Posts Tagged: ‘credit freeze’

Scam of the day – October 5, 2014 – More banks hacked by suspected hackers of J.P. Morgan Chase

October 4, 2014 Posted by Steven Weisman, Esq.

With news of the massive data breach at J.P. Morgan Chase in which names, addresses, phone numbers and email addresses of 76 million households and 7 million small businesses were stolen by what appears to be Russian hackers who may or may not be affiliated with the Russian government dominating the news, it seems perfectly appropriate to wish you a happy National Cybersecurity Awareness month.  As frightening as the spectre of a major American bank being vulnerable to vulnerable to such a massive data breach, you may remember that when the story broke last August of the possible data breach at J.P. Morgan Chase, reports were that there were as many as four other banks that had similarly been hacked.  Now, according to a report in the New York Times, that number is actually risen to nine other major financial institutions that may have suffered data breaches at the hands of the same hackers.  Therefore even if you are not a customer of J.P. Morgan Chase, you should be extra vigilant in regard to all of your financial accounts.

TIPS

Now is the time to implement a eight step approach to protecting yourself from identity theft and data breaches.  The first step is to change your password regularly, such as every six months.  A good password has a mixture of capital letters, small letters, symbols and digits.  Don’t use any word in the dictionary because hackers have computer programs that can guess your password. Instead use a phrase, such as IHate2UsePasswords!!.  This is a very secure password.  You should also have a separate and distinct password for each of your accounts, but you can merely adapt this basic password by adding a couple of distinguishing letters for each account.  For example, you could make this your Amazon password by adding the letters “Am” at the end of your basic password so it reads IHate2UsePasswords!!Am.  This is easy to remember.

You should also use dual factor authentication on your accounts when available.  Dual factor identification provides you with an extra level of security by which more than a password is necessary to gain access to your account.  Generally, when you log in through your password to an account a code is then sent to your smartphone which you then must input in order to access your account.

You also should change the answer to your security question to something completely nonsensical.  Answering a security question is required if you forget your password or if you want to change your password.  Unfortunately the answers to common security questions, such as your mother’s maiden name can be found with a little effort by an identity thief in the many places on the Internet that store personal information.  So instead of the answer to your mother’s maiden name being “Jones,” change it to “Grapefruit.”  No identity thief will find it or guess it and it is silly enough for you to remember.

Don’t click on links or download attachments in any email, text message or social media posting unless you have absolutely confirmed that it is legitimate.  Identity thieves and hackers lure people into clicking on links in such communications that results in the victims downloading keystroke logging malware that can steal all of the information from your computer.

Don’t provide personal information over the phone to anyone whom you have not called.  You can never be sure if the person calling you is legitimate regardless of how compelling the reason he or she gives for you to provide personal information.  Don’t rely on your Caller ID because through a technique called “spoofing” an identity thief can make it appear that his or her call is from the IRS, your bank or some other legitimate entity.  If you think the call may be legitimate, hang up and call the company or agency at a number that you know is real, not the number the caller gives you.

Review all of your accounts regularly and carefully to note the smallest charge that should not be there.  Sometimes identity thieves will put regular reoccurring charges on your credit card or phone bill in the hope that you will not bother to look further into it because the charge is so small.  The earlier you catch identity theft, the easier it is to deal with.

Check your credit report from each of the three major credit reporting agencies every year for evidence of fraud or even mistakes that need to be corrected.  Here is the link to the only official place to get your free credit report https://www.annualcreditreport.com/index.action

Put a credit freeze on your credit report so that even if an identity thief obtains your Social Security number, he or she cannot gain access to your credit report.  Yesterday’s Scam of the day contains the links to the credit reporting agencies to use to freeze your credit.

Scam of the day – October 4, 2014 – J.P. Morgan update and credit freeze information

October 4, 2014 Posted by Steven Weisman, Esq.

Last Thursday, in a required SEC filing,  J.P. Morgan Chase & Co. reported that the data breach, which we reported to you about when it was first discovered during the summer, was much larger than initially thought.  At the time, J.P. Morgan believed that only a million accounts were compromised, but now, J.P. Morgan is indicated that information on 76 million households and 7 million small businesses was stolen by hackers thought to be from Russia or another Eastern European country.  According to the SEC filing, J.P. Morgan says that the information stolen included names, addresses, phone numbers and email addresses.  At this time J.P. Morgan is saying that they are not aware of fraudulent activities tied to the data breach and that no account numbers, passwords, user IDs or Social Security numbers were stolen.  The data breach apparently began in June and went on until discovered in mid August, which is especially troubling because it provided time for the hackers to cover their tracks for what may have been their true goal.  The hackers did manage to gain access to the entire list of applications and programs used by J.P. Morgan Chase on its computers which could then be evaluated by the hackers for inevitable vulnerabilities that could be exploited at a later time.  Obviously J.P. Morgan is busy trying to protect against this threat.

TIPS

For customers of J.P. Morgan Chase, now is not the time to run and hide nor take your money out of the bank.  In fact, at the time that the FBI began its initial investigation of this data breach during the summer, it indicated that it was looking into possible data breaches of as many as four other banks as well.  It may well be that we are not yet aware of the breaches that occurred and may still be going on in other banks.  You can expect either the hackers, people who the hackers sell the information they gathered and even totally independent identity thieves to start contacting people through emails, text messages and phone calls purporting to be from J.P. Morgan Chase.  In these contacts, they will attempt to lure unsuspecting victims into providing personal information under various guises or clicking on links to obtain what may appear to be important information.  However, if you provide that personal information all you will do is end up a victim of identity thief.  If you click on the links in emails or text messages appearing to be from J.P. Morgan you may well end up downloading keystroke logging malware that will steal all of the information from your computer that will be used to make you a victim of identity theft.  Trust me, you can’t trust anyone.  Even if your Caller ID appears to show that the call you receive is form J. P. Morgan Chase, scammers are able to make their calls appear to be from J.P. Morgan Chase through a tactic called spoofing.  The best course of action if you receive any purported communication from the bank is to not respond directly, but instead contact the bank independently on your own to find out what the truth is.

This also may be a good time to consider putting a credit freeze on your credit report so that even if someone manages to obtain your Social Security number and other personal information, they will be unable to access your credit report and run up large debt in your name.  A separate credit freeze needs to be established at each of the three major credit reporting agencies to be effective.  Here are the links to the pages at Experian, TransUnion and Equifax where you can put a credit freeze on your report and get some peace of mind.

TransUnion http://www.transunion.com/personal-credit/credit-disputes/credit-freezes.page

Equifax https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

Experian https://www.experian.com/freeze/center.html

Scam of the day – September 29, 2014 – Child identity theft

September 28, 2014 Posted by Steven Weisman, Esq.

Last week, Florida became the latest state to enact a law to help combat identity theft of children’s identities.  The new law has the clever acronym of KIDS, which stands for the Keeping ID Safe act.  Under this law, parents of minors are able to open a file with each of the major credit reporting agencies, Equifax, TransUnion, and Experian and then immediately freeze the accounts so that even if an identity thief managed to obtain the child’s Social Security number and other personal information, the identity thief would not be able to access the credit report for purposes of running up large debts using the credit of the child, who generally does not become aware that his or her identity has been stolen until he or she reaches older teen years when he or she might first apply for a car loan or financial aid for college.  Identity theft of children’s identities is a huge national problem.  According to a study by the Carnegie Mellon CyLab, children are more than 51 times more likely to become a victim of identity theft than adults.

TIPS

If you live in one of the states that has a law such as Florida’s, take advantage of the law, set up a credit report for your children and immediately freeze the account. And while you are at it, you should also freeze your own credit reports as your best precaution against identity theft.  If your state does not have such a law, let your state legislators know that you want them to pass such a law.  I am proposing such a law in my own home state.  As much as possible try to limit the places that have your child’s Social Security number and become familiar with the Family Educational Rights Privacy Act which helps you protect the privacy of your child’s school records and lets you opt out of information sharing by the school with third parties.  Finally, the security company AllClear ID (www.allclearid.com) provides a free service called ChildScan which not only searches credit records tied to your child’s Social Security number, but also checks employment records, criminal records and medical records to recognize at an early stage if your child has become a victim of identity theft.

Scam of the day – September 7, 2014 – HealthCare.gov hacked

September 6, 2014 Posted by Steven Weisman, Esq.

The health care industry in general is responsible for more data breaches than any other sector.  The lack of security throughout the health care industry including hospitals and other providers of health care is a huge problem that is only going to get worse as the computers of health care providers continue to be targeted and the personal data that they contain becomes harvested by hacking identity thieves.  From its inception security issues at HealthCare.gov, the website of the federal government’s health insurance marketplace created pursuant to the Affordable Care Act, commonly referred to as Obamacare have been a source of concern of mine and many other experts in cybersecurity.  Recently, it was disclosed that HealthCare.gov was indeed hacked although, according to government spokesmen no personal information of consumers in the 36 states that use HealthCare.gov was compromised.  However, this is of little consolation to the many people who use HealthCare.gov.

When HealthCare.gov was first launched last October, there were major security concerns about the website and the website was activated even before it met federal standards for security.  Everyone remembers the difficulties that were encountered in the initial use of HealthCare.gov, however, until now, the federal government had not reported any data breaches although Aaron Albright, a spokesman at the Centers of Medicare and Medicaid Services which operates HealthCare.gov admits that there are numerous security weaknesses within the system which could lead to hacking that could result in data breaches including weaknesses with the servers including the continued use of manufacturer’s default passwords which could be easily exploited.  In addition, servers have not been subject to regular security scans.

TIPS

Unfortunately, it is probably only a matter of time before HealthCare.gov is hacked by identity thieves who will steal personal information stored there.  If you have done business with HealthCare.gov, you should regularly monitor all of your financial accounts and you may wish to put a credit freeze on your credit report to prevent someone with access to your personal information from using your credit to make large purchases in your name.  You can find instructions as to how to put a credit freeze on your credit reports on the right hand side of this page.

Scam of the day – August 21, 2014 – Community Health Systems data breach update

August 20, 2014 Posted by Steven Weisman, Esq.

A couple of days ago I told you about the massive data breach at Community Health Systems a hospital chain with hospitals in 29 states.  This data breach, which was done by Chinese hackers resulted in personal data on 4.5 million patients of Community Health Systems being stolen.  The data included names, addresses, birth dates and Social Security numbers which puts the affected individuals in serious jeopardy of identity theft.  Community Health Systems is in the process of notifying the affected individuals and offering credit monitoring services.  Now however, Trusted Sec LLC, a security company is indicating that the hacking of Community Health Systems was accomplished by the first known exploitation of the Heartbleed security flaw.  Heartbleed is the name of the security flaw in the Open SSL encryption security technology discovered last April that is used by up to 2/3 of websites on the Internet.  Although the Heartbleed flaw was promptly patched, there was a period during which the users of this technology were left vulnerable and it appears that during this period was when the Chinese hackers managed to steal data from Community Health Systems.  It is not unusual for hackings and data breaches to remain undiscovered for significant periods of time.  This data breach may be the first major data breach connected to Community Health Systems, but it is most likely not going to be the last.

TIPS

It has been said that the price of liberty is eternal vigilance and that is also important in maintaining your own personal security.  People who did not change their passwords following the Heartbleed security flaw first being uncovered should take this as a wake up call to do so now.  You should also consider putting a credit freeze on your credit report.  You can find instructions as to how to do this in the “credit freeze” link on the right hand side of this page.  This will protect your credit from being accessed by someone who may otherwise have enough personal information of yours to access your credit report in an effort to use your credit.  Finally, you should monitor all of your financial accounts regularly for indications of fraudulent use.  Remember, you are only as safe as the places that hold your personal information and some of them have poor security.

Scam of the day – August 17, 2014 – Data breach at Supervalu stores

August 16, 2014 Posted by Steven Weisman, Esq.

The Supermarket chain Supervalu Inc. has disclosed that it has joined the growing list of major companies suffering a major data breach.  Although the breach apparently occurred between June 22nd and July 17th, it was only disclosed a few days ago.  Supervalu operates stores under a number of different names including Cub Foods, Hornbacher’s, Shop ‘n Save, Shoppers Food & Pharmacy and Farm Fresh.  In addition, the data breach also apparently affected stores that it sold in 2013, but still supplied the information technology services that were the Achilles heel in this data breaches.  Those stores go under the names Albertsons Acme (not necessarily the same one used by Wylie Coyote) Jewel-Osco, Shaw’s and Star Market.  All in all the data breach may have reached as many as 1,000 stores.  It has been confirmed that the breach which, as in the case of the Target data breach occurred at the point of sale card registers included account numbers, expiration dates and cardholder names.

TIPS

Supervalu has set up a call center for consumers to call for further information.  The number is 855-731-6018.  Additional information may also be obtained by going to Supervalu’s website, www.supervalu.com and go to the Consumer Security Advisory section where information can be obtained about complimentary consumer identify protection services.  Consumers who may have shopped at any of the affected stores should carefully monitor their credit card account for fraudulent use and if you used a debit card, you should strictly monitor your bank account for evidence of fraud.  Establishing a credit freeze at each of the three major credit reporting bureaus is also a good idea.  You can get information as to how to put a credit freeze on your credit report by going to the Credit Freeze section of Scamicide as listed on the right hand side of this page.  Finally, this should again be a lesson to consumers to not use debit cards for retail transactions.  The risk is too great.

Scam of the day – July 19, 2014 – Houston Astros hacked

July 19, 2014 Posted by Steven Weisman, Esq.

No company is safe from the danger of hacking including, as we recently learned Major League Baseball teams.  The Houston Astros were recently embarrassed to announce that their computers had been hacked by unknown hackers who released information about trade discussions involving the Astros and a number of other Major League Baseball teams including the Miami Marlins with which a trade for All-Star outfielder Giancarlo Stanton was discussed.  The hacking did not appear to be for any reason other than to expose and embarrass the management of the Astros, however that is of little consolation to employees of the Astros whose personal information can also be found in the Astros’ computers and which, if released could lead to identity theft.

TIPS

This is just another example that no entity including governmental agencies as well as private companies is safe from the danger of hacking.   A recent report by the State of New York indicated that in New York alone there were more than 900 data breaches that exposes personal and financial records of 7.3 million New Yorkers thus making them victims and potential victims of identity theft.  It is important to remember that you are only as safe as the place with the weakest security that holds your personal information so whenever possible do not provide your personal information, such as your Social Security number to everyone who asks for it.  Health care providers do not need your Social Security number although most request it.  Often the only reason that they want it is to make it easier to collect an unpaid bill from you.  The health care industry in general has done a poor job of protecting personal data from hackers.  The place to find a helping hand in protecting your data is at the end of your own arm.  Limit the places that have your personal information as best you can.  When companies request your Social Security number, offer them another identifier for example.  I recently did this with my eye doctor and the doctor agreed.  You may also want to place a credit freeze on your credit report so that even if your Social Security number and other personal information is stolen, the identity thief will not be able to access your credit report.  You can find information as to how to put a credit freeze on your credit report in the credit freeze section on the right hand side of this page.

Scam of the day – July 14, 2014 – Chinese hackers steal information from Federal Office of Personnel Management

July 14, 2014 Posted by Steven Weisman, Esq.

Hacking of American companies by Chinese hackers is not particularly startling as it is going on all of the time, however the federal government is now admitting that back in March Chinese hackers were able to hack into the data bases of the Office of Personnel Management and gain access to personal information on thousands of government workers.  What is particularly troublesome is that the Office of Personnel Management manages a program called e-QIP where federal employees who are seeking security clearances must provide much personal information including personal financial data.  It is not known what the purpose of the hacking was and whether or not it was government sanctioned or not.  What is known is that, just as the hacking into the computers of the United States Department of Energy last week, showed, government databases are just as vulnerable as those of private companies.

TIPS

So what does this mean to you?

First and foremost if you are someone whose information was maintained by the Office of Personnel Management you should be on heightened alert for identity theft.  You should check your credit report with each of the three major credit reporting agencies, Equifax, TransUnion and Experian.  You also would be wise to put a credit freeze on your credit reports at each of the three major credit bureaus to prevent someone with personal information about you from gaining access to your credit report and utilizing your credit.  You can find a detailed explanation of credit freezes along with instructions for getting one in the right hand column of the first page of Scamicide.  As for the rest of us, this is yet another lesson that you are only as safe from identity theft as the places with the weakest security that hold personal information about you.  Whenever possible limit the amount of personal information held by companies and governmental agencies with which you do business.  Also, do not leave your credit card number on file with any retailer with which you do business regularly.  It may be convenient to do so, but it increases your risk of identity theft if the company is hacked and your data is compromised.

Scam of the day – July 10, 2014 – Indiana passes law to protect children from identity theft

July 10, 2014 Posted by Steven Weisman, Esq.

Children have become a ripe target of identity thieves and with good reason.  Armed with a Social Security number of a child, an identity thief can establish credit in the name of the child, abuse that credit with little chance that the child or his or her parents will become aware of the identity theft until the child reaches an age where they may be applying for financial aid for college or applying for a car loan.  It is only then that the child and his or her family become aware that the child’s credit report has been corrupted which can create substantial problems for that child, not only in obtaining a loan, but in getting a job, insurance, renting an apartment, getting a loan or in the many other areas where a credit report is used.  For adults, credit reports can be frozen such that even if someone has that person’s Social Security number and other identifying information, the person’s credit report cannot be accessed and used for fraudulent purposes, however except in a handful of states, the credit reports of children cannot be frozen.  Now Indiana has joined this small number of states that permit the credit reports of children to be frozen.  If your state does not have such a law, you should lobby your legislators to pass such legislation.

TIPS

Freezing a credit report is one of the most effective ways to prevent identity theft.  Unlike costly credit monitoring, which is often offered for free to victims of a data breach by the company whose data has been stolen, a credit freeze can actually stop forms of identity theft.  Credit monitoring merely tells you after the fact that you have been a victim.  It offers the same protection as someone who has just been hit by a truck while crossing the street and someone comes over to the victim lying in the road and informs him or her that he or she has been just been hit by a truck.  For instructions as to how to put a credit freeze on your credit report, go to the archives of Scamicide at the top of this page and type in “credit freeze.”

Scam of the day – July 4, 2014 – Butler University data breach

July 5, 2014 Posted by Steven Weisman, Esq.

Butler University has become the latest school to disclose that their computers had been hacked and personal information including Social Security numbers of 163,000  students, faculty, staff, former students and even people who merely applied to the school was compromised. This is just the latest instance of a college or university being hacked.  It also is another breach in which the university still maintained personal information in its data banks on former students, and in this case, mere applicants although the university had absolutely no reason to maintain Social Security numbers for such people.  As I have told you many times previously, you are only as safe as the places with the weakest security that hold your personal information.

TIPS

If you have ever had any contact with Butler University I urge you to contact the school and not wait to be notified in order to learn if you were affected by this latest data breach.  The University’s assistance line is available Mondays through Fridays between 9:00 a.m. and 7:00 p.m.  The telephone number is 888-414-8021 and you should use the reference number 8867061014.   I also urge you to put a credit freeze on your credit report so that even if someone has access to your Social Security number, they will not be able to access credit in your name.  With so many places with weak security  holding personal information including Social Security numbers on all of us, I urge everyone to consider putting a credit freeze on your credit report.  You can find directions how to do it by going to the Scamicide archives.