Tag Archive for Social Security number

| April 7, 2016
Comments Off on 9 Emails You Should Never Open

9 Emails You Should Never Open

9 Emails You Should Never OpenThe increasing pace of life coupled with mobile computing which bombards us with emails and messages, from more sources, and across more devices than ever before has created what Proofpoint calls a generation of trigger-happy clickers.

fake emails from cyber criminals.Trigger-happy clickers are falling more and more for fake emails from cybercriminals. These fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link according to the article. To put that into context a legitimate marketing department typically expects <2% click rate on their advertising campaigns.

So, despite the best efforts of security professionals, too many people are still falling prey to email scams at home and work. Whether it’s a get-rich-quick scheme or a sophisticated spearphishing attack, here are some emails to steer clear of:

1. The government scam

These emails look as if they come from government agencies, such as the IRS, FBI, or CIA. If these TLA’s want to get a hold of you, it won’t be through email.

2. The “long-lost friend”

tries to make you think you know themThis scammer tries to make you think you know them, but it might also be a contact of yours that was hacked.

3. The billing issue

These emails typically come in the form of legitimate-looking communications. If you catch one of these, log into your member account on the website or call the call center.

4. The expiration date

A company claims your account is about to expire, and you must sign in to keep your data. Again, sign in directly to the member website instead of clicking a link in the email.

5. You’re infected

you’re infected with a virusA message claims you’re infected with a virus. Simple fix: Just run your antivirus and check. In a recent twist, scammers claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.

Scammers have been peddling bogus security software for years. They set up fake websites, offer free “security” scans, and send alarming messages to try to convince you that your computer is infected with malware. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.

But wait it gets worse – If you paid for their “tech support” you could later get a call about a refund. The refund scam works like this: Several months after the purchase, someone might call to ask if you were happy with the service. When you say you weren’t, the scammer offers a refund.

Or the caller may say that the company is going out of business and providing refunds for “warranties” and other services.

The scammers eventually ask for a bank or credit card account number. Or they ask you to create a Western Union account. They might even ask for remote access to your computer to help you fill out the necessary forms. But instead of putting money in your account, the scammers withdraw money from your account.

6. You’ve won

you won a contest you never enteredClaims you won a contest you never entered. You’re not that lucky; delete it. It’s illegal to play a foreign lottery. Any letter or email from a lottery or sweepstakes that ask you to pay taxes, fees, shipping, or insurance to claim your prize is a scam.

Some scammers ask you to send the money through a wire transfer. That’s because wire transfers are efficient: your money is transferred and available for pick up very quickly. Once it’s transferred, it’s gone. Others ask you to send a check or pay for your supposed winnings with a credit card. The reason: they use your bank account numbers to withdraw funds without your approval, or your credit card numbers to run up charges.

7. The bank notification

An email claiming some type of deposit or withdrawal. Give the bank a call to be safe.

8. Playing the victim

emails make you out to be the bad guyThese emails make you out to be the bad guy and claim you hurt them in some way. Ignore.

9. The security check

A very common phishing scam where a company just wants you to “verify your account.” Companies almost never ask you to do this via email.

What To Do Instead of Clicking Links

In the case of your bank or other institution, just go to the website yourself and log in. Type in the address manually in the browser or click your bookmark. That way you can see if there’s something that needs taken care of without the risk of ending up on a phishing site.

In the case of your friend’s email, chances are that they copied/pasted the link into the message. That means you can see the full address. You can just copy/paste the address into the browser yourself without clicking anything. Of course, before doing that make sure you recognize the website and that it’s not misspelled.

Proofpoint’s bottom line is that unless you explicitly know and trust it, avoid it. That’s all there is to it. Make this a habit and you can avoid one of the biggest mistakes in internet safety.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| February 19, 2013
Comments Off on School Kids’ Data at Risk – Part 2

School Kids’ Data at Risk – Part 2

School Kids' Data at RiskIn the Huffington Post article, “In Push For Data, Schools Expose Students To Identity Theft” author Gerry Smith writes about the growing risk of school kids data being stolen across the country.

Read Part One here:

Data Quality Campaign, an organization that encourages states to build student databases argues that students’ Social Security numbers are useful for education policy by creating “enhanced analytical opportunities” for evaluating school curriculum. “The more important conversation is not whether states are collecting Social Security numbers, but how they are ensuring the privacy, security, and confidentiality of all personally identifiable information,” Laird said in a statement to the Huff Post. “We can’t speak to how Social Security numbers are collected and stored at the local level,” she added.

The article cites one survey that concludes student PII is not stored very securely. Only half of K-12 schools use data encryption, according to a survey of IT employees at K-12 schools nationwide. 72% cited budget constraints as the primary barrier to improving their IT security, according to the survey by Panda Security (PDF). Collecting PII in central databases with lackluster security is asking or trouble, “This is making a much bigger honey pot for people with malevolent purposes to gain access to children’s information,” Joel Reidenberg, a professor at Fordham University School of Law. He told The ID Channel, “It’s a meltdown waiting to happen.”

School districts in 26 states now ask for students’ Social Security numbers. The Michigan Department of Education states (PDF), “A school district cannot mandate that parents disclose the social security number of their children.” Huff Post states that Texas is one of those states where education officials use PII to connect K-12 records to higher education and workforce data, according to Debbie Ratcliffe, a spokeswoman for the Texas Education Agency.

Last year, the Texas agency asked eight school districts to send PII, including Social Security numbers, through the mail on unencrypted CDs for research purposes. The article reports that Laredo Independent School District learned the CD it sent got lost in the mail, exposing nearly 25,000 current and former high school students to identity theft, according to the Texas Tribune. Ratcliffe told The Huffington Post that the request came from an agency employee who operated “way outside” normal protocol.

Social Security numbers are useful enhanced analytical opportunitiesIt was not the only school data breach in Texas.

  • Beaumont school officials told parents that Social Security numbers belonging to an estimated 15,000 students were accidentally exposed online for nearly a year.
  • The San Antonio Independent School District told parents that names and Social Security numbers of up to 360 students were mistakenly made visible through a Google search.

Still, the Texas Education Agency has no plans to stop asking school districts for students’ Social Security numbers, Ratcliffe told the author. “We have so many databases that use them that it would require quite a bit of change to make that happen,” she said.

Texas has no plans to stop asking for students' Social Security numbersYet concerns over child identity theft have prompted at least five states — Nebraska, North Dakota, Washington, Maine and Wyoming. to create policies that restrict the collection and use of Social Security numbers in K-12 schools.

Jerry Coleman, director of school finance at the North Dakota Department of Public Instruction Coleman said in an interview, “To protect those Social Security numbers would be a hassle we don’t need,”

Parents can refuse to disclose their child’s Social Security number, and the student would be assigned a different identifying number. Ratcliffe, of the Texas Education Agency, said most parents disclose their child’s number anyway.

Parents can refuse to disclose their child's Social Security numberBut privacy experts say, in most cases, parents should keep that information to themselves. “When someone asks for your child’s Social Security number, say no,” said Aaron Titus, chief privacy officer for Identity Finder, which helps organizations protect sensitive data. “I have found about 90 percent of the time when I push back a little bit, I get my way.”

Data breaches leave people six times more likely to become victims of identity theft, according to a survey by Javelin Research. Schools warn parents to monitor their children’s credit after a data breach. The Huff Post says credit reports only turn up 1 percent of fraud on children’s credit histories because thieves pair children’s Social Security numbers with new names and birth dates, a study by Debix found.

More than 18,000 child identity theft complaints were reported to the Federal Trade Commission. But experts tell Huff Post that figures on child identity theft are likely much higher because the crime often goes undetected for years. ID Analytics estimates more than 140,000 children are victims of identity theft each year, based on a one-year study of those enrolled in the firm’s identity protection service. When child identity theft victims turn 18, they find their credit has been destroyed, preventing them from taking out loans or renting apartments.

rb-

Consumers Unions points out that Michigan law restricts how Social Security numbers can be used. In Michigan, SSNs cannot be printed on ID cards, intentionally communicated to the public, and/or publicly displayed or mailed within an envelope.

Related articles
    • Child Identity Theft: Warning Signs and Action (lexingtonlaw.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| April 24, 2012
Comments Off on States Collect More School Kid Data Than Needed

States Collect More School Kid Data Than Needed

States Collect More School Kid Data Than NeededStates often collect far more information about school students than necessary and fail to take adequate steps to protect their privacy, a national study by Fordham University concludes. The Washington Post reports that dossiers go far beyond test scores, including Social Security numbers, poverty data, health information, and disciplinary incidents.

PrivacyThe study from the Fordham University Center on Law and Information Policy casts light on data systems created at the urging of the federal government to track student progress. One finding: States often fail to spell out protocols for purging records after students graduate.

Ten, 15 years later, these kids are adults, and information from their elementary, middle, and high school years will easily be exposed by hackers and others who put it to misuse,” said Fordham law professor Joel R. Reidenberg, who oversaw the study. States, he told the Washington Post, “are trampling the privacy interests of those students.

No Child Left BehindThe movement toward statewide databases with unique student identifiers, rooted in the standards-and-testing movement of the 1990s, has grown significantly in this decade under the federal No Child Left Behind law and is getting a fresh push this school year from the Obama administration. The article says federal officials want to link student test scores to teacher files to help evaluate instruction. They also envision systems that track students from pre-kindergarten through college, to help raise college completion rates.

Nearly all states, have built or are planning virtual education “data warehouses,” aided by federal funding. Advocates say the warehouses have strong privacy protections, but they acknowledge potential shortcomings according to the author.

Data miningIs there data collected that’s not necessary anymore?” asked Aimee Guidera, executive director of the Data Quality Campaign, based in the District, which is funded by the Bill and Melinda Gates Foundation, among others. “Probably.” She cited Kansas and Tennessee schools as leaders in establishing rules for data control.

But a larger concern, Guidera said, is that states often lack “a strategic, thoughtful way of connecting information and using it to answer questions.

The Fordham study canvassed public information on state data systems and compliance with federal privacy law writes the Washington Post. Among the findings, at least 23 states note reasons for withdrawal from schools such as jail, illness, or mental health issues. At least 22 count student absences. At least 29 track whether students are homeless.

Data theftThe study also found that at least 16 states use or allow the use of Social Security numbers to identify school students and at least 10 note whether a student is a single parent. Another finding: Florida, Kentucky, New Jersey, and North Carolina track the date of a student’s last medical exam.

The Washington Post says Fordham recommended that states tighten protocols to keep data anonymous, with special provisions for those in local schools who need to know more; that they articulate reasons for collecting data and jettison what is unjustified; and that they appoint officers to oversee compliance with state and federal privacy laws.

Charles Pyle, a Virginia Department of Education spokesman, said data are protected through policies and programming that prevent unauthorized access. The data help the states comply with NCLB, he said, and help pinpoint student needs. “You need a statewide system to keep track of the kids,” Grover Whitehurst of the Brookings Institution, told the paper. He oversaw education research for President George W. Bush’s administration and claims, “Otherwise, they fall off the screen.”

rb-

The lackadaisical attitude toward data security and privacy I see in K-12 amazes me. This article tells me it’s a national problem. – Why don’t I feel any better about that?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Data protection | Tags: , , , , , ,