Tips To Avoid Medical Identity Theft

The recent issue of Consumer Reports provided valuable tips on Medical Identity Theft.  According to the Ponemon Institute, a private security research firm, an estimated 481,657 new cases of medical identity theft were reported between 2013 and 2014, an increase of almost 22 percent.

To lower your risk, here are a few tips:

(1) Get copies of your medical records and add new information each time you receive treatment.  If your records are corrupted by a thief, you’ll have proof they were altered.

(2) Check your medical records at least once annually.

(3) Read every explanation of benefits (EOB).  If you notice anything fishy, call about it right away.

(4) Be careful with your Social Security Numer and Insurance ID number.  Only share when absolutely necessary.

(5) Never share your health data or personal information over the phone or via email unless you’re sure who you are communicating with.

(6) Ask your healthcare providers how they safeguard your information.

For more on identity theft protection best practices please visit www.legalshred.com

Be Mindful of Back to School Scams

This week’s blog is adapted from a great resource we recommend–The Identity Theft Resource Center.  The days are getting shorter and Labor Day is 2 weeks away, so we turn our attention to the start of a new school year as a very busy time for both students and families and a perfect time for scammers to catch us off guard. With so much to do—registration forms, back to school supply shopping, even moving into a college dorm or apartment—it’s easy for something less than honest to slip in.

For younger students, one of the main culprits at this time of year is identity theft. Child identity theft has been rising steadily in the past few years because their credit scores are “clean slates,” and most parents never think to check their kids’ credit reports for signs of unusual activity. At the same time, everywhere you look, someone is requesting your child’s Social Security number, whether it’s a doctor’s office for a school checkup, a sports physical form for activities, or even the registration forms for the school itself.

No matter who is requesting your child’s personal identifiable information, you have to stop and ask yourself some key questions. Why do they need the SSN? How will they safeguard it, and who else can see it? How will it be stored so that no one in the school or doctor’s office can access it? If you don’t get solid information on those questions, think twice about handing it over.

Many of the back to school scams actually target older students, though, simply because they’re an easy target. College students who’ve left home for the first time might not be as prepared to spot a fraud attempt, and they have very specific needs now that they’re on their own. Scammers are prepared to act in a variety of ways, including:

  1. Work from home scams – College students are often broke, but with limited time on their hands and the demands of an academic schedule to shoulder, work from home opportunities might sound ideal. But most of these offers are not genuine. It’s that old “if it sounds too good to be true, it probably is”.
  1. Textbook rental scams – As sad as it is to say, there are people waiting to steal money from students who already don’t have much to spare. One prime example are textbook rental scams. These scams work because many schools and retailers do offer the option to pay to use your textbooks instead of buying them at full cost. Unfortunately, there are also scammers who set up fake websites or send out mailers, offering you every possible textbook but requiring a “registration fee,” money to secure the rental, or some other plausible fee.
  1. Online selling scams – Websites like eBay and Craig’s List are very helpful when it comes to buying or selling items that you no longer need. Unfortunately, there are a lot of scammers ready to cash in on the fact that college students might have a sudden need for an entire household of products: furniture, a bicycle to get around campus, a refrigerator for the dorm, and more.

Whenever you’re shopping through a legitimate used goods or direct-buy website or app, do your homework, be smart about your physical safety, and make sure you’re not being scammed. Never pay up front for the items or via money transfer, and only meet the seller in a public location; if in doubt about the offer, walk away.

No matter what time of year it is–the message is we need to stay on guard.

For more on identity theft protection, please visit www.legalshred.com

Defenses Against Smishing

This week’s blog is adapted from a recent blog posted by The Identity Theft Resource Center(ITRC).  The ITRC is a non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cyber security, scams/fraud and privacy issues.

Hackers and scammers are top innovators.  They are finding new ways to attach data every day.  With every new platform, software, or app that comes out, someone invariably finds a way to use it to their advantage. The end result can be a breach in your personal security and a loss of your identity.

But with every new form of attack—spoofing, phishing, hacking, and more—the public has to learn about the threat and learn how to protect themselves from it. That’s why staying on top of a new form of security threat is critical to protecting yourself.

There’s a new form of security danger out there, and this one specifically targets your smartphone. Smishing, as the attack is called, uses the hackers’ old favorite—phishing, or sending out emails that entice you to click a link that actually downloads malicious software—to install a Trojan or virus on your phone. As its name implies, smishing comes from “SMS phishing,” as SMS is the acronym that applies to text messages.

Obviously, a smishing attack goes after your device via text message, and it happens when you get a message from an unknown number that offers you some sort of incentive. It might be telling you about a free offer, a coupon, something wrong with your account, or even more likely, it might claim that “your friend” has sent you a game request or message. Unfortunately, the weblink in the text will install malicious software on your phone once you press it.

Unlike viruses of the “olden days” that sought to lock up your computer or disable your files, smishing attacks generally don’t even want you to know they’re there. They want to exist inside your device and continue to feed information back to the hacker, information like your contacts list, your email address book, and any passwords you enter for apps or accounts you use.

While there are antivirus apps available for smartphones, it can be difficult to completely remove malicious software from a smartphone once it’s infected. Depending on the virus, the only available option may be to reset the phone to its factory settings, which will remove all of your content out of the phone. By far, the better option is to avoid installing this type of threat in the first place. Just remember the rule that goes for emails and social media messages, and apply the same smart practice to your mobile device: never click a link that you weren’t expecting.

For more on best practices for identity theft protection, please visit www.hvshred.com

Financial Readiness in the Face of a Natural Disaster

A recent blog on the FTC’s Consumer Advocacy website reminds us not just to be mindful of protecting our confidential information from hackers, but also from being lost in the midst of a natural disaster. While home is where most people feel safe and comfortable- when a hurricane, flood, tornado, wildfire, or other disaster strikes — it’s safest to pack up and go to another location.

When it comes to preparing for situations like weather emergencies, financial readiness is as important as a flashlight with fully charged batteries. Leaving your home can be stressful, but knowing that your financial documents are up-to-date, in one place, and portable can make a big difference at a tense time.

Steps to take to ensure financial readiness in case of an emergency include:

Conduct a Household Inventory-

Make a list of emergency contacts including family members who live outside your area; copies of current prescriptions; health insurance cards; policy #s for insurance companies as well as contact information; copies of important documents including the deed to the house, birth certificates, social security cards, passports and the like. Make a list of phone numbers or email addresses of your creditors, financial institutions, landlords, and utility companies (sewer, water, gas, electric, telephone, cable) a list of bank, loan, credit card, mortgage, lease, debit and ATM, investment account numbers, SS cards and backups of financial data your keep on your computer; also a good idea to have an extra set of keys for your house, your car, and your safe deposit box, and a small amount of cash.

Consider renting a safe deposit box for originals of deeds, titles, and other ownership records for your home, cars, RVs, or boats credit, lease, and other financial and payment agreements birth certificates, naturalization papers, and Social Security cards marriage license/divorce papers and child custody papers passports and military papers (if you need these regularly, you could place the originals in your fireproof box and a copy in your safe deposit box). Also include investment papers and your living will and health proxy.

Choose an Out-of-Town Contact

Ask an out-of-town friend or relative to be the point of contact for your family, and make sure everyone in your family has the information. After some emergencies, it can be easier to make a long distance call than a local one.

Update Your Information

Review the contents of your household inventory, your fireproof box, safe deposit box, and the information for your out-of-town contact at least once a year.

For more on best practices for maintaining and protecting confidential information, please visit www.hvshred.com

Be Wary of Inside Hackers as much as Outside Hackers

This week’s blog is adapted from an article posted by Maggie Overfelt as a special to CNBC.com.  It reminds us that the small things matter.  When it comes to identity theft protection, we myst be vigilant at the individual and institutional level.
While systems are vulnerable and measures should be taken to secure systems from outside hackers, businesses must be wary of the inside hacker. Smart entities perform enterprise-wide risk assessments to find where their systems are most vulnerable and to spot aberrations in user behavior.

But sophisticated analytics does little to assuage situations where employees are using low-tech methods to capture information. Most systems will not handle the single bank employee just writing down on paper all the bank numbers they see that day — that’s difficult to track–and that is happening.

 Communication with employees in a position to turn rogue is key. A big deterrent in identity theft cases; if an employee feels like the company cares for them, they’re less likely to take advantage of the situation.

Experts recommend preventing the display of sensitive data in plain sight.  Company should institute a clean desk policy ensuring workers file away papers containing data before they leaver their desks, implement inactivity time outs for any tech devices, and switch to an e-faxing system which eliminates exposure of sensitive patient data on paper that’s pile up around traditional fax machines.

Experts also say that tougher penalties for and more prosecution of inside hackers would also be a disincentive for such crimes. On a general level, there can be practical barriers to pursuit of a criminal case, such as the victim company’s fear of embarrassment, reputational damage, or the perceived risk — real or not — that their trade secrets will be exposed in a court proceeding.

The Department of Justice and local authorities prosecute these cases all the time, despite what are seen as common barriers. The barriers are low when the actions are clearly wrong, such as a hospital employee stealing electronic medical records and selling them on the black market.

While the price tag for stolen information on the black market can translate to a lucrative sales career for some crooked employees, it’s a costly phenomenon for organizations once they have realized it has occurred, which is often during forensic examination of user devices after individuals left a company.

That’s usually too late to enact damage control. According to the Ponemon Institute, the average cost of a breach is $217 per record.

That’s just the hard costs, what you have to pay for notifying customers or any type of remediation services.  The bigger picture is the reputational damage that shows itself not just to the entity that suffers the damage, but to the industry.

Our efforts must be local and global–individual and system wide–it’s a lot of work–but it is an invaluable investment.

For more on identity theft best practices, please visit www.legalshred.com

Falling Prey to the Scammer Claiming to Help Recover from the Scam

The FTC’s Blog focusing on best practices for consumer’s to protect themselves from identity theft is a great resource.  This week’s blog is adapted from a recent post by Consumer Education Specialist Lisa Lake.

Even worse than losing money to a scammer is losing more money to another scammer claiming to help you recover from the first one.

Sadly, this really happens. It works like this: Con artists contact you because you’re on their lists of people who lost money to scams. For a “small fee” or “donation” upfront, they promise to recover the money you lost from a prize scheme, bogus product offer, or some other scam.

Sometimes, they try to get you to contact them by putting their offers of “help” in the comments section of blog posts or online articles about scams. Some crooks claim to be from a government agency to appear trustworthy. Others pretend to be actual victims who got (supposed) help from some (fake) agency or company.

But it’s all just a scam, too — another way for a scammer to profit from your loss. They’re after your money, and if you share your payment information, they’ve got it.

Here’s how you can avoid these recovery scams:

(1) Don’t pay upfront for a promise. Someone might ask you to pay in advance for things – like help with recovering from a scam. Consider it a no-go if they ask you for money before they provide any “help”.
(2) Make it a practice NOT to send money or give out personal information in response to an unexpected text, phone call, or email.
(3) Check references and credentials–Do online searches. Type the name or contact information into your favorite search engine with the term “complaint” or “scam.”  Ask for a reference.

If you do find you have been scammed, please file a complaint with the FTC.  It will help get the word out and quash it sooner than later.

For more on identity theft best practices, please visit www.hvshred.com

MidYear Review of the basics for Identity Theft best practices

Repetition it key to education.  That in mind, as we embark on the second half of 2016, we’d like to use this week’s blog to review the basics on identity theft protection best practices:

  1. Mobile device security – In our connected world, mobile devices account for a lot of our daily activities. Unfortunately, our smartphones and tablets are also wide-open gateways for a hacker to steal our identities. Make sure the apps you use are coming from trusted sources, not unregistered content publishers from third-party or aftermarket app vendors. When you’re out in public, protect your identity and conserve your battery by turning off the wifi to your device;  it will keep you from accidentally connecting to a network without intending to. If you do need to get online while away from home, remember to save the sensitive activity—like online banking—for a time when you’re connected to a trusted network.
  1. Privacy at home – Your home technology is every bit as vulnerable as it’s always been, which is why it’s important to install software that will protect you from malware and viruses. It’s also crucial that you password protect your home internet connection to keep outsiders from accessing it. If someone accesses your network without authorization, (s)he could do damage within your connected computers as well as use your internet address to break the law.
  1. Be scam-savvy – One of the easiest ways to steal someone’s identity with very little technological know-how is to get them to fall for a scam. That’s why it’s important to make sure you, your family members, and your coworkers are up-to-date on the latest scams.
  1. Be on the lookout – One of the most important steps you can take to prevent identity theft damage is to monitor your credit reports regularly. You are entitled to one free report each year from each of the top three credit reporting agencies. If you stagger those requests—receive on in January, one in May, and on in September, for example—you’ll get an ongoing look at the state of your credit. Be sure to report any suspicious activity as soon as you discover it, and place fraud alerts and freezes on any accounts that may have been compromised.
  1. Safeguard yourself old school – Remember, high-tech hacking and data breaches are only part of the problem. The old methods that don’t require anything more than a willingness to steal are still viable. That means dumpster diving is a still a threat, as is mailing bills from your home address. Be sure to shred all of your important, identifying documents before you discard them, and mail your bills from the nearest post office drop box instead of leaving them at the curb with the flag up.

It’s not a fail safe but taking these steps will help.  To stay up on identity theft best practices, please keep checking for our updates on www.hvshred.com

Understand and Protect Yourself from Online Tracking

What follows is the low-down of how you are being targeted on line.

How do websites remember you? For years, the answer has been by using “cookies” – pieces of information saved by your web browser, then used to remember you and customize your browsing experience.

Now, it’s about more than cookies. Without using cookies, companies can use “device fingerprinting” to track you, based on your browser’s unique configurations and settings. Plus, mobile app developers can use “device identifiers” to monitor different applications used on your device. Tracking can also occur on smart devices, like smart TVs.

How can you control online tracking? Here are some ways to get started:

  • Delete or limit cookies. Check your browser’s settings for tools under Help, Tools, Options or Privacy.
  • Reset identifiers on your mobile devices. That makes it harder to associate your device with your past activity. iOS users can do this by following Settings > Privacy > Advertising > Reset Advertising Identifier. For Android, the path is Google settings > Ads > Reset advertising ID. Remember that this will only prevent tracking based on past activity – it won’t prevent tracking going forward.
  • Learn about tracker blockers. There are tools that allow you to block ads called tracker blockers. They prevent companies from using cookies or fingerprinting to track your internet behavior. To find tracker blocking plug-ins, type “tracker blocker” in your search engine. Then, compare features to decide which tracker blocker is best for you.

For more resources for best practices in Identity theft protection, please visit www.legalshred.com

Fending off Text Message Scams

Unfortunately, even our smart phones are now vulnerable to scammers.  We all knew it was just a matter of time.  This week’s blog focuses on how to deter, detect, and defend against the text scammers.

As usual, the scammers often use the promise of free gifts, like computers or gift cards, or product offers, like cheap mortgages, credit cards, or debt relief services to get you to reveal your private information. If you want to claim your gift or pursue an offer, you may need to share personal information, like how much money you make, how much you owe, or your bank account information, credit card number, or Social Security number. Clicking on a link in the message can install malware that collects information from your phone. Once the spammer has your information, it is sold to marketers or, worse, identity thieves.

The results include unwanted charges on your cell phone bill as well as slowing down your cell phone performance by taking up space on your phone’s memory.

For the most part, it’s illegal to send unsolicited commercial email messages to wireless devices, including cell phones and pagers, unless the sender gets your permission first. It’s also illegal to send unsolicited text messages from an auto-dialer — equipment that stores and dials phone numbers using a random or sequential number generator.

Exceptions include transactional or relationship types of messages; when a company has a relationship with you, it can send you things like statements or warranty information.  Political surveys and fundraising messages are also not illegal

To protect yourself:

  • Delete text messages that ask you to confirm or provide personal information: Legitimate companies don’t ask for information like your account numbers or passwords by email or text.
  • Don’t reply, and don’t click on links provided in the message: Links can install malware on your computer and take you to spoof sites that look real but whose purpose is to steal your information.
  • Treat your personal information like cash: Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. Don’t give them out in response to a text.
  • Place your cell phone number on the National Do Not Call Registry.
  • If you are an AT&T, T-Mobile, Verizon, Sprint or Bell subscriber, you can report spam texts to your carrier by copying the original message and forwarding it to the number 7726 (SPAM), free of charge.
  • Review your cell phone bill for unauthorized charges, and report them to your carrier.

For more information on identity theft protection, please visit www.hvshred.com

On-Site is Most Secure-Be Wary of Changes in the Market Place

Like other industries, the shredding industry is one that is always in transition.  The most recent big news is Steri-Cycle acquired Shred It.  The news we liked to bring our communities’ attention to is the fact that Steri-Cycle has specifically made it public their intended push to convert clients from on-site to off-site.

Along with our industry advocacy group Mobile Shredding Association, we strongly oppose any effort to diminish the value of on-site, witnessed secure document destruction. The move to convert clients to off-site shredding increases the complexity in managing document chain of custody, effectively removes client’s option to witness destruction, and creates a delay between receiving of client materials and the destruction of those materials which will certainly not take place immediately and may not take place within an appropriate amount of time. Legal Shred is primarily an on-site shredding service and are keen on providing clients the convenience and security of on-site secure destruction services.

At Legal Shred, we customize service to best accommodate each client’s needs.  Please contact us to make sure you are getting the service that works best and provides the highest level of security.  www.legalshred.com judith@legalshred.com (845) 705-7279