Anthem: Next Steps to Regain Online Security

The recent incident at Anthem has possibly exposed the data of 80 million present and past clients. If you are in one of these groups there are several things you can do to protect your identity. Unfortunately, the data that was captured will be used for one purpose, to take over your identity. This can include: filing fraudulent tax returns, opening new accounts that can be maxed out in hours, using medical ID account numbers to purchase drugs and services, and other innovative ways to profit from people’s hard earned credit and trustworthiness.

Here are some basic steps that will help you protect yourself. You may need to do all of them or some of them. The ones in red are considered mandatory for everyone. Time is also of the essence. Hackers are already sending phishing emails trying to trick people looking for information about the hack. Get ready it is just the beginning.

First the facts:

WHO & WHERE
The hack affected a wide variety of Anthem brands, including Anthem Blue Cross; Anthem Blue Cross and Blue Shield; Blue Cross and Blue Shield of Georgia; Empire Blue Cross and Blue Shield; Amerigroup; Caremore; Unicare; Healthlink; and DeCare. Both present and past client’s information was stored on these servers. Even you haven’t been with one of these companies in a long time, you could still be affected.


WHAT WAS TAKEN
As of the latest notice Anthem disclosed that the following information could have exposed full names, Social Security numbers, birthdays, addresses, email and employment information, including income data.

1. Expect to receive Phishing Emails and Phone Calls using social engineering to get you to offer up personal information.

Phishing is an attempt to trick you into giving away valuable information, often by getting you to log into what you believe to be a legitimate site, thereby giving the attacker your username and password so they can log in to the actual site. They do this by tricking you to click a link or visit an infected website, or even calling you on the phone and having you visit that website. Phishing scams can last up to 10 years or more now that they have your name and social security… Expect it. Also, make sure your parents and grandparents realize this will happen so they know how to respond. Banks and credit card companies will NEVER send an email or phone you to update security information or ask for personal information such as passwords or pins. NEVER.

Never click on a link or call a phone number in any email or phone call you receive. Always use a known number or bookmark to contact the account holder and confirm any problems. Prilock Security offers a security awareness training that shows people what to expect and how to avoid these attacks.

2. You can no longer trust the senders email address, caller ID for calls or text messages, or Instant Message ID. They can all be spoofed or faked. Tell everyone you know.

This is nothing new but more critical than ever before. Apply a reasonability test to all emails that want you to click a link, open an attachment, call a number, or visit a website. Enough said.

3. Sign up for free Credit Monitoring offered by Anthem

You will receive an email and physical letter informing you of the incident and the additional protections Anthem will be offering. One of these is usually a full year of credit monitoring. It is strongly recommended that you sign up for it. You should also periodically check with the Anthem website for updates and information regarding this incident.

4. Change passwords and login usernames with all accounts associated with your Anthem account.

Remember, your information will be available to cyber criminals all over the world. Protect yourself in every way possible. The email address you use for your Anthem account is now the target for cyber thieves. In a perfect world, you would change that address completely; however, sometimes you can’t. That email address is like having a key to your home’s front door lying in the middle of the street. In a few months, there can be hundreds of those keys lying on the street as these ID’s can and will be sold and resold for months to come in the Deep Web. If possible, change that address as soon as possible.

Make a list of all the accounts also linked to that email address, and change those passwords as a precaution.If that email address is a login (user name) on any accounts, you should change that to a different email address too. Also, always make sure you use strong passwords. Prilock Security awareness training offers easy tips to create and remember strong passwords. Make sure your passwords use upper, lower case letters, numbers and symbols and are at least 8 to 10 characters in length.

This is where using a password manager can be very helpful. Yes, there is a small learning curve, but if not now, when? LastPass and 1Password are good programs to consider for this. Never allow your browser to store or save your passwords, NEVER. This makes it easy for cyber thieves to find that file and all your accounts, logins, and passwords.

5. Activate two-factor authentication at all accounts where it is available.

What is two-factor authentication?

Two-factor authentication adds a second level of authentication to an account login. When you have to enter only your username and one password, that's considered a single-factor authentication. Two-factor authentication requires the user to have two out of the three following types of credentials before being able to access an account.

  • Something you know, such as a Personal Identification Number (PIN), password, or a pattern
  • Something you have, such as an ATM card, phone, or fob
  • Something you are, such as a biometric like a fingerprint or voice print

USE 2 FACTOR AUTHENTICATION FOR ALL ACCOUNTS WHERE IT IS AVAILABLE.

6. Place a Credit Freeze or Fraud Alert ASAP with the Credit Bureaus.

A security freeze is one of the top ways to prevent identity theft: no one can check your credit without your permission. A Fraud Alert is a cautionary flag, which is placed on your credit file to notify lenders and others that they should take special precautions to ensure your identity before extending credit.

Security Freezes

A Security Freeze is a more dramatic step to protect your credit. Placing a Security Freeze will prevent lenders and others from accessing your credit report entirely, which will prevent them from extending credit. With a Security Freeze in place, even you will need to take special steps when you wish to apply for any type of credit.

Because of more stringent security features, you will need to place a Security Freeze separately with each of the three major credit-reporting companies if you want the freeze on all of your credit files. A Security Freeze remains on your credit file until you remove it or choose to lift it temporarily when applying for credit or credit-dependent services.

Note: This service will cost approximately $10 to place each Freeze and another $10 to remove it. You can remove the freeze to apply for new credit cards or loans and when they are complete replace the freeze. Also, if you are feeling vulnerable at this time, a Security Freeze is the maximum protection you can deploy.

Fraud Alerts

A Fraud Alert is a cautionary flag, which is placed on your credit file to notify lenders and others that they should take special precautions to ensure your identity before extending credit. Your initial fraud alert stays on your record for 90 days, and you can renew it as often as you like. If you are already the victim of fraud, you can request an extended fraud alert - the alert will last for 7 years instead of 90 days. The credit agencies require a police report substantiating that you have been the victim of identity theft.

When you place a Fraud Alert, you can provide a mobile or other phone number for lenders to contact you to verify that the party applying for credit is actually you, and not a fraudster.

Here are the links to place a freeze at the major credit bureaus:



Here are the links you'll need to set fraud alerts:

7. Set alerts on your charge accounts and monitor your accounts at least a twice per week.

Although Anthem said credit card information wasn't stolen,it is always better to be safe than sorry. Setting alerts on your charge accounts is a good step to do anyway, but it can create some hassles when you make unusual purchases that are not normal for you. Notify each card that you are the victim of a data breach and ask to set an alert for your credit card for unusual charges. Gas station charges, or charges out of the country, or charges over a certain amount will be flagged.

One of the best things you can do is to login (on a secure computer not using public Wifi) and check your recent activity on your credit cards and bank accounts. If you use a mobile device make sure you only use an app provided by your bank. This is the fastest way to see criminal activity in your accounts. If you catch it in the first 2 to 36 hours often the banks can reverse the charges. After that, you may have a lot of work ahead to recover funds.

8. Review all your Social Media Accounts for Privacy Settings and over Sharing information that can be used against you.

Once a hacker has your basic contact and identifying information the next step is often to build a profile of your life. Social media is a hackers dream come true. With some simple steps like spoofing (impersonating) a friend or colleague with a friend request they can quickly gain access to your inner circle…assuming your privacy settings are not set to public.

Personal information like schools attended, date of birth, family and pet names, and other personal information should be held to a minimum. It is harder when reviewing LinkedIn accounts so note that anything you have posted online, can and will be used to trick you.

9. Keep an eye on the trash, sent folders in your email account.

When someone malicious starts stealing your accounts and resetting your passwords, one thing they'll do is get into your email account without your knowledge, and set a filters so that any emails notifying you about changes to online accounts will go straight to your trash folder-- so you don't see what's happening.

Watch your email account's spam, sent and trash folders for unusual activity, and if your trash or spam folders magically empty themselves, change your email password immediately (on the spot), and go into lockdown mode on all of your critical accounts.

10. File your taxes ASAP

Hackers only need two pieces of your ID to fake a W2 and submit a tax return. There is already a major amount of tax fraud and many people are being notified by the IRS that their returns have already been filed and processed. This is a nightmare you don’t need. File your returns ASAP.



We now live in a time where we have to change some of our online habits or suffer the consequences. These are basic steps that can help you be safer online and help protect your digital reputation.

Prilock offers additional steps and tips that are not technical and can be applied by everyone from CEO’s to Senior’s, Mom’s to Managers. Get started now and sleep better tonight, knowing you have taken some simple steps to be safer.


Subscribe to Our Newsletter for the latest news & alerts on scams and free security software.

Copyright © Prilock Security 2017 All Rights Reserved