Tag Archives: information security

Tax Season 2017 – Talk to Parents and Grandparents About Tax Scams

Tax season is scam season. It is also a good time to talk to elderly people about their tax returns. In the age of the Internet, email and smartphones older people to get confused and even intimidated by the technology. And scam artists know this.

For elderly African-Americans information security is a key concept they need to understand. Something as simple a securing sensitive papers can make a great deal of difference. African-American seniors need to understand that simple documents such as a utility bill can lead to identity theft. These are new concepts for many older people.

Some elderly people live in senior citizens homes or assisted living facilities. Others have in home care. These older people, because of their situation, are vulnerable. If you have a parent, grandparent or elderly reative in this situation make sure mail and other documents are properly secured. Live-in or visiting caregivers are supposed to be trusted but we know that is not always the case.

Makes sure they understand that they are not to give any information over the phone. Fake IRS scam artists are very skilled at intimidating and confusing older people on the phone. Make sure they know to hang up the phone immediately. Remember, some calls are phishing calls. This is where the caller asks question to get information that is just the beginning of the scam. They use methods known as social engineering. Older people are vulnerable because they may fall for a friendly voice on the other end asking seemingly innocent questions. Other times they may think they are talking to the IRS.  Again, remind them never give informaion over the phone.

Ask questions; who is preparing their taxes? Is this a legitimate company? Can they be trusted? How is their information handled and secured? How much are they charging? All these question maybe intrusive but if you feel your parents or grandparents are vulnerable then its better to be an nuisance now than to regret it later.

Some older people do indeed use the Internet to shop, send email and conduct other business. Make sure they understand that the IRS does not conduct business by email. Teach them to avoid clicking on links or opening attachments.

Finally, persuade older people to ask for help. Many older people guard their independence jealously. They want to feel they are in control of their own lives. Make sure they know you are there to help them and protect them.


Breach Brief – America’s JobLink Alliance

America’s JobLink Alliance (AJLA)  reported  a data breach exposed the sensitive information of job-seekers in at least 10 states. Hackers were able to gain unauthorized access to the names, Social Security numbers, and birth dates of millions of job seekers in their database. According to AJLA the breach occurred between Feb. 23 and March 14, 2017. The breach affects job seekers in the following 10 states Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont.  According to the Idaho Department of Labor, as many as 4.8 million accounts may have been compromised nationwide.

The U.S. Department of Labor (DOL) provides the Kansas based AJLA to the states but the service is mangaged by a third party. AJLA is used to coordinate federal unemployment and workforce development programs across the country.

AJLA reported that on February 20 a hacker created a new account, then atacked a previously unknown a vulnerability to gain access to job seekers’ information.  AJLA technical support said in a statement that it first noticed unusual activity on March 12th, and confirmed the breach on March 21st.

The organization is working with law enforcement and contracted a forensic firm to identify what accounts were affected. “The firm has verified that the method of the hacker’s attack has been remediated and is no longer a threat to the AJLA-TS system,” AJLA stated.

The DOL is sending direct notification, via email or regular mail, to all customers whose accounts may have been compromised. The AJLA has also set up a toll-free phone number to call for information; 844-469-3939.

Breach Brief – Verifone

Verifonethe largest maker of payment terminals, reported it is investigating a data breach of its systems. The company provides terminals and services to merchants that allow consumers to swipe credit and debit card. The terminals can be found at a variety of businesses, including retailers, taxis, and gas stations. Verifone claims the hack was contained to its corporate networks.

An urgent email was sent to all company employees and contractors on January 23rd. The email warned them to change their company passwords within 24 hours. Employees were also notified that installing software of any kind on company computers and laptops was no longer permitted. Verifone has not said what or how much data was possibly compromised or when the breach occured.

Verifone was notified by credit card providers Visa and Mastercard a few days prior to Verifone’s employee alert. 

According to Verifone about two dozen point-of-sale payment systems at gas stations were targeted. However the situation could be more serious. Experts say that such small intrusions into payment systems are a precursor to larger attacks. Cyber criminals may have learned enough about Verifone to attack the payment systems at a later date. Sometimes months or years later. This leaves many consumers open to being victimized. 

The company operates in 150 countries and employs 5,000 people. 

Understanding Medical Data Breaches

canstockphoto24985079Medical data breaches are constantly in the news.  According to iHealthBeat.org 1 in 10 U.S. residents have been impacted by a medical data breach. It is highly likely that millions of African-Americans have been the victim of a medical data breach and probably don’t know it. The sad news is that this has become common.

We need to understand a few things about data breaches. First, what is a data breach? What kind of data breaches are there? How many people are affected and how do you fight back if you think your data has been compromised.

Put simply a data breach is an incident where sensitive, protected or confidential information has been exposed, stolen or utilized by unauthorized individuals often to commit some type of crime.

What kind of data breaches are there? Data breaches may expose personal health information (PHI) this is a medical data breach.  Personally identifiable information (PII) is information that, on its own or combined with other information can be used to identify, contact, or locate a person, or identify an individual in context. Finally there is a data breach that exposes trade secrets or intellectual property. This usually affects businesses and sometimes falls known as industrial espionage.

Medical data breaches often involve massive numbers of people and personal information records. Here are the largest medical data breaches so far this year. Look carefully, your insurance company may be on the list.

Keep in mind that medical insurance companies are not alone when it comes to data breaches. Hospitals and health service providers are a prime target for medical data hackers. The HIPAA Act covers most medical facilities. HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The law is intended to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.

According to Datapipe.com these are the largest HIPAA data breaches of  2014.

According to a report released by KPMG 81 percent of health insurance providers and hospitals have had a data breach. The survey revealed,

  • 15 percent of healthcare organizations have no one whose sole responsibility is information security.
  • 23 percent do not have a security operations center to identify and evaluate threats.
  • 55 percent say they have a hard time staffing their organization.

Why is medical data so valuable? Medical records are ten times more valuable to hackers than your credit cards.

Your medical information is a gold mine. You probably have medical information spread over several doctor’s offices, medical services and hospitals including your dentist, pharmacy and physical therapist. These records contain information such as your Social Security number, address and phone number, email, next of kin information, phone numbers, information about your children or spouse, payment information, insurance information, and much more.

Hackers use stolen medical and insurance data to create fake IDs, buy medical equipment or drugs that they can re-sell and file fraudulent claims with insurance providers. Hackers also have more time to use stolen data to commit fraud because medical identity theft is not immediately apparent.  And mostly because these records are easy targets. According to the KMPG report hospitals and medical insururance companies are poor protectors of your information. According to the security firm Symantec health care providers saw a 72 percent increase in cyberattacks from 2013 to 2014, Health care companies are required by law to publicly disclose big health data breaches. There were more than 270 such disclosures in the last two years.

So how can African-Americans avoid the theft of their medical information?

  • If your wallet is lost or stolen, make sure your insurer(s) are notified along with your financial institutions.
  • Carefully examine all medical bills and insurance statements you receive. Look for fees from health care providers you do not recognize or statements describing benefits paid out for services you did not obtain.
  • Consider an identity protection service which will help you detect most kinds of identity theft, including medical, much earlier than you might on your own and assist you through the fraud resolution process if your information is stolen.
  • Always be alert to strange phone calls or emails from people asking medical questions or insurance questions, especially if you do not know the company.
  • Alert your caregivers of any suspicious calls or activity regarding your care.
  • Keep a close watch on your credit and banking resources. Alert you financial institutions of any suspicious or fraudulent activity.
  • Take full advantage of credit monitoring services if offered.

The loss of medical data can have a devasating personal impact. An unlucky victim may have their medical insurance coverage cancelled or suspended due to fraudulent claims. Insurance premiums may skyrocket. Others may have their identity stolen completely. Changes, intentional or accidental, to medical records could result in mis-diagnosis or mis-treatment of illnesses. Pay attention to data breach notifications. The African American Cyber Report is an excellent source for the latest breach notifications.

Know you know


Computer Misuse Will Get You Fired


Courtesy of stockimages

More and more jobs involve the use of a computer. And working with a computer has its hazards just as a job driving a bus or cooking for a living does. African-Americans understand that sometimes we are judged more harshly than others in the workplace. So you need to beware of computer misuse on the job. These mistakes could get you fired and even destroy your career. Companies are extremely sensitive about their computers and networks. The least little thing could cost millions of dollars in data loss and man hours to repair the damage.

AACR Rule #10. You are always one click from destruction.

Lets look at the ten computer mistakes that will get you fired.

1) Using storage devices to transfer data. Transferring your employer’s corporate data back and forth to your home computer using a thumb drive or other storage device may seem harmless but you are asking for trouble. You could lose the drive containing sensitive information such as customer names and information or that of a business partner. You may unintentionally infect your company’s network with a virus you didn’t know you had.  Its smart to keep your computer and the company’s computer separate. If you need to take information home or travel then ask for a company laptop and use a secure pass phrase and encryption in case it gets stolen in the airport or hotel.  If it happens kiss that job goodbye.

2) Stay off social media! That means Facebook, BlackPlanet, Twitter, Instagram, shopping online on black Friday, March Madness all of it. Your boss could easily assume you are wasting company time and  resources. And you know he will. You could also get involved in office gossip and accidentally expose company data, or voice an opinion best kept to yourself. Remember that the computer in the workplace is monitored. They told you that didn’t they? Whatever you do on it is their property. Hackers often use social media as a stepping stone to get into company networks or discover tidbits of information used to break into networks.  You should be extremely suspicious of anyone asking for contacts or emails of other employees or someone sending you files or links. One click could put you on the street.

3) Using the wrong  tone of voice. Black people will speak their mind. It’s not a good idea in the work place, in company emails or when dealing with customers. Some companies use chat tools, online bulletin boards and even intranet websites. Be professional. Damaging your employer’s reputation is bad and will definitely get you fired. You don’t want a customer or business partner complaining about rude or un-professional communications. Don’t say whats on your mind. Eliminate the slang and the attitude. One out of place phrase about a co-worker, your boss or your own dissatisfaction could be disastrous. A frivolous photo from the office party may damage co-worker relationships and cause other problems in the office. I’ve seen an email go off track and turn an office upside down.

4) Don’t use personal email for company business. Most companies will suffer a minor server outage every now and then. And yeah, it can really be a pain when it happens. But using your Gmail or Yahoo email  for sending corporate email is bad idea. What if your email is hacked? Don’t think it can’t happen. Cybercriminals may target you to get at your company networks. It happens all the time.  And don’t use the company email for your personal stuff. I told you that it is not your machine and your boss can easily get a hold of the email. Don’t send jokes, images or links through your company network.  Any joke, no matter how harmless it may seem, will offend somebody. And you never know what that link will do once you click on it.

5) Sending encrypted personal information. Using encryption on the office computer! Really? You could be branded a corporate spy, fired and may find yourself unemployable in your chosen field. Especially if you work in a financial services institution or any place handling sensitive data.  The security manager may believe you’re up to no good or sharing confidential data with others outside the company. Even if you’re not you may still be fired or at least under suspicion. Most bosses will fire you or even report the matter to the police as matter of caution. Do you need that headache?

6) Don’t load personal software on company computers. This includes laptops. No games or apps. You could accidentally install malware or viruses or a worm and get shown the door. In addition some software hog and wastes company resources. I already told you that its the company PC or laptop and, yes, they can monitor it remotely. The IT guys don’t have to be standing behind you to know you’re playing Candy Crush.

7) Security policy violations. Don’t share passwords.  Sometimes they can be hard to remember so you may write it down on a Post-It note and stick it on your monitor or on the underside of the keyboard. All bad ideas. Don’t think for a second that all your co-workers are trustworthy. Don’t ask anyone to monitor your email either. Don’t forward information. That “reply to all” button has killed a few careers. Don’t share company files with an employee who doesn’t have permission. If they don’t have the password for a certain file then don’t let them use yours. Keep your job by sticking to the rules.

8) Downloading or streaming content.  Streaming music, movies, YouTube or Skype is another bad idea. Your employer is paying for that bandwidth and will frown upon its mis-use. But people still do it and then get hammered for it.

9) Company Cellphones. Using the company cellphone as your own is not smart. Maybe your company is OK with it but its still their phone and so are the text messages and voice mails. Now they’re in your business. You can also make the mistake of going over the limit with minutes or downloading an infected app. If someone notices your bill is exceeding the limits you could have some explaining to do. My best advice is keep you phone and business separate from their business.

AACR Rule number #4,  Your life has been digitized. Everything you say and do is recorded somewhere.

10) And it will be used to both support and ruin your career.

Now You Know


African-American Parents, Fight Child Identity Theft

canstockphoto2780627Child identity theft is a rapidly growing crime in the cyber age. Black parents need to be aware of the vulnerability of their child’s identity and what they need to do to protect it. Sadly most child identity theft is done by family members. Parents have used their child’s social security number and name to get credit cards and such basic services as phone and cable television. Its a ghetto move and we as black people know it happens.

As these children gets older and try to enter the working world they may discover that their credit is already screwed up thanks to mom or dad. If the child is college bound they may find that student loans are impossible to get due to bad credit. Even getting a cell phone might be impossible. The child starts life already handicapped with a deadbeat credit report.

But there are others that seek to steal a child’s identity and you have to watch out for them. Criminals love a child’s identity because it offers them almost limitless opportunity to get credit cards, loans, even cars and home mortgages. How? Because some credit reporting companies do not verify age of the applicant.  So when a criminal applies for credit using a child’s social security number they may list their age as 24. And that’s the age the credit record will show. The actual age of the child, who’s social security number is used, doesn’t matter. The question now is how do you, as a parent, fight back.

One of the first things a parent needs to do to protect their child is to regularly check their child’s credit report using the free service at AnnualCreditReport.com. This should be performed at least once a year. If you have not done this there are some clues you should be aware of. These include;

  • Check your child’s credit history and look for activity like credit cards in their name, especially store credit cards.
  • You attempt to open a bank account for your child only to discover there is an account open with your child’s social security number or the bank denies you due to a history of bad checks.
  • Your child applies for a student loan or credit card and is denied because of credit problems they were unaware of.
  • Your child receives frequent offers for credit cards.
  • Your child is receiving bills, bank statements or notices from collection agencies.
  • Your child can’t get a driver’s license because someone else has a driver’s license using their social security number.Or there is a driving record associated with the child’s name that has outstanding citations.
  • You are audited because someone else has claimed your child as a dependent.
  • A letter from the IRS is sent to your child claiming they failed to file report income.

If you discover fraudulent activity using your child’s identity act immediately. You can place a freeze on your child’s credit profile and begin getting the situation corrected. You can also find information specifically for child identity theft at the Federal Trade Commission website.

Breaking It Down

Black parents are focused on giving their children every possible advantage. Lets face it, society is not always kind to us. We need to focus on protecting them not only from the things we know could hurt them but the hidden dangers of life. Black children need to know the value of their social security number and their identity. Start early with this education so they grow up knowing how easily an identity is stolen. Your child is probably online so you need to let them know they should never use their identity online or give any information to websites or even friends online. Black children need to learn the value of information early in life and understand where the threats are. Like that cell phone and their Facebook page or any other social media they maybe into.  We often think of predators as pedophiles, and they really are a serious danger to our children, but we also need to be alert to information gathering websites. Especially product oriented websites, online gaming websites and free offers that come in our children’s email or text messages. Some predators just want information.  Its up to you to educate your child to the dangers of the world, especially the cyber world.