Scam of the day – June 20, 2017 – Another cosmetic surgery clinic suffers data breach

On June 5th I reported to you about the data breach at a Lithuanian cosmetic surgery clinic and now we have learned about a similar, but significantly different data breach suffered by prominent Beverly Hills plastic surgeon  Dr. Zain Kadri whose patients include people from many states and four countries.

The data breach, which law enforcement says, affects approximately 15,000 people includes tremendous amounts of data, information and documents including before and after surgery photographs, patient records, credit card information and patient contact information.  It appears that Dr. Kadri’s practice was both electronically hacked and physically burgled by a person, who police say, was a former employee.

The patients victimized by this crime face blackmail, extortion and identity theft as a result of the data breach.

TIPS

Medical practices continue to be a prime target for identity thieves because they are often quite vulnerable to cyberattacks, but as this case apparently shows, data breaches can be done through old fashioned burglaries as well and it is important for all entities that store personal data to take steps to secure data both physically as well as electronically and to limit access to such information to only such employees as have a need to have access to the information.

Unfortunately, there is little that we as consumers and patients can do other than to limit the amount of personal information we provide, as best we can.  For example, your doctor does not need your Social Security number.  We should also inquire of anyone or any entity that retains our personal information about what they do to secure that information.

Scam of the day – June 8, 2017 – Steve Harvey’s new show hacked

In the last month I have told you about the hacking exploits of a group of hackers who call themselves thedarkoverlord.  In May, nine episodes of the popular Netflix original series, “Orange is the New Black” were posted by them on a publicly available file when their extortion attempt failed. They also claimed to have stolen the most recent  sequel in the successful Pirates of the Caribbean movie series, but this turned out to be a hoax. This type of extortion can only be expected to grow as hackers attack the weakest links in movie and television program development.  In the case of Orange is the New Black and other television shows, the weakest link was a post production studio, Larson Studios.

Now they have released eight episodes of what they say are stolen episodes of the new Steve Harvey show “Steve Harvey’s Funderdome” which will be premiering on ABC on June 11th.

TIPS

If a bootleg movie or television show is posted online I strongly urge you not to download it.  In addition to the morality and ethics of not participating and encouraging this type of crime, you also run the risk of downloading various types of malware including ransomware and keystroke logging malware that can lead to your becoming a victim of identity theft if you go to the rogue websites where you can find this material.

Scam of the day – June 5, 2017 – Hackers extort cosmetic surgery clinic

As I have warned people for years, your data is only as safe as the security at the places  with the weakest security holding your data.  Many times we have seen private information stolen and publicly released, as in the case of stolen nude photos, used for extortion purposes or sold to others on the Dark Web.

Cybercriminals recently hacked into the Grozio Chirurgija cosmetic surgery clinic in Lithuania and release 25,000 private photographs including nude photographs along with other personal information of patients of the clinic from more than sixty countries around the world. The hackers, who call themselves the “Tsar Team” contacted the clinic itself and individuals whose data had been stolen demanding bitcoin ransoms.  The clinic has refused to pay a ransom.

TIPS

In addition to doing the things we are constantly reminding people to do to protect themselves from data breaches, including, but not limited to the use of dual factor authentication, encryption and constantly updating security software, we should all be asking any company or entity that holds our personal information about what steps they are taking to protect that data and if their answers are not satisfactory, you should refrain from dealing with them.

Scam of the day – July11, 2016 – FBI warns about extortion tied to data breaches

Data breaches have become a modern fact of life as too many places that retain our personal data have been successfully targeted by hackers seeking information from which they can profit.  Often the information is credit card and debit card numbers that can quickly be used to make purchases for goods that are then sold on the black market to convert into cash.  Other times, it is personal information that allows the hacker to access our various online accounts including bank accounts or to use the information to set up new accounts that the cybercriminals can exploit.  None of these scenarios are good for the victims of these data breaches.  Sometimes the fault is with ourselves such as when we use easy to guess passwords or the same password for multiple accounts.  Other times the fault may be with the companies that hold your data that have not instituted proper security measures.

In any event, the FBI has recently noted that now cybercriminals are exploiting data breaches by threatening to  expose the victim’s personal information to others unless the targeted person agrees to pay a ransom in bitcoins which are an easy way to money launder criminal activity.  At the present time the ransoms range from approximately $250 to $1,200.  Here are some of the extortion emails presently being circulated.

“Unfortunately your data was leaked in a recent corporate hack and I now have your information. I have also used your user profile to find your social media accounts. Using this I can now message all of your friends and family members.”

“If you would like to prevent me from sharing this information with your friends and family members (and perhaps even your employers too) then you need to send the specified bitcoin payment to the following address.”

“If you think this amount is too high, consider how expensive a divorce lawyer is. If you are already divorced then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship then think about how this information may affect your social standing amongst family and friends.”

“We have access to your Facebook page as well. If you would like to prevent me from sharing this dirt with all of your friends, family members, and spouse, then you need to send exactly 5 bitcoins to the following address.”

“We have some bad news and good news for you. First, the bad news, we have prepared a letter to be mailed to the following address that details all of your activities including your profile information, your login activity, and credit card transactions. Now for the good news, You can easily stop this letter from being mailed by sending 2 bitcoins to the following address.”

Part of the problem is that sometimes, the cybercriminals are bluffing and merely are contacting people after a noteworthy data breach without actually having the information they claim to have.

TIPS

The best way to avoid this problem is to limit the places that hold your personal information as much as you can.  For instance, hospitals do not need to have your Social Security number.  Use complex and unique passwords for each of your accounts and use dual factor authentication whenever possible.  Also, do not store personal information or sensitive photos or videos on your smartphone.  You also may wish to consider limiting the amount of personal information you provide on your social media accounts that can be used against you by being leveraged to gain access to your various accounts or trick you into clicking on links in emails or text messages that may download keystroke logging malware on to your computer, smartphone or other electronic device.  You also should limit the use of your debit card to use as an ATM card because the rules regarding protection from unauthorized use of your credit card provide much more protection than the rules regarding protection from unauthorized use of your debit card.