Medical Identity Theft can be deadly

/in , , /by

Every time you have a medical procedure done, including routine checkups and treatment for minor issues, paperwork is generated. You should have copies of every single paper. This is one line of defense against medical identity theft.

Review your paperwork thoroughly for unauthorized or duplicate charges, mistakes with diagnoses, dates, names, anything that looks odd. Signs of medical identity theft include:

  • Being billed for treatment or diagnostics you never received.
  • Being told you’ve maxed out your coverage limit when you haven’t.
  • A collection agency claiming you owe a debt that you don’t owe.
  • Being denied coverage for a “pre-existing” condition that you don’t have.
  • Paperwork showing you saw a doctor you never did or were prescribed a drug you never were is a red flag.
  • An e-mail from your provider that requests you reveal sensitive information like your Medicare number is a big red flag. The subject line may be urgent, such as “Your Medical Coverage May Be Terminated.” Never click links inside these e-mails or fill out forms in them; instead contact your provider via phone. However, e-mails like these are scams; the thief knows if he sends 50,000 such e-mails out with his special software, a predictable percentage of recipients will “see” themselves in the message.
  • A one-ring phone call may be a thief who just obtained your medical records to see if your number is legitimate. Never call back.

Be Vigilant

  • If you suspect medical identity theft, keep strict records of all associated correspondence.
  • Immediately obtain all records if you already haven’t, including the “accounting of disclosures”; you have this legal right, even if you get flack from the provider. Contact the provider’s patient representative or ombudsman for assistance.
  • If you spot mistakes, even small, insist they be corrected.

Nevertheless, it’s usually not easy to detect medical ID theft. So let’s look at this in more detail:

  • If a collection agency contacts you, request they provide information immediately; promptly contact your provider and carrier.
  • Examine your credit report to see if it’s plummeted due to unpaid medical bills. The three major credit reporting agencies issue the reports free.
  • If your provider offers online access to your files, sign up for this service, then inspect it for mistakes.
  • Request records of imaging procedures.
  • If no online access is available, have your doctor read the results or send a snail mail copy.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

The World’s First Biometric Password Lockdown App is here

/in , /by

It’s about time: a biometric for your smartphone that will change the way you think about biometric security.

bioThis revolutionary biometric comes from Biometric Signature ID and it’s called BioTect-ID, and though it’s a biometric, it does not involve any so-called invasiveness of collecting body part information. The world’s first biometric password involves multi-factor authentication and just your finger—but not prints!

All you need to make this technology work to lock down your mobile device is a four-character password. But you can also draw a symbol like a star, leaf, a shining sun or smiley face as your password.

So suppose your password is PTy5 or a star. And suppose the wrong person learns this. In order for that person to get into your locked phone, they will have to literally move their finger exactly as you did to draw the “PTy5” or the star. This will be impossible.

BioTect-ID’s technology captures your finger’s movements, its gestures, and this biometric can’t be stolen or replicated.

BioTect-ID doesn’t stop there, however. The finger gesture biometric is only one component of the overall security. You’ve probably heard of “two-factor” authentication. This is when, in addition to typing in your password or answering a security question, you receive a text, phone call or e-mail showing a one-time numerical security code. You use that code to gain access. But this system can be circumvented by hackers.

And the traditional biometrics such as fingerprints and voice recognition can actually be stolen and copied. So if, say, your fingerprint is obtained and replicated by a cyber thief…how do you replace that? A different finger? What if eventually, the prints of all fingers are stolen? Then what? Or how do you replace your voice or face biometrics?

Biometrics are strong security because they work. But they have that downside. It’s pretty scary.

BioTect-ID solves this problem because you can replace your password with a new password, providing a new finger gesture to capture, courtesy of the patented software BioSig-ID™. Your finger movement, when drawing the password, involves:

  • Speed
  • Direction
  • Height
  • Length
  • Width
  • And more, including if you write your password backwards or outside the gridlines.

Encryption software stores these unique-to-you features.

Now, you might be wondering how the user can replicate their own drawing on subsequent password entries. The user does not need to struggle to replicate the exact appearance of the password, such as the loop on the capital L. Dynamic biometrics captures the user’s movement pattern.

So even though the loop in the L on the next password entry is a bit smaller or longer than the preceding one, the movement or gesture will match up with the one used during the enrollment. Thus, if a crook seemingly duplicates your L loop and other characters as far as appearance, his gestures will not match yours—and he won’t be able to unlock the phone.

In fact, the Tolly Group ran a test. Subjects were given the passwords. None of the 10,000 login attempts replicated the original user’s finger movements. Just because two passwords look drawn the same doesn’t mean they were created with identical finger gestures. Your unique gesture comes automatically without thinking—kind of like the way you walk or talk. The Tolly test’s accuracy was 99.97 percent.

Now doesn’t this all sound much more appealing than the possibility that some POS out there will steal your palm print—something you cannot replace?

Let’s get BioTect-ID’s technology out there so everyone knows about this groundbreaking advance in security. Here is what you’ll achieve:

  • You’ll be the first to benefit from this hack-proof technology
  • You’ll have peace of mind like you’ve never had before
  • Eliminated possible exposure of your body parts data kept in files

You can actually receive early edition copies of the app for reduced prices and get insider information if you become a backer on Kickstarter for a couple of bucks. Go to www.biosig-id.com to do this.

Facebook Photos bust Bank Robber

/in , , , /by

Do these bank robbers have bricks for brains? They actually posted photos of themselves with wads of the stolen cash on Facebook, says a story on thesmokinggun.com.

The alleged bank robers are John Mogan, 28 and Ashley Duboe, 24, and they’ve been charged with robbing a bank in Ohio. Mogan has already served time for a previous bank robbery conviction and was out on parole.

It all started when Mogan apparently sauntered into the bank and demanded money with a note. It’s not clear from the article whether or not Mogan brandished a weapon. At any rate, the teller handed over the money.

A video camera shows a thief in a hoodie exiting the bank with cash in his hands. Mogan has a distinct appearance in that both cheeks are tattooed.

Authorities believe that Duboe covered up the facial (and neck) tattoos with makeup prior to the robbery. Four days later, both geniuses posted their images to the Facebook page that they share, with Mogan pretending to bite into a thick wad of bills—which he refers to as a “McStack.” In another incriminating image, Mogan is pretending that the wad of cash is a phone.

A relative spotted the images, and from that point, things went sour for these Bonnie and Clyde wannabes. Both are currently behind bars, and the bond has been set at $250,000. Let’s see Mogan try to make a “McStack” with that amount and put his mouth around it.

Not surprisingly, neither of these two look too smug in their mug shots.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Best practices for BYOD data storage

/in , , /by

The Bring Your Own Device (BYOD) movement has in some ways saved companies money, but in other ways put customer data at risk. Employees are onsite, telecommuting or traveling on business. This means their devices, and company data could be anywhere at any given moment.

7WA company manager or owner realizes that company use of employee mobile devices brings benefits. But employees also use the devices for personal activities, increasing the risk of hackers getting into company data.

The solution is to train these employees in BYOD, information security and awareness. They must be aware of how risky a data breach is, how to secure data, especially if the device is loaded with company data. An overlooked part of that training is knowing how to deal with old data, back up that data and in some cases, delete it.

Data lives in 3 forms: stored on a local device, backed up in the cloud and deleted. Over time, old data begins to accumulate on devices and that can cause problems.

Here are some key considerations and best practices for dealing with the BYOD phenomenon at your business:

  • Ask yourself when old data no longer needed? Data should have expiration dates set up to indicate this.
  • Businesses should realize that “useless” or “old” data may surprisingly be needed sooner or later. This data can be stored offsite, in the cloud, so that if the device is hacked, at least the old data (which may contain valuable information to the hacker) won’t be accessible.
  • Setting up cloud storage that automatically backs up data will ensure that if a device is lost or stolen, the data is still available. Every bit of data, even if it’s seemingly useless, should be backed up.
  • How do you truly delete data? Don’t think for a second you’ll achieve this by hitting the delete button. In many cases, a hacker could still find it and obtain it from the hard drive. What you can’t see is not invisible to a skilled hacker.
  • Want to just get rid of old data altogether? You must destroy the hard drive. This means put it on the ground and hit with a sledgehammer. Then recycle the guts. Or you can professionally shred it.
  • Deploy Mobile Device Management (MDM) software that gives companies the ability to remotely manage devices. Tasks might include locating, locking or wiping a lost or stolen device. MDM can also be used to update software and delete or back up data.

The planning and prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and the tricks that cyber thieves use.

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite Personal plans. See him discussing identity theft prevention. Disclosures.

Do you know what your Kids are doing online?

/in , , /by

Your child is active online. Did it ever occur to you that he or she uses a fake name so that they can’t be identified by you? Chances are, you, the parent, also uses a pseudonym. It’s very common.

12DCyberspace is full of obvious pseudonyms, but a phony name can also be a regular name that many people have. Your child will be lost in a sea of David Johnsons or Amanda Millers.

Intel Security did a study and found that 40 percent of kids use aliases or alternate accounts. Intel Security also found:

  • Many kids fessed up to cyberbullying, including making threats.
  • Far fewer parents in the survey, however, believed their kids were capable of cyberbullying.
  • Over 25 percent of the kids admitted they’d meet someone in person after first meeting them online.

Wayne State also conducted a study:

  • Over 50 percent of juvenile respondents admitted to tracking or stalking a romance partner or harassing/bullying them.

Parents really need to monitor their kids’ cyber lives. However, there are obstacles facing parents such as being intimidated by technology and feeling awkward requesting their kids’ passwords.

However, parental involvement, such as knowing the passwords, correlates to lower incidents of cyberbullying. So contrary to myth, parents are not overstepping boundaries by monitoring their kids’ online habits—within reason, of course.

But parents need to do more than just cyber-hover. Kids need to learn from the inside out how to cyber-behave in a smart, safe way. They need to learn how to think for themselves and understand how predators prey on kids. If they’re old enough to use social media, they’re old enough to be told all the dirt on what kinds of creeps are out there.

Parents must ask themselves, “Is my child’s life so empty that they can easily be lured by an online predator to meet him in a secluded place?” Or how about, “Why is my kid obsessed with adding friends? He already has over 3,000 and that’s not enough.”

Computers and social media, in and of themselves, do not turn kids wayward, into bullies or into victims. Predisposing family dynamics are already present, and they simply manifest themselves online. For example, a teenager who spends six hours a day creating fake Facebook accounts, stealing photos off of blogs, then adding these phony accounts as friends to her actual Facebook account, has pre-existing psychological issues.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Eight security tips for travelers with laptop

/in , , , /by

These days, who doesn’t travel with their laptop? But commonality doesn’t make it inherently safe for your sensitive information that’s stored in the device. In fact, traveling with your laptop is inherently unsecure.

1DWhether you’re traveling for business or to visit family this holiday season, here are some ways to protect your laptop and your personal data:

  • Get a cable lock for your laptop. It’s a great way to deter a potential thief, especially if there are lots of people around.
  • Register with an anti-theft service to track your laptop should it get stolen or “lost.”
  • Carry your laptop in a bag that’s made specifically for these devices. If it’s awkward for you to carry a suitcase in one hand while the laptop bag is slung over the opposite shoulder, consider packing the laptop with lots of tight padding in your suitcase. (But only if the suitcase will be a carry-on that you’ll be gently handling.) This way it’ll be invisible to thieves.
  • If you go with the special laptop bag, don’t leave it unattended while you make a trip to the bathroom or food court. The same goes for a carry-on suitcase. Either belonging should be with you at all times.
  • Whenever you leave your hotel room, hang the “Do Not Disturb” sign. You never know what hotel employee would be tempted to get into your laptop should they enter your room upon thinking nobody’s in it.
  • Never let a stranger use your laptop, even if that stranger looks innocent. The need to protect your sensitive data is more important than the feelings of a stranger.
  • And back up your data—before the trip. Cloud backup such as Carbonite will update your data based on custom settings as frequently as you require.
  • If you absolutely must conduct personal or sensitive online transactions on a public Wi-Fi, use a virtual private network (VPN), as this will scramble your transaction and make it worthless to hackers snooping data streams. One of these snoopers could be sitting in the same coffee house or hotel lobby as you are. Or, they can be a thousand miles away.

Robert Siciliano is a personal privacy, security and identity theft expert to Carbonite discussing identity theft prevention. Disclosures.

Infrastructures under attack

/in , , /by

It’s been stated more than once that WWIII will most likely be cyber-based, such as dismantling a country’s entire infrastructure via cyber weapons. And don’t think for a moment this doesn’t mean murdering people.

4DA report at bits.blogs.nytimes.com notes that foreign hackers have cracked into the U.S. Department of Energy’s networks 150 times; they’ve stolen blueprints and source code to our power grid as well. Some say they have the capability to shut down the U.S.

The bits.blogs.nytimes.com article goes on to say that cyber warfare could result in death by the masses, e.g., water supply contamination of major cities, crashing airplanes by hacking into air traffic control systems, and derailing passenger trains. So it’s no longer who has the most nuclear missiles.

The list of successful hacks is endless, including that of a thousand energy companies in North America and Europe and numerous gas pipeline companies. The U.S.’s biggest threats come from Russia and China.

So why haven’t they shut down our grid and blown up furnaces at hundreds of energy companies? Maybe because they don’t have the ability just yet or maybe because they don’t want to awaken a sleeping giant. To put it less ominously, they don’t want to rock the boat of diplomatic and business relations with the U.S.

Well then, what about other nations who hate the U.S. so much that there’s no boat to be rocked in the first place? The skills to pull off a power grid deactivation or air traffic control infiltration by enemies such as Iran or Islamic militants are several years off.

On the other hand, such enemies don’t have much to lose by attacking, and this is worrisome. It is these groups we must worry about. They’re behind alright, but they’re trying hard to catch up to Russia and China. For now, we can breathe easy, but there’s enough going on to get the attention of Homeland Security and other government entities.

Recent attacks show that these bad guys in foreign lands are getting better at causing mayhem. At the same time, the U.S.’s cyber security isn’t anything to brag about, being that very recently, some white hat hackers had tested out the defenses of the Snohomish County Public Utility District in Washington State. They infiltrated it within 22 minutes.

Another weak point in our defenses is the component of pinning down the source of major hacking incidents. So if WWIII becomes real, the U.S. won’t necessarily know where the attack came from.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

How to avoid Online Fundraising Scams

/in , /by

You’ve probably heard of the gofundme.com site, where all sorts of stories are posted of people seeking donations. Some are tragic, others are trite. You may be touched by a particular story, perhaps one in which an entire family is killed in a house fire.

9DYou click the “Donate Now” button and donate $50. So just how do you know that family who died in the fire really existed?

Gofundme.com and similar sites are loaded with “campaigns,” just tons of them. Think of the logistics involved if these sites hired people to verify every campaign. This would require enormous amounts of time and a lot of people and expense.

People don’t think. They just assume every campaign is for real. Do you realize how easy it is to start a campaign? Gofundme.com, for instance, only requires that you have a Facebook account with a valid-looking profile picture of the campaign starter, and at least 10 Facebook friends (last I checked, anyways).

  • Who at Gofundme.com and similar sites verifies that the profile picture is that of the campaign starter?
  • Who at these sites verifies that the “friends” are legitimate, vs. all phony accounts or “friends” purchased from seedy overseas companies that create fake profiles?
  • Even if the avatar and friends are for real, how do these crowdfunding sites confirm the authenticity of the campaigns?

It’s all based on the honor system. You take their word for it, though some campaigns are high profile cases. People have given money to fake campaigns. How can you prevent getting conned?

  • Check the news to see if the campaign story really happened. But a house fire in a small town doesn’t always hit the Internet. Nor is it newsworthy that some housewife is trying to raise money to buy her disabled son a set of golf clubs. So stay with campaign stories that you know have occurred.
  • But again, a scammer could take a real story, pretend to know a victim and scam donators. So see if there’s a legitimate pathway to donate to the real people involved in the story, such as through their local police department.
  • Stick to reputable charity sites. Offline, never give money solicited over the phone.
  • Be leery of charity solicitations for very high profile cases, as these attract scammers.
  • If donations are solicited by snail mail, check the Better Business Bureau. Any scammer could create a legitimate sounding name: “American Association for Autistic Children.”

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

LinkedIn targeted by Scammers

/in , /by

LinkedIn is a free service that allows professional people to network with each other. Often, a LinkedIn member will receive an e-mail from another LinkedIn member “inviting” them to join their network. Sometimes, the inviter is someone the recipient doesn’t know, but the recipient will link up anyways. And that’s the problem.

14DA report at www.secureworks.com says that Dell SecureWorks Counter Threat Unit™ (CTU) researchers discovered 25 phony LinkedIn profiles.

With this particular phony network (called TG-2889), most of the intended victims live in the Middle East. The profiles are convincing, including some having over 500 connections.

Signs of Fraudulence

  • Profile photos appear on other, unrelated sites.
  • Duplicate summary profiles, some duplicated from other sites.
  • “Supporter persona” profiles use same basic template and have other similarities.

Using phony profiles, the scammers aim to lure legitimate LinkedIn users into giving up personal information that the “threat actors” can then use either against them (like getting into their bank account) or scamming their associated company out of money.

Or, as evidenced by that one-fourth of the targets work in telecommunications, the scammers may be planning on stealing data from telecommunications companies.

TG-2889 is doing a pretty good job of maintaining the fake profiles, as they regularly make revisions, continues the secureworks.com report. This suggests that a new campaign is planned, perhaps one targeting the aerospace industry, since at least one fake profile mentions Northrup Grumman.

It’s also likely that some TG-2889 profiles have not been identified, and let’s also assume that LinkedIn is tainted with even more bogus profiles from other threat actors.

For Legitimate LinkedIn Users

  • If you suspect a profile is fake, cyber-run for the hills.
  • Link up with profiles of only people you know.
  • Be leery of interacting with members you don’t know even if they appear to be part of the network of someone you do know.
  • If you get a job offer through LinkedIn, don’t respond via that conduit. Instead contact directly the employer for verification.
  • For employers: Have you instructed your employees in proper use of the LinkedIn system? Are you sure they are not abusing it (either intentionally or non-intentionally), which could put your company at risk?

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Burglars Use Social to target Victims

/in , , /by

So you think it’s really a far-out left-field idea: a burglar studying Facebook and other social media to select homes to rob. Well think again.

14DA survey, conducted by home security expert Friedland, found:

  • 78 percent of burglars use social media to select targets.
  • 74 percent touted the virtues of Google Street View.
  • 54 percent pointed out how risky it is for social media users to reveal their whereabouts and status.
  • 80 percent said a home alarm system would scare them away.

So with everyone and his brother on social media, why wouldn’t burglars also jump on this bandwagon?

Why Burglars Love Social Media

  • People share every detail of their vacation—while on vacation. If there’s a photo of you sipping a margarita in Cancun, a burglar knows he has plenty of time to break into your house. Can’t you wait till you’re home to post all the photos?
  • Apps may have location-sharing features. Find out if yours do and review the privacy features. Did you know that these features can synchronize with other social media and reveal your whereabouts to strangers?
  • Do you know just who can see what you post on Facebook? Check the privacy settings and make sure you understand just who can see your posts.
  • Applications on your phone may be using your GPS without your knowledge. If you have an Android, go to Settings, then Location Services, then turn off the GPS. For the iPhone go to Settings, Privacy, Location Services and System Services. Turn on Status Bar to see which apps know your every move. For the Windows phone go to Settings, then Location.
  • Did you know that a photo is worth a thousand words when posted online? Words that burglars love, too. Crooks could extract “EXIF” data from photos that reveal where and when they were taken—including your home address. Though Facebook strips out this data, many sites don’t. EXIF data can be removed.
  • In theory, a burglar can do a reverse image search and learn too much about you. He may do a search on one of your images to learn everywhere else it appears in cyberspace, leading to your social media accounts and hence, username/s. If your username is your actual name, and it’s not too common like Patricia Adams, and your social media accounts reveal your city, he can find your address via a people-search directory.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.