Here’s a secret way to keep your identity—and that of your loved ones—secure: Don’t give out your Social Security number unless it’s absolutely required.
That’s right. Most of the time, it’s OK to say no to schools, doctor’s offices, sports clubs and many other organizations that may ask for this nine-digit identifier. In fact, safeguarding SSNs is a key first step to protecting against identity theft and other fraud.
Here are 10 places that have no business asking for a SSN:
1. Job applications
2. Hospitals or medical and dental offices
3. Pharmacies
4. Public schools
5. Sports clubs
6. Children’s camps
7. Supermarket loyalty programs
8. Charities
9. Airline ticketing and frequent flyer programs
10. Email messages
Unsure how to respond when someone asks for this number? It’s important to never hand it over blindly, Levin said. He recommends following these steps when determining how to react:
1. Stop and think. Take a moment to consider if there is a legitimate need for the SSN. Many places blindly ask for it, but some places, such as the IRS, Department of Motor Vehicles or military, may legitimately need it.
2. Negotiate. There are other identifiers, such as a driver’s license or account number, that may be used instead. Fight to use them.
3. Get assurance. If you must share your SSN, make sure there are strong security measures in place to protect it.
Internet of Things – Smart Technology
As smart home trends progress and more devices connect to the internet in a growing Internet of Things (IoT), it’s now a concern that your thermostat, lights or baby monitor could be hacked. Recently, CloudPets kids’ toys were breached, leaking 2.2 million voice recordings between parents and their children.
Even if you swear off all smart home technology, you probably still have everyday devices in your home that are susceptible to hacking. These can include:
• Digital video recorders (DVRs)
• Printers
• Security cameras
• Smart Televisions
• Tablets
• Smart Phones
• Routers
• Webcams
In October 2016, these types of devices were all used in a massive attack on internet servers. Hackers infected IoT devices with malware instructing them to ping the servers of Reddit, Spotify, The New York Times and other websites until they crashed from overuse. This type of incident is called a distributed denial of service (DDoS) attack.
Once they have control of your device, perpetrators have the freedom to do whatever they want – whether that’s turning on and recording via your security camera, changing passwords to lock you out or even printing something on your printer ‒ as one hacker did in early February 2017 to 150,000 printers.
Luckily, there are plenty of steps you can take to arm your devices and greatly reduce the chances of them being compromised
1. Update login credentials. Some devices like cameras and routers with weaker security come pre-loaded with default usernames and passwords. No matter what these preset credentials are, make sure you change them immediately if you haven’t done so already. When unprotected, smart home devices are some of the easiest devices for internet crawlers to get into – after all, they don’t even need to guess your login information!
2. Have a strong password. Lengthy passwords are the way to go. We even recommend using sentences at least 12 characters long. While it might be tempting, don’t reuse passwords across accounts. That way, if someone figures out your Facebook password, at least they can’t use the same password to log into your smart lock, unlock your door and stroll right in. Have unique passwords for all of your accounts. Write down your passwords and keep the list in a safe place separate from your computer – or consider using a password manager to help you set and store your strong, unique passwords.
3. Shop around for secure gadgets. Some companies put in the extra resources and efforts to secure their gadgets, while others do not prioritize it at all. The key is to research and ask yourself: what security measures does this company have in place for keeping my information safe? Look beyond just a username and password. Additional protection might include https connection, two-factor authentication, third-party penetration testing and AES 128-bit encryption.
Right now, there are thousands of routers and devices using generic logins. Hackers can deploy a simple internet crawler to discover these devices – it’s low-hanging fruit for them. As long as you protect your network and devices with strong, unique passwords, you are much less likely to have problems with suspicious activity.
Stolen ID
A man who assumed the identity of a baby who died in 1972 was arrested on charges of Social Security fraud and aggravated identity theft after the child’s aunt discovered the ruse through Ancestry.com.
Prosecutors said Jon Vincent stole Nathan Laskoski’s identity after escaping from a halfway house in March 1996 and used his new name to start another life. Vincent had been convicted of indecency with a child. The real Nathan Laskoski died at age 2 months in 1972.
Authorities said Vincent first obtained a Social Security card as Laskoski in 1996. He held jobs, received a driver’s license and married and divorced as Laskoski. When Nathan’s aunt did a search on Ancestry.com, a genealogy website, his name came up as a “green” leaf on the website, meaning public records showed he was alive.
The aunt told Nathan’s mother, who did more research and learned that someone had obtained a Social Security card under her son’s name. Nathan’s mother also found public marriage and divorce records, and filed an identity theft complaint with the Social Security Administration.
Traveling with Electronic Devices
Times are changing for people choosing to travel with electronic devices; not so much within the US but certainly international flights.
Electronic devices are not longer just laptops, now they are cellular phones, tablets, readers, and gamers.
When you approach the boarding gate you may be informed that your electronic device MUST be checked that it is no longer permissible to carry the device on board. You will be given a baggage claim check and instructed to collect it along with all other luggage at the baggage carousel.
The question posed, how safe is your data that is on the electronic device, how secure is the collection process - will photo id be required, who has access to the device, do you have data stored that may not be secure. What kind of personal or confidential information have you stored on your cellular phone, computer, or tablet?
Always check with the airlines to find out what their policy is concerning the transport of electronic devices, both domestically and internationally. Ask about security in handling and in retrieving.
Electronic devices are not longer just laptops, now they are cellular phones, tablets, readers, and gamers.
When you approach the boarding gate you may be informed that your electronic device MUST be checked that it is no longer permissible to carry the device on board. You will be given a baggage claim check and instructed to collect it along with all other luggage at the baggage carousel.
The question posed, how safe is your data that is on the electronic device, how secure is the collection process - will photo id be required, who has access to the device, do you have data stored that may not be secure. What kind of personal or confidential information have you stored on your cellular phone, computer, or tablet?
Always check with the airlines to find out what their policy is concerning the transport of electronic devices, both domestically and internationally. Ask about security in handling and in retrieving.
Medicare Cards and Social Security Numbers
Many consumers complain that while they remove their Social Security cards from their wallets, the Social Security number is still on their Medicare cards.
The ITRC would like to make the following recommendation. This simple tip could keep an identity thief from getting your Social Security number and protect yourself from becoming a victim of identity theft.
• Photocopy your Medicare card, front and back.
• Put your original card in a safe, locked area. Only carry it with you on the days you know you will need it.
• Using scissors, cut the photocopies of your Medicare card down to wallet size, cutting off the last four (4) numbers of your Social Security Number.
• Staple these two business card size papers together, adding a third blank paper to the packet.
On this blank sheet, write down following:
• Emergency contact with the name and phone number of a person who can be reached in the event of an emergency. Your emergency contact person should have a sheet of paper with the last 4 numbers of your Social Security number and the following:
1. Your pertinent medical history
2. The name of your doctors
3. A list of all the prescriptions you take, including over-the-counter pills.
The ITRC would like to make the following recommendation. This simple tip could keep an identity thief from getting your Social Security number and protect yourself from becoming a victim of identity theft.
• Photocopy your Medicare card, front and back.
• Put your original card in a safe, locked area. Only carry it with you on the days you know you will need it.
• Using scissors, cut the photocopies of your Medicare card down to wallet size, cutting off the last four (4) numbers of your Social Security Number.
• Staple these two business card size papers together, adding a third blank paper to the packet.
On this blank sheet, write down following:
• Emergency contact with the name and phone number of a person who can be reached in the event of an emergency. Your emergency contact person should have a sheet of paper with the last 4 numbers of your Social Security number and the following:
1. Your pertinent medical history
2. The name of your doctors
3. A list of all the prescriptions you take, including over-the-counter pills.
What happened to "drinking and driving"?
Are you ready to believe this? A drive up bar/social club! I came across this in Slidell, MS.
Diabetes Supply Scam
A database containing personal information of 918,000 seniors seeking discounts on diabetes supplies was revealed to be exposing its contents for months freely online.
The seniors provided their personal financial and health information to a program promising them discounts on diabetes supplies. But, according to a report on Naked Security, a Sophos blog, the database on which the information was stored ended up exposed for months after a software developer in the employ of a telemarketing firm uploaded a backup copy to the internet.
The database was found by a Twitter user, calling himself Flash Gordon, on an Amazon Web Services (AWS) instance at an IP address. He is said to have used Shodan, a search engine for connected devices that "crawls the internet, connecting to likely services, logging what comes back, and creating a searchable index of the results," according to the blog post.
Flash Gordon notified DataBreaches.net – a data security site run by a health care professional – about his discovery. At that point, DataBreaches.net reached out to security researchers for help. They found that the database was not from an entity liable under HIPAA laws, such as a health care provider. Rather, they discerned it was from a telemarketer as the data included scripted comments to use when engaging with patients.
The database included names, addresses, dates of birth, telephone numbers, email addresses, taxpayer IDs, health insurance carrier, policy numbers, and information about what types of health problems the individuals had.
The database has since been taken down.
The Sophos researchers advised that when called by a telemarketer offering great deals on diabetes supplies, be wary of providing personal information as there's no way to know whether the caller is legitimate. Additionally, any information a caller provides might get duplicated for use in other telemarketing campaigns.
The seniors provided their personal financial and health information to a program promising them discounts on diabetes supplies. But, according to a report on Naked Security, a Sophos blog, the database on which the information was stored ended up exposed for months after a software developer in the employ of a telemarketing firm uploaded a backup copy to the internet.
The database was found by a Twitter user, calling himself Flash Gordon, on an Amazon Web Services (AWS) instance at an IP address. He is said to have used Shodan, a search engine for connected devices that "crawls the internet, connecting to likely services, logging what comes back, and creating a searchable index of the results," according to the blog post.
Flash Gordon notified DataBreaches.net – a data security site run by a health care professional – about his discovery. At that point, DataBreaches.net reached out to security researchers for help. They found that the database was not from an entity liable under HIPAA laws, such as a health care provider. Rather, they discerned it was from a telemarketer as the data included scripted comments to use when engaging with patients.
The database included names, addresses, dates of birth, telephone numbers, email addresses, taxpayer IDs, health insurance carrier, policy numbers, and information about what types of health problems the individuals had.
The database has since been taken down.
The Sophos researchers advised that when called by a telemarketer offering great deals on diabetes supplies, be wary of providing personal information as there's no way to know whether the caller is legitimate. Additionally, any information a caller provides might get duplicated for use in other telemarketing campaigns.
Subscribe to:
Comments (Atom)