Posts Tagged: ‘credit freeze’

Scam of the day – June 5, 2015 – Major data breach at the Office of Personnel Management

June 5, 2015 Posted by Steven Weisman, Esq.

The Office of Personnel Management (OPM) is the federal agency that deals with federal security clearances and federal employee records and as such contains sensitive personal information of millions of Americans who work for or have worked in the past for the federal government.  Late Thursday, it was announced that hackers had managed to steal employee data on at least four million present and former federal employees.  Although the data breach was announced just yesterday, the breach was first found in April and appears to have originated more than a year ago.  This is the third major data breach in the last year of the federal government following successful hacks into the White House and State Department email systems and the Office of Personal Management which was hacked last summer although at that time the files stolen totaled tens of thousands rather than millions.

Last year’s hacking into the OPM’s computers was thought to be the work of Chinese hackers who appeared to be looking for information on people with top security clearances who might be the targets of further identity theft or even extortion by the Chinese government looking for classified information it could use in commerce, foreign affairs or espionage.  Although it is initially been indicated by federal investigators that the latest OPM data breach was done by Chinese hackers, whether the goal is espionage or identity theft for profit is unclear at the present time.  The Social Security numbers and other personal identifying information targeted in this latest hacking would generally be used for identity theft purposes, but when coupled with other personal information could also be used for extortion purposes of federal employees, some of whom are in sensitive positions or even for finding out the profiles of people who get security clearance in the United States and using that information to tailor the appearance of spies to meet those profiles.

TIPS

The OPM was already in the process of making necessary security changes to prevent this type of hacking by restricting remote access of its computer networks and limiting the Internet accessibility of some information, however, these and other security measures were not fully implemented in time to thwart this massive data breach.

The advice for present and former federal employees is the same as for any victim of a similar data breach.  Check your credit report for free through annualcreditreport.com to see if damage has already been done.  Remember, in this data breach as with most data breaches, the damage has gone on for some time before it is discovered and made public.  Put a credit freeze on your credit report so that someone with your Social Security number will not be able to access your credit report to establish credit in your name.  You may also wish to change user names and passwords for your accounts and make sure that you use unique passwords for every account that you have.  Monitor your bank accounts, investment accounts and credit card accounts for fraudulent use.  You may wish to close accounts and open new ones for extra protection.  Remember, even paranoids have enemies.

Scam of the day – May 13, 2015 – What to do if your email is hacked

May 13, 2015 Posted by Steven Weisman, Esq.

Yesterday I told you about a scam which starts when you receive an email that appears to come from one of your friends, but in actuality is coming from a scammer who has hacked into your friend’s email account is sending out messages that appear to come from your friend touting a product.  We have all received these emails and hopefully, you just immediately delete them after informing your friend that his or her email account has been hacked and scam emails are being sent to everyone on his or her email address list.

But what do you do if you are the person whose email has been hacked?

TIPS

1. Change your password on your email account. If you use the same password for other accounts, you should change those as well.
2. Change your security question. I often suggest that people use a nonsensical security question because the information could not be guessed or gathered online. For instance, you may want the question to be “What is your favorite color?” with the answer being “seven.”
3. Report the hacking to your email provider.
4. Contact the people on your email list and tell them you have been hacked and not to click on links in emails that appear to come from you. 5.  Scan your computer thoroughly with an up to date anti-virus and anti-malware program. This is important because the hacker may have tried to install a keystroke logging malware program that can steal all of the information from your computer.
6. Review the settings on your email, particularly make sure that your email is not being forwarded somewhere.
7. Get a free copy of your credit report. You can get your free credit reports from www.annualcreditreport.com. Some other sites promise free credit reports, but sign you up for other services that you probably don’t want or need.
7. Consider putting a credit freeze on your credit report. You can find information about credit freezes here on Scamicide.com

Scam of the day – April 22, 2015 – Watch out for the Simda botnet

April 21, 2015 Posted by Steven Weisman, Esq.

Recently the Department of Homeland Security joined Interpol and the FBI to issue a serious warning about a botnet called the Simda botnet.  A botnet, as readers familiar with Scamicide will know, is a network of infected computers used by cybercriminals to spread malware.  According to the Department of Homeland Security more than 770,000 computers have already been affected by the Simda botnet which has been around since 2009 preying on computers that are not properly protected by up to date anti-malware software.  The Simda malware not only enables the cybercriminals to use their victims’ computers to spread this and other malware, but it also enables the cybercriminals to steal personal information from the infected computers that make up the botnet and then use that information for purposes of identity theft.

TIPS

Here is a link to which you can go to find out if your computer has been infected with the Simda malware.  http://www.cyberdefense.jp/simda/

If you have been a victim of the Simda malware, you should install anti-virus and anti-malware software to rid your computer of the Simda malware.  You should then change the passwords for all of your accounts because they have been compromised.  You should also get a copy of your credit report from each of the three credit reporting agencies, Equifax, TransUnion and Experian to determine if you have already become a victim of identity theft.  You should also lock up your credit reports with a credit freeze at each of the three credit reporting agencies.  You can find instructions as to how to do this here in the Scamicide archives.

Even if you have not become a victim of the Simda malware, you should make sure that your anti-virus and anti-malware software is constantly updated.

Scam of the day – April 15, 2015 – TIGTA report on income tax identity theft

April 14, 2015 Posted by Steven Weisman, Esq.

The April 15th deadline for the filing of federal income taxes has come and gone, but if you have become a victim of income tax identity theft this tax season, your problems have only just begun. Income tax identity theft occurs when an identity thief files an income tax return using the name and Social Security number of a legitimate taxpayer and claims a refund based generally on a counterfeit W-2.  If you discover that you are a victim of income tax identity theft this year, your problems have just started. According to a recently released report by the Treasury Inspector General for Tax Administration (TIGTA), although the IRS has made some progress in assisting the innocent victims of income tax identity theft in getting their legitimate refunds, it still takes, on average, 278 days to resolve the claim of a victim of income tax identity theft although the IRS routinely tells taxpayers that they can expect their claims to be resolved within 180 days. According to the TIGTA report, the range of time it takes the IRS to resolve an income tax identity theft victim’s account and pay the legitimate refund ranged from a commendable low of 16 days to an inexcusable high of 762 days.

TIPS

So what should you do if you are a new victim of income tax identity theft?    Filing a police report immediately is very important in order to document your claim.  Although this is the era of electronic communications, the next thing you should do is mail to the IRS a paper tax return with an attached Form 14039 Identity Theft Affidavit and the police report.  According to the IRS, this will shave an average of 54 days off the time it takes the IRS to process your claim.   Your case will then be assigned to an IRS employee to assist you with clearing your name and getting your refund. As a victim of identity theft, you also are eligible to receive an Identity Protection Personal Identification Number (IP PIN) to use for future income tax returns to protect you from becoming a victim again of income tax identity theft.  You also should put a credit freeze on your credit report because if someone is able to file an income tax return on your behalf, they have access to your Social Security number which they could also use to access your credit report and obtain credit in your name.  Putting a credit freeze on your credit report will thwart future attempts by an identity thief to access your credit.  You can find information about credit freezes and how to put one on your credit reports at Experian, Equifax and Transunion by going to the Archives section of Scamicide.

Scam of the day – February 27, 2015 – Texas court dismisses data breach class action

February 27, 2015 Posted by Steven Weisman, Esq.

More and more massive data breaches have become a part of everyday life.  Breaches such as recently occurred at Anthem and in the past few years affected Target, Home Depot and many other companies affect just about everyone.  Sometimes the data breaches, such as occurred with Target only affect credit card information, but other data breaches, such as the recent Anthem data breach result in much personal information being stolen which can then be used to turn the person whose information has been stolen into a victim of identity theft.  Recently a number of class actions on behalf of the victims of these data breaches have been filed against the breached companies for failing to use proper security measures.  Recently the Federal District Court for Southern Texas dismissed a class action brought by Beverly Peters on behalf of herself and others whose information had been compromised following a February 2014 data breach affecting 405,000 employees and patients of the St. Joseph Health System, a Texas hospital and health clinic company.  The class action was dismissed by the court because as of the date of the court hearing there was no evidence that any of the people affected had become victims of identity theft.

TIPS

The problem with this decision is that in many instances, identity thieves wait before using the stolen information in the hope that as time goes by, people will be less vigilant in guarding their identities.  In massive data breaches such as the one suffered by the St. Joseph Health System, the hackers often steal all of the information and then sell it in batches on black market websites to identity thieves whose use of the information results in the victims suffering identity theft.  While credit monitoring is often offered on a free basis, as it was in this case, by the hacked company following the data breach, credit monitoring does nothing to stop identity theft.  It only tells you that you have become a victim sooner than you might otherwise become aware.  A much better alternative is to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian.  This will prevent even someone with your personal information from accessing your credit report to obtain credit in your name and thus help keep you from becoming a victim of identity theft.  You can find information in the Archives of Scamicide about how to put a credit freeze on your credit reports.

Scam of the day – February 19, 2015 – Anthem data breach update

February 19, 2015 Posted by Steven Weisman, Esq.

As I reported to you right after it happened earlier this month, Anthem, a major care health care company suffered a data breach that could affect as many as 80 million Americans.  The data stolen included birth dates, Social Security numbers and other information putting the affected victims in extreme danger of identity theft.  Anthem is now offering free identity theft repair and credit monitoring services to current or former members of affected Anthem plans going back to 2004.  This includes customers of Anthem, Inc. companies Amerigroup, Anthem and Empire Blue Cross Blue Shield companies, Caremore and Unicare.  It also includes customers of affiliated Blue Cross and Blue Shield companies who used their Blue Cross Blue Shield insurance in any of the states where Anthem, Inc. does business.  Those state are California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin.

TIPS

Anthem has contracted with AllClear ID to provide two years of identity theft repair and credit monitoring services to affected customers.  Identity repair assistance is available without enrollment by merely calling AllClear ID at 877-263-7995.  Additionally, affected customers may enroll at no charge in the AllClear PRO credit monitoring service during this two year period.  You can enroll either by phone at 877-263-7995 or online at https://anthem.allclearid.com/

Additionally although neither Anthem nor AllClear ID provides this service, if you were a victim of this data breach, it would be advisable to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian.  You can find more information about credit freezes and how to put them on your credit reports at no charge by going to the Scamicide archives.

Scam of the day – February 12, 2015 – Anthem hacking lawsuits filed

February 11, 2015 Posted by Steven Weisman, Esq.

Although the disclosure of the hacking and data breach at Anthem, the country’s second largest health insurance company was only disclosed eight days ago, the first lawsuits alleging negligence on the part of Anthem in failing to take proper steps to protect the personal data on the as many as 80 million Anthem customers were filed in Indiana, California, Alabama and Georgia.  It now appears that the actual hacking was first detected by Anthem on January 27th, but started as early as December 10th.  Once again, as is the pattern with so many major data breaches, it appears that the hackers gained access to Anthem’s, what have been reported to be, unencrypted data bases through phishing emails that tricked five Anthem employees  into either providing their passwords or clicking on malware loaded links that stole the passwords from the Anthem employees’ computers.

TIPS

Many companies are just not doing enough to protect their sensitive data including personal information of their customers.   There are many steps that companies can and should be taking including greater encryption of data, employee education about phishing and limiting of access to information from off-site computers.  Whether companies need to be prompted by lawsuits or legislation, the problem is so significant that companies must take action now to better protect themselves from hacking.

As for we, the customers, all we can do is try to limit as best we can the personal information provided to the companies with which we do business (your doctor, does not need your Social Security number) and monitor our financial and medical dealings for signs of identity theft.  Putting a credit freeze on your credit reports at each of the three major credit reporting agencies is another good step to take in order to reduce your risk of identity theft.  You can find information about how to put a credit freeze on your credit reports here on Scamicide in the archives.

Scam of the day – February 9, 2015 – Break-in at Liberty Tax preparers

February 8, 2015 Posted by Steven Weisman, Esq.

Earlier this week burglars broke into the office of Liberty Tax in Highland, California and stole paper customer files as well as computers used in the office.  Liberty Tax is a nationally franchised tax preparation organization.  According to the San Bernadino County Sheriff’s Department, the thieves obtained the names, addresses and Social Security numbers of “a large number of clients” as well as credit card information of some clients.  Obviously this puts the affected customers in great danger of identity theft.

TIPS

Affected Liberty Tax customers should immediately put a credit freeze on their credit reports at each of the three major credit reporting bureaus if they do not already have credit freezes in place.  You can find information about how to put credit freezes on your credit reports by going to the archives of Scamicide.  Accountants and tax preparers will, by the nature of their business have much sensitive personal information of their clients, which means that it is incumbent upon all of us who use accountants or tax preparers to inquire about what they do to protect the security of physical documents and computerized data.  All sensitive electronic data should be encrypted.  In addition, many identity thieves pose as tax preparers in order to gain access to personal information of their victims for purposes of identity theft.  Before you choose a tax preparer you should investigate him or her thoroughly.  Make sure they are registered with the IRS and look into whether they have had any charges or disciplinary actions taken against them.

Scam of the day – February 6, 2015 – Massive data breach at health insurer Anthem, Inc.

February 5, 2015 Posted by Steven Weisman, Esq.

Anthem, Inc, the country’s second largest health insurance company has announced that it has suffered a massive data breach in which personal information on up to 80 million of its customers and staff were stolen including personal information of its President and CEO, Joseph R. Swedish.  Included in the compromised personal information was names, birthdates, medical IDs, Social Security numbers, street addresses and email addresses.  This is a veritable treasure trove of data for identity thieves.  According to Anthem, no credit card data was stolen, however, this is of little consolation to those people who the victims of this data breach as the amount of information that was stolen on each victim is quite sufficient to be translated into making them victims of identity theft.  Once again, this shows that you are only as safe as the places that hold your personal information.

Particularly troubling is the theft of the medical IDs which brings up the possibility of medical identity theft which occurs when someone uses your information to gain access to your medical insurance and which can cause the identity thief’s medical information to be included on the victim’s medical record.  This can result in someone receiving a transfusion of the wrong blood type or other potentially deadly results.  Correcting medical records tainted by medical identity theft is quite difficult.  You can go to the archives of Scamicide for more information about medical identity theft and what you can do about it.

TIPS

At the moment, we do not know how the breach was accomplished, but the FBI and Mandiant a private cybersecurity firm are investigating the breach.  As soon as it is determined how the breach occurred, I will report it to you.  Meanwhile, if you are an Anthem customer, you should assume that you may be affected.  Anthem has set up a website to which you can go for the latest information about the breach.  it is www.AnthemFacts.com.  Anthem has also set up a toll free number for present and past Anthem customers to call for further information.  That number is 1-877-263-7995.   It is important to remember that you may be contacted by an email or text message that appears to come from Anthem asking you for information or to click on links.  Do not do so.  The communications may be from other identity thieves seeking information.  If you have any questions after receiving such an email, you should go directly to the Anthem website www.AnthemFacts.com or call them at the toll free number indicated above.  Also, this is a good time, if you have not done so, to consider putting a credit freeze on your credit report.  You can find out how to do this in the Archives of Scamicide.  Finally, if you are a Anthem customer, you should also start monitoring all of your financial accounts more regularly for any evidence of fraud.

Scam of the day – December 8, 2014 – Continuing saga of the Sony data breach

December 8, 2014 Posted by Steven Weisman, Esq.

By now, everyone is aware of the massive data breach at Sony Pictures Entertainment.  The extent of the attack was unprecedented.  The hackers disabled its internal computer systems as well as stole and then leaked five major movies including the recent Brad Pitt movie, “Fury” and the yet to be released new version of “Annie.”  In addition, and most damaging to those people affected, the hackers also accessed files with personal information of 47,000 Sony employees that included their Social Security numbers thereby placing those employees, including Sylvester Stallone and Judd Apatow in serious danger of identity theft.  One of the troubling aspects to this hacking is that much of the stolen material was easily accessed by opening an unprotected file directory entitled “Password” that contained thousands of Sony passwords to its internal computers, social media accounts and web services accounts.  The North Korean government has been considered by many to be behind this attack, which contains many similarities to similar attacks done by the North Korean government against South Korean businesses and government agencies.  The motive behind the attack has been thought to be in retaliation for the upcoming Sony movie “The Interview” starring James Franco and Seth Rogen which is a comedy involving a CIA plot to assassinate North Korean leader Kim Jon-Un.  Investigators are still trying to determine the actual source of the attack.

TIPS

Despite Sony’s statements that it did everything in its power to prevent such an attack, such statements seem disingenuous, when you consider the unprotected “Password” computer file, the failure of Sony to limit Internet access to sensitive files and the lack of basic security measures that would have provided much protection against such an attack.  Hopefully, this hacking will serve as a much needed wake up call to companies to increase their security immediately.  As for individual victims of the hacking whose Social Security numbers have been compromised, they should immediately contact the three major credit reporting agencies, Equifax, TransUnion and Experian and place a credit freeze on their credit reports to limit access to their credit reports by identity thieves who may have their Social Security numbers.  You can go to the Scamicide.com archives to see how to put a credit freeze on your account.  They should also carefully monitor all of their financial accounts much more often for the first signs of identity theft.