinance/2014/12/20/cyber-hack-data-breach/20601043/

MIE just recently announced that its main network had been hacked on May 7th and was discovered on May 26th.  The data stolen included names, addresses, birth dates, Social Security numbers and health records, all of which put the victims of this breach in serious jeopardy of identity theft.  Although the full extent of the data breach has not yet been determined, among the company’s clients are Concentra which operates more than 300 medical facilities in 38 states.  Some of the other specific facilities affected include Fort Wayne Neurological Center, Franciscan St. Francis Health Indianapolis, Gynecology Center, Inc., Fort Wayne and the Rochester Medical Group.

TIPS

MIE has indicated that it will be notifying patients for whom they have mailing addresses with information about the data breach although as a  supplier of medical software to institutions, it may well not have addresses on all affected individuals.  If you receive an email purporting to be from MIE, you should ignore it as it is a phishing email seeking to obtain personal information from you in order to make you a victim of identity theft.  MIE is not contacting affected individuals by email or text messages.

MIE is offering free credit monitoring and identity theft protection services to those people affected by the data breach.  For information about the program, you can go to a special section of the company’s website by clicking on this link.  http://www.mieweb.com/notice/ or you can call a special toll-free hotline established by the company to answer any questions people may have about the data breach.  The number is 866-328-1987.

 

Scam of the day – June 22, 2015 – Employee lawsuit against Sony continues

June 22, 2015 Posted by Steven Weisman, Esq.

In the wake of the major data breach at Sony Pictures Entertainment last year in which sensitive personal information including Social Security numbers and health data on thousands of present and former employees, nine former employees affected by the data breach sued Sony alleging that it was negligent in failing to protect their personal information.  I first reported to you about this lawsuit, Corona et al v. Sony Pictures Entertainment in my Scam of the day for March 13, 2015.

Recently Federal District Court Judge Gary Klausner  dismissed a motion by Sony to dismiss the case.  In his decision, Judge Klausner ruled that Sony created a “special relationship” with its employees by requiring them to provide personal information in order to be eligible for salaries and benefits and that this relationship carried with it a duty to protect that information, particularly in the light of Sony’s failure to institute proper security following the 2011 breach of its PlayStation video  game network.

The hacking of Sony should be a wake-up call to all companies.  Despite Sony’s assertions that this was an unprecedented attack and that Sony had taken proper data security precautions, the facts do not support those assertions.  The list of Sony’s failings are many.  Data banks were not properly segregated.  The company was particularly susceptible to phishing attacks.  It retained personal information long after it was necessary and it kept an unencrypted file entitled “Passwords” with a compendium of passwords providing ready access to the hackers to sensitive information.  These are just a few of Sony’s failings.

If Sony is ultimately held responsible to its employees and former employees by the court in this case, you can well expect other employees and customers of companies affected by similar data breaches will follow suit and seek redress in the courts.

TIPS

There is little that we as consumers and employees of companies that hold our personal information can do to protect ourselves from data breaches other than to inquire of these companies as to what steps they take to protect the personal information that they hold and to refrain from doing business with companies that do not provide a satisfactory answer.  Additionally, we should try to limit as much as possible the personal information that we provide to such companies.  For instance, your medical care providers do not need your Social Security number although most medical care providers routinely ask for it.

Scam of the day – June 21, 2015 – Millions of Samsung phones vulnerable to hacking

June 21, 2015 Posted by Steven Weisman, Esq.

A security flaw in Samsung Galaxy smartphone models S4, S4 Mini, S5 and S6 has been found that makes the phones vulnerable to being hacked in a manner that can give the hacker control over the smartphone’s microphone and camera, access text messages and be able to download malicious apps.  This flaw affects as many as six hundred million Samsung Galaxy smartphones and was discovered by Ryan Welton of the security firm NowSecure seven months ago and it was reported to Samsung immediately.  NowSecure agreed, at the time, to keep their discovery a secret in order to give Samsung time to develop a patch.  After seven months without Samsung releasing a patch, NowSecure decided it was important to go public with the information and did so this past week at a conference in London.

On a positive note, this hacking can only be done when the keyboard software is applying an update, however, the seriousness of the vulnerability makes it very dangerous.  In particular, companies whose employees use these smartphones may find them targeted by countries like China that make it a practice to spy on companies to gather trade secrets.  In addition, the Samsung Galaxy smartphones have been approved by the National Security Agency (NSA) for use by federal government employees, who are also the targets of surveillance by foreign countries.

TIPS

Samsung has issued the following statement regarding the problem, “We are aware of the recent issue… and are committed to providing the latest in mobile security.  “Samsung KNOX” which is Samsung’s mobile security program, “has the capability to update the security policy of the phones, over the air to invalidate any potential vulnerabilities caused by this issue. The security policy will begin rolling out in a few days.”

NowSecure, the company that discovered the flaw suggests that until the problem is resolved, those people affected should avoid insecure Wi-Fi networks, which is good advice for everyone, and use another device, if possible.  You should also contact your smartphone carrier for the latest information about the timing of a security patch.

Here is a link to  NowSecure’s report on this problem which contains a  list of all of the affected Samsung Galaxy smartphones so you can find out if your phone is affected: https://www.nowsecure.com/keyboard-vulnerability/

Scam of the day – June 20, 2015 – Password manager suffers data breach

June 20, 2015 Posted by Steven Weisman, Esq.

Having unique, complicated passwords for each of your accounts is an essential element of electronic security.  However, remembering all of your passwords can be a difficult task for many people, which is why so many people use online password managers, which store all of your passwords for you.  These companies, however, are tempting targets for identity thieves.  A few days ago, online password manager company LastPass announced that it had suffered a data breach in which customers’ email addresses, password reminders and encrypted master passwords were taken.  Although the encryption of the master passwords may be sufficient to protect those passwords, this data breach is a major problem.

TIPS

If you are a customer of LastPass, the company is advising you to use multifactor authentication by which a one-time code is sent as a text message to the user’s smartphone to use in addition to their password when they log into their accounts from a device not recognized as belonging to the user.

LastPass customers should also be wary of any emails they receive that appear to come from LastPass asking them to update or provide personal information as these emails will undoubtedly be from the identity thieves who hacked LastPass seeking the personal information to gain access to the accounts of their intended victims.

Although password manager companies can be very useful, I still think that you can protect yourself by using the password strategy I described in June 18th’s Scam of the day without the risks of using a password manager company.