Posts Tagged: ‘credit freeze’

Scam of the day – February 27, 2015 – Texas court dismisses data breach class action

February 27, 2015 Posted by Steven Weisman, Esq.

More and more massive data breaches have become a part of everyday life.  Breaches such as recently occurred at Anthem and in the past few years affected Target, Home Depot and many other companies affect just about everyone.  Sometimes the data breaches, such as occurred with Target only affect credit card information, but other data breaches, such as the recent Anthem data breach result in much personal information being stolen which can then be used to turn the person whose information has been stolen into a victim of identity theft.  Recently a number of class actions on behalf of the victims of these data breaches have been filed against the breached companies for failing to use proper security measures.  Recently the Federal District Court for Southern Texas dismissed a class action brought by Beverly Peters on behalf of herself and others whose information had been compromised following a February 2014 data breach affecting 405,000 employees and patients of the St. Joseph Health System, a Texas hospital and health clinic company.  The class action was dismissed by the court because as of the date of the court hearing there was no evidence that any of the people affected had become victims of identity theft.

TIPS

The problem with this decision is that in many instances, identity thieves wait before using the stolen information in the hope that as time goes by, people will be less vigilant in guarding their identities.  In massive data breaches such as the one suffered by the St. Joseph Health System, the hackers often steal all of the information and then sell it in batches on black market websites to identity thieves whose use of the information results in the victims suffering identity theft.  While credit monitoring is often offered on a free basis, as it was in this case, by the hacked company following the data breach, credit monitoring does nothing to stop identity theft.  It only tells you that you have become a victim sooner than you might otherwise become aware.  A much better alternative is to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian.  This will prevent even someone with your personal information from accessing your credit report to obtain credit in your name and thus help keep you from becoming a victim of identity theft.  You can find information in the Archives of Scamicide about how to put a credit freeze on your credit reports.

Scam of the day – February 19, 2015 – Anthem data breach update

February 19, 2015 Posted by Steven Weisman, Esq.

As I reported to you right after it happened earlier this month, Anthem, a major care health care company suffered a data breach that could affect as many as 80 million Americans.  The data stolen included birth dates, Social Security numbers and other information putting the affected victims in extreme danger of identity theft.  Anthem is now offering free identity theft repair and credit monitoring services to current or former members of affected Anthem plans going back to 2004.  This includes customers of Anthem, Inc. companies Amerigroup, Anthem and Empire Blue Cross Blue Shield companies, Caremore and Unicare.  It also includes customers of affiliated Blue Cross and Blue Shield companies who used their Blue Cross Blue Shield insurance in any of the states where Anthem, Inc. does business.  Those state are California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin.

TIPS

Anthem has contracted with AllClear ID to provide two years of identity theft repair and credit monitoring services to affected customers.  Identity repair assistance is available without enrollment by merely calling AllClear ID at 877-263-7995.  Additionally, affected customers may enroll at no charge in the AllClear PRO credit monitoring service during this two year period.  You can enroll either by phone at 877-263-7995 or online at https://anthem.allclearid.com/

Additionally although neither Anthem nor AllClear ID provides this service, if you were a victim of this data breach, it would be advisable to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian.  You can find more information about credit freezes and how to put them on your credit reports at no charge by going to the Scamicide archives.

Scam of the day – February 12, 2015 – Anthem hacking lawsuits filed

February 11, 2015 Posted by Steven Weisman, Esq.

Although the disclosure of the hacking and data breach at Anthem, the country’s second largest health insurance company was only disclosed eight days ago, the first lawsuits alleging negligence on the part of Anthem in failing to take proper steps to protect the personal data on the as many as 80 million Anthem customers were filed in Indiana, California, Alabama and Georgia.  It now appears that the actual hacking was first detected by Anthem on January 27th, but started as early as December 10th.  Once again, as is the pattern with so many major data breaches, it appears that the hackers gained access to Anthem’s, what have been reported to be, unencrypted data bases through phishing emails that tricked five Anthem employees  into either providing their passwords or clicking on malware loaded links that stole the passwords from the Anthem employees’ computers.

TIPS

Many companies are just not doing enough to protect their sensitive data including personal information of their customers.   There are many steps that companies can and should be taking including greater encryption of data, employee education about phishing and limiting of access to information from off-site computers.  Whether companies need to be prompted by lawsuits or legislation, the problem is so significant that companies must take action now to better protect themselves from hacking.

As for we, the customers, all we can do is try to limit as best we can the personal information provided to the companies with which we do business (your doctor, does not need your Social Security number) and monitor our financial and medical dealings for signs of identity theft.  Putting a credit freeze on your credit reports at each of the three major credit reporting agencies is another good step to take in order to reduce your risk of identity theft.  You can find information about how to put a credit freeze on your credit reports here on Scamicide in the archives.

Scam of the day – February 9, 2015 – Break-in at Liberty Tax preparers

February 8, 2015 Posted by Steven Weisman, Esq.

Earlier this week burglars broke into the office of Liberty Tax in Highland, California and stole paper customer files as well as computers used in the office.  Liberty Tax is a nationally franchised tax preparation organization.  According to the San Bernadino County Sheriff’s Department, the thieves obtained the names, addresses and Social Security numbers of “a large number of clients” as well as credit card information of some clients.  Obviously this puts the affected customers in great danger of identity theft.

TIPS

Affected Liberty Tax customers should immediately put a credit freeze on their credit reports at each of the three major credit reporting bureaus if they do not already have credit freezes in place.  You can find information about how to put credit freezes on your credit reports by going to the archives of Scamicide.  Accountants and tax preparers will, by the nature of their business have much sensitive personal information of their clients, which means that it is incumbent upon all of us who use accountants or tax preparers to inquire about what they do to protect the security of physical documents and computerized data.  All sensitive electronic data should be encrypted.  In addition, many identity thieves pose as tax preparers in order to gain access to personal information of their victims for purposes of identity theft.  Before you choose a tax preparer you should investigate him or her thoroughly.  Make sure they are registered with the IRS and look into whether they have had any charges or disciplinary actions taken against them.

Scam of the day – February 6, 2015 – Massive data breach at health insurer Anthem, Inc.

February 5, 2015 Posted by Steven Weisman, Esq.

Anthem, Inc, the country’s second largest health insurance company has announced that it has suffered a massive data breach in which personal information on up to 80 million of its customers and staff were stolen including personal information of its President and CEO, Joseph R. Swedish.  Included in the compromised personal information was names, birthdates, medical IDs, Social Security numbers, street addresses and email addresses.  This is a veritable treasure trove of data for identity thieves.  According to Anthem, no credit card data was stolen, however, this is of little consolation to those people who the victims of this data breach as the amount of information that was stolen on each victim is quite sufficient to be translated into making them victims of identity theft.  Once again, this shows that you are only as safe as the places that hold your personal information.

Particularly troubling is the theft of the medical IDs which brings up the possibility of medical identity theft which occurs when someone uses your information to gain access to your medical insurance and which can cause the identity thief’s medical information to be included on the victim’s medical record.  This can result in someone receiving a transfusion of the wrong blood type or other potentially deadly results.  Correcting medical records tainted by medical identity theft is quite difficult.  You can go to the archives of Scamicide for more information about medical identity theft and what you can do about it.

TIPS

At the moment, we do not know how the breach was accomplished, but the FBI and Mandiant a private cybersecurity firm are investigating the breach.  As soon as it is determined how the breach occurred, I will report it to you.  Meanwhile, if you are an Anthem customer, you should assume that you may be affected.  Anthem has set up a website to which you can go for the latest information about the breach.  it is www.AnthemFacts.com.  Anthem has also set up a toll free number for present and past Anthem customers to call for further information.  That number is 1-877-263-7995.   It is important to remember that you may be contacted by an email or text message that appears to come from Anthem asking you for information or to click on links.  Do not do so.  The communications may be from other identity thieves seeking information.  If you have any questions after receiving such an email, you should go directly to the Anthem website www.AnthemFacts.com or call them at the toll free number indicated above.  Also, this is a good time, if you have not done so, to consider putting a credit freeze on your credit report.  You can find out how to do this in the Archives of Scamicide.  Finally, if you are a Anthem customer, you should also start monitoring all of your financial accounts more regularly for any evidence of fraud.

Scam of the day – December 8, 2014 – Continuing saga of the Sony data breach

December 8, 2014 Posted by Steven Weisman, Esq.

By now, everyone is aware of the massive data breach at Sony Pictures Entertainment.  The extent of the attack was unprecedented.  The hackers disabled its internal computer systems as well as stole and then leaked five major movies including the recent Brad Pitt movie, “Fury” and the yet to be released new version of “Annie.”  In addition, and most damaging to those people affected, the hackers also accessed files with personal information of 47,000 Sony employees that included their Social Security numbers thereby placing those employees, including Sylvester Stallone and Judd Apatow in serious danger of identity theft.  One of the troubling aspects to this hacking is that much of the stolen material was easily accessed by opening an unprotected file directory entitled “Password” that contained thousands of Sony passwords to its internal computers, social media accounts and web services accounts.  The North Korean government has been considered by many to be behind this attack, which contains many similarities to similar attacks done by the North Korean government against South Korean businesses and government agencies.  The motive behind the attack has been thought to be in retaliation for the upcoming Sony movie “The Interview” starring James Franco and Seth Rogen which is a comedy involving a CIA plot to assassinate North Korean leader Kim Jon-Un.  Investigators are still trying to determine the actual source of the attack.

TIPS

Despite Sony’s statements that it did everything in its power to prevent such an attack, such statements seem disingenuous, when you consider the unprotected “Password” computer file, the failure of Sony to limit Internet access to sensitive files and the lack of basic security measures that would have provided much protection against such an attack.  Hopefully, this hacking will serve as a much needed wake up call to companies to increase their security immediately.  As for individual victims of the hacking whose Social Security numbers have been compromised, they should immediately contact the three major credit reporting agencies, Equifax, TransUnion and Experian and place a credit freeze on their credit reports to limit access to their credit reports by identity thieves who may have their Social Security numbers.  You can go to the Scamicide.com archives to see how to put a credit freeze on your account.  They should also carefully monitor all of their financial accounts much more often for the first signs of identity theft.

Scam of the day – November 11, 2014 – New study on effectiveness of phishing

November 11, 2014 Posted by Steven Weisman, Esq.

Phishing, as you probably know, is the term for the tactic used by scammers and identity thieves who pose as a legitimate company, government agency or some other person or entity you trust and lure you into providing personal information that can either be used to make you or someone you know a victim of identity theft.  Recently, Google and the University of California, San Diego completed a study that showed just how effective phishing is.  A common phishing technique is to send an email to someone with a link directing them to a phony, but legitimate appearing website.  Other times, the phony email itself contains a request for personal information.  Startlingly, the study showed that at teh most effective of these phishing websites up to 45% of people targeted provided the information requested.  Sometimes, the scammers are merely looking to take over your email account so that they can send targeted emails to people on your email list that appear to come from you and may be directed to your friends by name.  This type of phishing is called spear phishing.   Phishing is a tremendously effective scam technique and was at the core of the hacking of Target, Home Depot and many other companies and people.

TIPS

Never click on links or download attachments unless you are absolutely sure that they are legitimate.  Even if they appear to be in an email or text message from a friend, you cannot trust the communication because your friend’s account may have been hijacked by an identity thief or scammer.  Never provide personal information on websites unless you have confirmed that it is legitimate.

If your email account is compromised here are the steps to take:

1. Change your password on your email account. If you use the same password for other accounts, you should change those as well.
2. Change your security question. I often suggest that people use a nonsensical security question because the information could not be guessed or gathered online. For instance, you may want the question to be “What is your favorite color?” with the answer being “seven.”
3. Report the hacking to your email provider.
4. Contact people on your email list and let them know you have been hacked and not to click on links in emails that may appear to come from you. You have already done this.
5. Scan your computer thoroughly with an up to date anti-virus and anti-malware program. This is important because the hacker may have tried to install a keystroke logging malware program that can steal all of the information from your computer.
6. Review the settings on your email, particularly make sure that your email is not being forwarded somewhere.
7. Get a free copy of your credit report. You can get your free credit reports from www.annualcreditreport.com. Some other sites promise free credit reports, but sign you up for other services that you probably don’t want or need.
8. Consider putting a credit freeze on your credit report. You can find information about credit freezes here on Scamicide.

Scam of the day – October 5, 2014 – More banks hacked by suspected hackers of J.P. Morgan Chase

October 4, 2014 Posted by Steven Weisman, Esq.

With news of the massive data breach at J.P. Morgan Chase in which names, addresses, phone numbers and email addresses of 76 million households and 7 million small businesses were stolen by what appears to be Russian hackers who may or may not be affiliated with the Russian government dominating the news, it seems perfectly appropriate to wish you a happy National Cybersecurity Awareness month.  As frightening as the spectre of a major American bank being vulnerable to vulnerable to such a massive data breach, you may remember that when the story broke last August of the possible data breach at J.P. Morgan Chase, reports were that there were as many as four other banks that had similarly been hacked.  Now, according to a report in the New York Times, that number is actually risen to nine other major financial institutions that may have suffered data breaches at the hands of the same hackers.  Therefore even if you are not a customer of J.P. Morgan Chase, you should be extra vigilant in regard to all of your financial accounts.

TIPS

Now is the time to implement a eight step approach to protecting yourself from identity theft and data breaches.  The first step is to change your password regularly, such as every six months.  A good password has a mixture of capital letters, small letters, symbols and digits.  Don’t use any word in the dictionary because hackers have computer programs that can guess your password. Instead use a phrase, such as IHate2UsePasswords!!.  This is a very secure password.  You should also have a separate and distinct password for each of your accounts, but you can merely adapt this basic password by adding a couple of distinguishing letters for each account.  For example, you could make this your Amazon password by adding the letters “Am” at the end of your basic password so it reads IHate2UsePasswords!!Am.  This is easy to remember.

You should also use dual factor authentication on your accounts when available.  Dual factor identification provides you with an extra level of security by which more than a password is necessary to gain access to your account.  Generally, when you log in through your password to an account a code is then sent to your smartphone which you then must input in order to access your account.

You also should change the answer to your security question to something completely nonsensical.  Answering a security question is required if you forget your password or if you want to change your password.  Unfortunately the answers to common security questions, such as your mother’s maiden name can be found with a little effort by an identity thief in the many places on the Internet that store personal information.  So instead of the answer to your mother’s maiden name being “Jones,” change it to “Grapefruit.”  No identity thief will find it or guess it and it is silly enough for you to remember.

Don’t click on links or download attachments in any email, text message or social media posting unless you have absolutely confirmed that it is legitimate.  Identity thieves and hackers lure people into clicking on links in such communications that results in the victims downloading keystroke logging malware that can steal all of the information from your computer.

Don’t provide personal information over the phone to anyone whom you have not called.  You can never be sure if the person calling you is legitimate regardless of how compelling the reason he or she gives for you to provide personal information.  Don’t rely on your Caller ID because through a technique called “spoofing” an identity thief can make it appear that his or her call is from the IRS, your bank or some other legitimate entity.  If you think the call may be legitimate, hang up and call the company or agency at a number that you know is real, not the number the caller gives you.

Review all of your accounts regularly and carefully to note the smallest charge that should not be there.  Sometimes identity thieves will put regular reoccurring charges on your credit card or phone bill in the hope that you will not bother to look further into it because the charge is so small.  The earlier you catch identity theft, the easier it is to deal with.

Check your credit report from each of the three major credit reporting agencies every year for evidence of fraud or even mistakes that need to be corrected.  Here is the link to the only official place to get your free credit report https://www.annualcreditreport.com/index.action

Put a credit freeze on your credit report so that even if an identity thief obtains your Social Security number, he or she cannot gain access to your credit report.  Yesterday’s Scam of the day contains the links to the credit reporting agencies to use to freeze your credit.

Scam of the day – October 4, 2014 – J.P. Morgan update and credit freeze information

October 4, 2014 Posted by Steven Weisman, Esq.

Last Thursday, in a required SEC filing,  J.P. Morgan Chase & Co. reported that the data breach, which we reported to you about when it was first discovered during the summer, was much larger than initially thought.  At the time, J.P. Morgan believed that only a million accounts were compromised, but now, J.P. Morgan is indicated that information on 76 million households and 7 million small businesses was stolen by hackers thought to be from Russia or another Eastern European country.  According to the SEC filing, J.P. Morgan says that the information stolen included names, addresses, phone numbers and email addresses.  At this time J.P. Morgan is saying that they are not aware of fraudulent activities tied to the data breach and that no account numbers, passwords, user IDs or Social Security numbers were stolen.  The data breach apparently began in June and went on until discovered in mid August, which is especially troubling because it provided time for the hackers to cover their tracks for what may have been their true goal.  The hackers did manage to gain access to the entire list of applications and programs used by J.P. Morgan Chase on its computers which could then be evaluated by the hackers for inevitable vulnerabilities that could be exploited at a later time.  Obviously J.P. Morgan is busy trying to protect against this threat.

TIPS

For customers of J.P. Morgan Chase, now is not the time to run and hide nor take your money out of the bank.  In fact, at the time that the FBI began its initial investigation of this data breach during the summer, it indicated that it was looking into possible data breaches of as many as four other banks as well.  It may well be that we are not yet aware of the breaches that occurred and may still be going on in other banks.  You can expect either the hackers, people who the hackers sell the information they gathered and even totally independent identity thieves to start contacting people through emails, text messages and phone calls purporting to be from J.P. Morgan Chase.  In these contacts, they will attempt to lure unsuspecting victims into providing personal information under various guises or clicking on links to obtain what may appear to be important information.  However, if you provide that personal information all you will do is end up a victim of identity thief.  If you click on the links in emails or text messages appearing to be from J.P. Morgan you may well end up downloading keystroke logging malware that will steal all of the information from your computer that will be used to make you a victim of identity theft.  Trust me, you can’t trust anyone.  Even if your Caller ID appears to show that the call you receive is form J. P. Morgan Chase, scammers are able to make their calls appear to be from J.P. Morgan Chase through a tactic called spoofing.  The best course of action if you receive any purported communication from the bank is to not respond directly, but instead contact the bank independently on your own to find out what the truth is.

This also may be a good time to consider putting a credit freeze on your credit report so that even if someone manages to obtain your Social Security number and other personal information, they will be unable to access your credit report and run up large debt in your name.  A separate credit freeze needs to be established at each of the three major credit reporting agencies to be effective.  Here are the links to the pages at Experian, TransUnion and Equifax where you can put a credit freeze on your report and get some peace of mind.

TransUnion http://www.transunion.com/personal-credit/credit-disputes/credit-freezes.page

Equifax https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

Experian https://www.experian.com/freeze/center.html

Scam of the day – September 29, 2014 – Child identity theft

September 28, 2014 Posted by Steven Weisman, Esq.

Last week, Florida became the latest state to enact a law to help combat identity theft of children’s identities.  The new law has the clever acronym of KIDS, which stands for the Keeping ID Safe act.  Under this law, parents of minors are able to open a file with each of the major credit reporting agencies, Equifax, TransUnion, and Experian and then immediately freeze the accounts so that even if an identity thief managed to obtain the child’s Social Security number and other personal information, the identity thief would not be able to access the credit report for purposes of running up large debts using the credit of the child, who generally does not become aware that his or her identity has been stolen until he or she reaches older teen years when he or she might first apply for a car loan or financial aid for college.  Identity theft of children’s identities is a huge national problem.  According to a study by the Carnegie Mellon CyLab, children are more than 51 times more likely to become a victim of identity theft than adults.

TIPS

If you live in one of the states that has a law such as Florida’s, take advantage of the law, set up a credit report for your children and immediately freeze the account. And while you are at it, you should also freeze your own credit reports as your best precaution against identity theft.  If your state does not have such a law, let your state legislators know that you want them to pass such a law.  I am proposing such a law in my own home state.  As much as possible try to limit the places that have your child’s Social Security number and become familiar with the Family Educational Rights Privacy Act which helps you protect the privacy of your child’s school records and lets you opt out of information sharing by the school with third parties.  Finally, the security company AllClear ID (www.allclearid.com) provides a free service called ChildScan which not only searches credit records tied to your child’s Social Security number, but also checks employment records, criminal records and medical records to recognize at an early stage if your child has become a victim of identity theft.