by Brian Thompson | Aug 18, 2022 | General, Identity Theft
Schools across the nation are kicking off the new school year, and students are targeted for Identity Theft and Fraud schemes! Schemes that we never worried about in the early 2000s. Student life was simple, desktops were for papers, no smartphones, no social media, and socializing was actually in person!
That is not today’s reality
Now more than ever, devices, Social Media, and advanced schemes have increased the risk for students. Risks that now are more prevalent due to the majority of students having constant connectivity.
A significant increase in phony LinkedIn, Facebook, and other social media friend requests placing many students at risk coupled the daily inundation of information/misinformation has given cybercriminals an endless resource to implement their attacks.
It’s not just college kids though…
K-12 districts across the U.S. have become targets as well.
The worst-hit states include:
- New York with 89
- Texas with 79
- Illinois and Ohio each with 60
- Florida with 58
Overall, Colleges account for 74% of education data breaches.
Please see this dated but still relevant, July 14, 2020 article titled FBI warning-cybercrimes are up and school districts could be the target, for more information.
What students and parents can do to mitigate risk?
Students and Parents can mitigate exposure to cyber scams and identity theft in the following ways.
- The COVID-19 pandemic has new email phishing attacks that try to trick parents working and students studying remotely into giving away credentials for access to their employers’ and college/university networks. You need to stay vigilant and be careful with every email.
- A new voice phishing scam uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from again – both parents and students.
- Limit what you share online, use, and regularly change strong passwords on devices.
- Know your rights. “Student rights” under the Federal Educational Rights and Privacy Act (FERPA) protect the privacy of student records.
Online students are being targeted by Identity Theft criminals now more than ever. As these criminals continue to use student information to obtain employment, rent an apartment, open a utility, cell phone, or bank account, or access government benefits be ever aware of new and emerging scams.
by Brian Thompson | Aug 10, 2022 | Identity Theft
Some critics of social media say our addiction to apps and social media opens us up to privacy risk.
My question to app and social media users is when was the last time you read the terms and conditions? Further, when did you last adjust the privacy settings of your app or social media accounts?
While apps and social media offers convenience, entertainment, and networking opportunities – cyber thieves and ID theft criminals are leveraging social networks and apps to do their dirty work.
According to the second quarter 2022 Brand Phishing Report from Check Point Research, which “highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individuals’ personally identifiable information (PII) or payment credentials over the quarter,”
LinkedIn remains the most impersonated brand by phishing campaigns.
Brands to be aware of…
As most of you know, LinkedIn is a social media site and the world’s leading professional networking site. Hackers have imitated brands in business sectors such as social media (LinkedIn), technology (Microsoft), shipping/courier services (DHL) and online shopping (Amazon) and highlights the ongoing risks facing users of trusted business platforms.
I have listed below from the Check Point Research Brand Phishing Report the top ranked brands by their overall appearance in brand phishing attempts:
- LinkedIn (45%)
- Microsoft (13%)
- DHL (12%)
- Amazon (9%)
- Apple (3%)
- Adidas (2%)
- Google (1%)
- Netflix (1%)
- Adobe (1%)
- HSBC (1%)
Phishing scams of leading brands are effective because both we are more likely to click on a well-known name/brand.
But sometimes it’s more than just the hacker you have to worry about. Consumers and business executives need to know that apps and social media can track your search engine history, purchasing habits, geographical location, and even investigate your files and contact list – all without your knowledge and sometimes without your permission.
For example, when you install an app, most apps will require you to “accept” their terms and conditions – but did you read and really understand the type of information that is being collected and the kind of privacy threats you now are exposed to?
How bad can these “privacy threats” be? Just imagine an app vendor or third-party marketer collecting and selling your smartphone’s unique device ID, phone’s location, phone number, your age, gender, likes, dislikes, search-engine habits, e-mails, usernames and more to data brokers. And then imagine how these data brokers collect, analyze, and package your most sensitive personal information in a unique profile and sell it over and over again – without your knowledge.
Five tips to help you minimize your privacy risks:
- Limit and/or eliminate sharing your personal information online.
- Increase your privacy awareness by reviewing and adjusting your privacy settings.
- Be aware that some apps reset your privacy settings during major upgrades.
- Learn more on how your personal information is used and for what purposes.
- Consider using “privacy assistant or automation software” to help keep your privacy preferences current.
The fact is that cyber thieves and ID theft criminals love the trail we leave on social media. And Yes, social media opens us up to privacy risk but follow these tips and it will help.
Specific to receiving links of well-known brands on social media, my recommendation on receiving notifications from LinkedIn, Facebook or any other social media is to ignore the links or attachments. If a social media notification is legitimate, you will receive it again and then you can go to the social media network login page to retrieve it directly.
Related article:
by Brian Thompson | Aug 3, 2022 | General, Identity Theft
Thanks to the Internet, jobs that we used to have to do from the confines of an office can now be done at home. Even before COVID led many of us to work from home, millions of us already worked remotely. And that trend doesn’t seem like it will slow down any time soon. BUT home wifi isn’t safe from hackers.
There are good reasons for that, since remote work has many benefits for workers, as well as fewer overhead costs for employers. After a large chunk of the working population got a taste of working from home, many decided that they liked it.
However, working remotely has its own problems and challenges, especially in terms of network security. Your home network is probably not protected by the same rigorous cybersecurity protocols that corporate networks have access to. So, either the company or the employee needs to take steps to protect company data.
Can My Home Network Be Hacked?
Yes, your home network can absolutely be hacked. Our home wifi isn’t safe from hackers or as secure as our office environments. Also, if we are using our own laptops instead of work ones, we may not be using robust security to protect sensitive company information.
One common way hackers can get access to your home network is to guess the password. Routers often come with a default password that the manufacturer uses for all devices, and many times users don’t change this. A hacker only has to look up the default password associated with a particular router and can use it to gain access to all devices on the network.
In addition, hackers can also exploit security flaws in the router’s firmware. Since firmware is updated infrequently, hackers have all the time they need to discover and exploit security flaws before they’re fixed. According to a study by the American Consumer Institute (ACI), 83% of home WiFi routers are vulnerable to this kind of attack.
How Can I Protect My Home WiFi Network?
CNET recently published a great article which detailed ten things you can do to help protect your home network. These are a great starting point to learning exactly what needs to be done to keep company and personal data secure from unwanted eyes.
Place your router in a central location
One of the most important things is to place the router in the center of the home. Not only does this make the best quality connection, it also makes it harder for anyone outside your home to get a strong signal, and limits how far the signal can travel outside of your home.
Use a strong WiFi password and change it every six months
The best thing you can do to keep your WiFi network safe is to use a unique password that does not include any easily guessed passwords or phrases. This means no names, birthdays, phone numbers or other common information. And make sure to change this password at least once every six months.
Change the default router login credentials
You also want to make sure to keep anyone from accessing your router settings by changing the admin name and password for your router. These login credentials are separate from your WiFi password. You can access these by typing your router’s IP address in the URL bar of your browser.
Turn on your firewall and WiFi encryption
Your router has a firewall to prevent hacking, as well as encryption to keep anyone from stealing your data that’s being sent from your router to your connected devices. Check to make sure that both of these are enabled, and if they’re off for any reason, turn them back on.
Create a guest network
You probably trust the people you invite over to your house. But you should still consider creating a guest network for your visitors. Guests devices or anything they download on your network could be infected with malware or viruses targeting your network. This guest network is also great for all of your IoT devices. Devices such as your smart speakers or other appliances hooked up to your network. These devices are usually more easily hackable than a computer or phone.
Keep your router and devices up to date
While software updates may be annoying, it’s important to keep them up to date. Updates often include security updates and patches for exposed vulnerabilities. Making sure you install all the latest updates to your router and devices ensures that you reduce your exposure to these vulnerabilities and have the best protection you can get from hackers.
Disable remote router access
Your router usually has the ability for someone to remotely access the settings. There’s usually no need to do this, unless you plan on being away from home for some time. You can disable these in your router’s admin settings.
Verify connected devices
From time to time, look at the devices attached to your network to make sure you recognize them. If anything looks suspicious, disconnect it and change your network password.
Upgrade to a WPA3 router
All new routers have WPA3, the latest security protocol. So if you have a new router, you don’t have to worry about this. But if you have a router that was made before 2018, you might have a WPA2 device. If you do, be sure to upgrade your router.
Use a VPN
Probably the best way to protect your home network and your company’s data is to invest in a strong, reliable VPN.
Our RemoteWorkForceVPN not only protects remote employees when accessing information from the Internet, but it also provides secure access to company resources and databases. RemoteWorkForceVPN can also securely connect your company’s branches worldwide.
If their company does not provide a business VPN, remote employees can use Private WiFi – our consumer offering – to protect their home wifi from hackers.
As we enter the new world of working primarily from home, do everything you can to protect your home network. Follow these simple tips, because as you now know, home wifi isn’t safe from hackers.
Related articles:
I use a VPN whenever I work remotely
How WiFi Hacks Occur
by Brian Thompson | Jul 27, 2022 | General, Identity Theft
Parenting kids is hard enough, parenting kids with social media is another thing…
Without clear guidance from us as parents, and education on the consequences of oversharing, our kids can open themselves to damages we can’t even predict. This is an enormous challenge, but a challenge worth understanding and taking on.
Strong boundaries and education around social media are important as data thieves, and other criminals, don’t consider age a deterrent.
In fact, a child’s information has more value to an identity thief than an adult because they have clean credit files and typically a longer length of time before discovery, creating even more damage.
Helping our kids to understand what they are doing, what impacts their social media behavior has in the long term is more important than ever. If our job is to equip them to face this world without us, we have to ensure they are aware of the implications of their online activities.
Talk to your kids about how to avoid strangers. Have conversations about revealing too much about themselves and their family. Give them tips on social media safety and talk to them about things that could be a red flag. And encourage them to come to you when uncomfortable things happen or if they have any questions.
Tips for Kids and Parents
- Learn about social media platforms. Whichever app your child wants to be on, learn about it. Read the reviews, age restrictions, and the fine print.
- Get an account before your kids. Learn the app, make sure you know exactly what they can and cannot do.
- Teach your child about posting. Every post, comment, like, and share is part of your kid’s digital footprint. And deleting a post does not mean it is gone. Inappropriate posts may have an impact on their lives later. Posts may not seem like a big deal now but it could hurt them in the future. Most college admissions and employers are looking at social media accounts.
- Emphasize the importance of privacy. Many social media sites request information such as names, dates of birth, school names, and hometown. Teach them about how much information is too much information. The information exposed online can create exposure and vulnerability to Identity theft.
Let’s all commit to paying attention!
by Brian Thompson | Jul 20, 2022 | Breach, healthcare, Identity Theft
Do healthcare breaches and Medical ID Theft go hand in hand?
I first want to refer back to an article from about two years ago titled Telehealth Creates Creates Cyber Risks. In the article, I stated that “the COVID-19 pandemic has increased consumer risks through cyber scams and medical identity theft.”
Fast forward one year to August 4, 2021 article titled Healthcare Data Breaches Most-Common Threats to Date in 2021. The article states, “the healthcare sector is once again in the top position as the most breached economic sector” and “healthcare has been at or near the top of the (data breach) chart since at least 2017.”
And again this year, we have seen the trend continue. Hackers hit health companies, insurers with increasing regularity – Inside
But Why Medical Records?
A primary reason ID theft criminals and cyber thieves target healthcare providers is the Electronic Health Record or EHR. EHR is the collection of patient information into a digital record. EHRs significantly improve administrative efficiency and medical proficiency through shared networks and exchanges.
A typical EHR includes
- medical history,
- medications,
- allergies,
- immunizations,
- laboratory test results,
- and radiology images.
Your EHR also includes your
- billing information such as personal information (e.g. date of birth, home address, and Social Security Number),
- insurance information,
- and financial information (e.g. credit card number).
Unfortunately, ID theft criminals and cyber thieves are mostly interested in your personal, insurance, and billing information. For this fact alone, healthcare data breaches continue to be “in the top position as the most breached economic sector.”
Things to Think About
Every health insurance plan you have ever had has your and your family’s Social Security Number (SSN). Almost every healthcare provider (such as a doctor of medicine or osteopathy, podiatrist, dentist, chiropractor, clinical psychologist, optometrist, nurse practitioner, nurse-midwife, or clinical social worker) that you or a family member have been to has your Social Security Number.
So back to the title of this article – Do healthcare breaches and Medical ID Theft go hand in hand? – the answer is a resounding YES based on the Personal Health Information or PHI that is collected, stored, and transferred through your Electronic Health Record.
To make matters worse, this article titled Organization Wide PHI Access is Commonplace at Most Healthcare Orgs reported that “nearly 20 percent of (PHI) files were open to every employee at a given healthcare organization starting on their first day of employment, pointing to troubling data security issues and poor PHI access controls.”
Based on the fact that cyber thieves are stealing healthcare data and are finding new ways to monetize phishing (fraudulent emails), vishing (fraudulent phone calls and voice mail messages) and smishing (fraudulent text messages), consumers need to pay attention to data breach news in general and healthcare data breach news in particular.
To conclude, consumers can also reduce their risk of medical identity theft by safeguarding their health insurance cards, and regularly reviewing credit reports, medical benefit explanations, medical bills, and prescription bills.
