After Equifax Breach, Wealthy Consumers Present Alluring Targets For Hackers - Here’s how to protect yourself from email and medical fraud schemes.

Of the 143 million U.S. consumers whose personal information was potentially exposed in the Equifax data breach, the wealthy could face their own particular set of vulnerabilities.

Would-be criminals could use customers’ stolen names, Social Security numbers, birth dates and addresses—information exposed in the Equifax breach—to target those who may have bigger bank accounts, larger lines of credit and more assets, experts say.

A relatively easy way crooks could target the wealthy is by sorting the Equifax information by ZIP Codes that are associated with wealthy areas such as Beverly Hills, Calif., or Greenwich, Conn., some cybersecurity experts say.

“Hackers get the most bang for their buck by focusing on wealthy,” says Roderick Jones, chief executive of Rubica Inc., a cybersecurity firm that works with wealthy individuals.

Here are weaknesses wealthy Americans should watch out for:

Email Vulnerabilities

Fraudsters may use the compromised Equifax data to not only open high-limit credit cards or take out loans in victims’ names, Mr. Jones says, but also to hack into their email accounts to gather information so they can commit other crimes.

Using the details gathered from the breach, experts say hackers are likely to launch “phishing” attempts on their targets. With knowledge of a loan at a certain bank, for example, a hacker could craft an email about that loan that sounds believable and encourages the victim to either click a link that may infect their computer or sends them to a malicious website that gathers even more data that could be exploited.

Another example: After infiltrating a victim’s email and learning his or her writing style, a hacker could email that person’s financial adviser and request a wire transfer, experts say. If the adviser doesn’t have the proper security procedures in place and doesn’t at least verify a wire-transfer request with a verbal confirmation from the client, that money could end up in a fraudster’s account.

How to respond: Use different, complex passwords for each of your accounts, security experts say. Don’t use your Social Security number as any part of an online password or username. While such tips aren’t new, experts say they bear repeating because the security gaps they address are among the most frequently exploited.

Also, take caution with emails that appear to be from a legitimate financial institutions. When in doubt, call that provider directly or log on to their website from a secure connection to check your accounts, security experts say.

Medical Fraud

Equifax victims may be at particular risk for medical fraud, too, says Michael Kaiser, executive director at the National Cyber Security Alliance. That’s because they often have strong medical insurance and prescription-drug coverage.

A crook could use the information stolen in the breach to impersonate a victim and seek treatment from various doctors or specialists, potentially running up high medical bills.

Meanwhile, the opioid epidemic raises the stakes for prescription-drug fraud.

Crooks could sell the information to individuals addicted to prescription drugs, including opioids, says Eva Velasquez, president of the Identity Theft Resource Center, a nonprofit group that helps victims of identity theft.

That person would then use the stolen information to buy prescription drugs under the victim’s name using their health insurance. The victim will often get the bill for any unpaid expenses and crook’s use of the drug will be recorded into the victim’s health records, she says.

Ms. Velasquez says that once an individual provides proof of identity theft, he or she generally is no longer held responsible for debts incurred by a fraudster. In the interim, however, a victim may be held responsible and this can have an impact on credit scores.

And in cases where insurance was used fraudulently, plan caps and thresholds can be met or exceeded, making it difficult for victims to obtain necessary medical services, she says.

How to respond: If you get bills or explanation-of-benefits forms that you don’t recognize, call the billing office of the medical provider and your insurance company to challenge the charges, Mr. Kaiser says. Keep copies of any documents you receive and keep notes on your conversations.

And ask your providers about any extra layers of security they have, including two-factor authentication, personal identification numbers and biometrics such fingerprint readers, and take advantage of those features, Ms. Velasquez says.

“Yes, more security adds a layer of inconvenience, but that’s OK if it protects you in the long run,” she says.

Starting with the iPhone 6, Apple made it possible to charge it from 0 to 100% almost twice as fast. These handy tips can help you supercharge your iPhone from 0-10% in just five minutes.

TURN ON FLIGHT MODE

Switch your phone to flight mode while it’s charging and you’ll find that the power bar creeps up that little bit faster. In this mode, your phone can’t connect to Wi-Fi or mobile networks, so your battery usage will decrease and your device will power up faster. This option can be found in your phone’s settings menu, or by swiping up from the bottom of your home screen.

TURN ON LOW-POWER MODE

Activate low power mode by delving into the battery option under the settings menu and your screen’s energy consumption will decrease drastically. This mode will also shut down any background functions chewing through your power supply, meaning your phone will store more juice while plugged in.

TURN OFF PUSH NOTIFICATIONS

Push notifications are the little icons and messages which your phone displays on its lock screen whenever you get a text or an update. Switching these off while you’re plugged in will help to keep power to a minimum, preventing your phone screen from flashing up and eating power.

USE AN OPTIMUM CHARGER

The best kind of charging device for speed is an iPad wall charger, which can transfer more amps of electricity per second than any of the others. That means it's more efficient than a charger plugged into a computer, or an iPhone charger plugged into the mains. (It's worth nothing that only the iPhone 6 and newer models are capable of accepting 2.1 amps per second, which is the amount the iPhone wall charger provides).

LEAVE YOUR PHONE ALONE

And that includes turning it on to check the time. The more you turn on the phone's display, the more battery it uses up, which makes sense really.

Equifax, one of the three major consumer credit reporting agencies, said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.

The attack on the company represents one of the largest risks to personally sensitive information in recent years, and is the third major cyber security threat for the agency since 2015.

Equifax, based in Atlanta, is a particularly tempting target for hackers. If identity thieves wanted to hit one place to grab all the data needed to do the most damage, they would go straight to one of the three major credit reporting agencies.

“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

Criminals gained access to certain files in the company’s system from mid-May to July by exploiting a weak point in website software, according to an investigation by Equifax and security consultants. The company said that it discovered the intrusion on July 29 and has since found no evidence of unauthorized activity on its main consumer or commercial credit reporting databases.

In addition to the other material, hackers were also able to retrieve names, birth dates and addresses. Credit card numbers for 209,000 consumers were stolen, while documents with personal information used in disputes for 182,000 people were also taken.

Other cyberattacks, such as the two breaches that Yahoo announced in 2016, have eclipsed the penetration at Equifax in sheer size, but the Equifax attack is worse in terms of severity. Thieves were able to siphon far more personal information — the keys that unlock consumers’ medical histories, bank accounts and employee accounts.

“On a scale of 1 to 10 in terms of risk to consumers, this is a 10,” said Avivah Litan, a fraud analyst at Gartner.

An F.B.I. spokesperson said the agency was aware of the breach and was tracking the situation.

Last year, identity thieves successfully made off with critical W-2 tax and salary data from an Equifax website. And earlier this year, thieves again stole W-2 tax data from an Equifax subsidiary, TALX, which provides online payroll, tax and human resources services to some of the nation’s largest corporations.

People can go to the Equifax website to see if their information has been compromised. The site encourages customers to offer their last name and the last six digits of their Social Security number. When they do, however, they do not necessarily get confirmation about whether they were affected. Instead, the site provides an enrollment date for its protection service, and it may not start for several days.

The company also suggests getting a free copy of your credit report from the three major credit bureaus: Equifax, Experian and TransUnion. These are available at annualcreditreport.com. It also suggests contacting a law enforcement agency if you believe any stolen information has already been used in some way.

Equifax’s credit protection service, which is free for one year for consumers who enroll by Nov. 21, is available to everyone and not just the victims of the breach.

Equifax is offering consumers the ability to freeze their Equifax credit reports, said John Ulzheimer, a consumer credit expert who often does expert witness work for banks and credit unions and worked at Equifax in the 1990s. Thieves could have information stolen from Equifax and used it to open accounts with creditors that use Experian or TransUnion.

Governments regularly buy stolen personal information on the so-called Dark Web, security experts say. The black market sites where this information is sold are far more exclusive than black markets where stolen credit card data is sold. Interested buyers are even asked to submit to background checks before they are admitted.

“Cyberwar is in large part conducted through data mining and cyberintelligence,” Ms. Litan said. “This is also a Homeland Security risk as enemy nation states build databases of Americans that they then use to get to their targets, for example a network operator at a power grid, or a defense contractor at a missile defense company.”

Here is what you need to know about the breach -- and how to protect yourself.

Last week, Selena Gomez's Instagram account was taken over by hackers who posted to its feed explicit photographs of the singer's ex-boyfriend, Justin Bieber. Gomez regained control of her account (which is the most followed account on the platform, with over 125 million followers) and the offending photos were erased, but the incident foreshadowed soon-to-appear much wider-spread problems.

Several days ago, Instagram announced that it had fixed a vulnerability that had apparently previously allowed unauthorized parties to obtain the email addresses and phone numbers associated with Instagram accounts, even when such information was supposed to be private and inaccessible to parties other than respective account owners. Armed with the pilfered information, criminals could potentially have attempted to trigger and intercept password reset messages or to phish or otherwise social engineer Instagram users -- which may explain how Gomez's account was breached.

Before the bug was fixed by Instagram, a hacker, or group of hackers, apparently stole a significant amount of data that he/she/they are now offering for sale online at a price of $10 per record (payable in Bitcoin, naturally), terming the searchable database of pilfered Instagram information "Doxagram." The Daily Beast claims to have verified some of the data supplied by the hacker/s as authentic.

The party responsible for Doxagram says that it amassed data from over six million users. Of course, Instagram has over 700 million active monthly users, so six million is fewer than 1 percent of the total Instagram userbase -- but, it still represents many potentially unhappy people.

Among the accounts whose data was stolen were reportedly those of Kim Kardashian, Leonardo DiCaprio, Beyoncé, Taylor Swift, and even the White House.

Doxagram has had periodic outages as various service providers take steps to take it down, but it appears to be accessible at the present time via the Tor network. Earlier today the person or people behind Doxagram appeared to be tweeting using the Twitter handle @doxagram_insta; Twitter has since suspended that account. Ironically, shortly before the Doxagram account was shut off, its operator tweeted a reminder for anyone using the system to purchase stolen data to "Please keep your login information safe. Use a strong password. We can't do anything if your credit gets used by someone else." Yes. That would be hackers advising people buying stolen information how not to become victims of hackers.

Follow the Steps Below to Protect your Instagram Account.

1. Use multifactor authentication.

2. Use a unique, strong password. For advice on how to select a strong, easy-to-remember password, please see my article "How to Create Strong Passwords That You Can Easily Remember."

3. Keep your Instagram app up to date.

4. As Instagram has advised, "Be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognized incoming calls, texts, or emails." Do not respond to emails or texts asking you to reset passwords or the like. Never click links in emails or text messages to access Instagram; instead, access the social network via the app or by typing https://instagram.com into a web browser.

5. If you ever receive an Instagram password reset email and you did not request a password reset, contact Instagram. To do so tap the "..." menu from your profile, select "Report a Problem," and then select "Spam or Abuse."

Source: INC.com

A total of 745,000 pacemakers have been confirmed as having cyber-security issues that could let them be hacked.

The Food and Drug Administration revealed that 465,000 pacemakers in the US were affected, in an advisory note about a fix to the problem. The pacemaker's manufacturer, Abbott, said there were a further 280,000 devices elsewhere.

The flaws could theoretically be used to cause the devices to pace too quickly or run down their batteries. However, Abbott said it was not aware of any cases of this happening, adding that it would require a "highly complex set of circumstances". The Department of Homeland Security has said that an attacker would need "high skill" to exploit the vulnerabilities.

Three-Minute Fix The affected pacemakers are branded as having been made by St Jude Medical, which was acquired by Abbott earlier this year. Patients are being advised to ask their doctors about an available firmware update at their next scheduled appointment. The pacemakers can receive the revised code by being placed close to a radio wave-emitting wand in a process that lasts about three minutes.

Pacemakers manufactured after 28 August will come with the new firmware pre-installed. "As with any firmware update, there is a very low risk of an update malfunction," the FDA said. The regulator noted a very small number of St Jude devices had lost all functionality after a firmware update in the past. Abbott said some patients might opt to continue with the old firmware as a consequence.

"In some cases, doctors and patients will decide that the risks that could be associated with performing the new pacemaker firmware update for some patients may outweigh the benefits," it said in a note to pacemaker users. "If you do not receive the update, your pacemaker will continue to function as intended, and you can receive the update at any future time."

Legal Battle

The benefit of allowing the pacemakers to send and receive data wirelessly is that patients can pair them with a transmitter at home that monitors the devices as they sleep and can potentially alert them to medical problems.

A hedge fund, Muddy Waters Research, first warned the media in August 2016that the cardiac equipment had security flaws and claimed they could be exploited by "low-level hackers".

The investment company also revealed it had bet St Jude's shares would drop after it had been told of the issues by security company MedSec. "[St Jude's] apparent lack of device security is egregious, and in our view, likely a product of years of neglect," Muddy Waters said at the time.

St Jude responded by saying it stood behind the security and safety of its equipment and sued its accuser for defamation. However, shortly after Abbott bought St Jude in January, the FDA confirmed there were vulnerabilities in the company's wireless home monitor system, which were subsequently addressed.

Then, in April, the watchdog said Abbott had failed to properly investigate wider cyber-security concerns. Even so, the medical company's legal action against Muddy Waters continues.

Source: BBC