To read Part 1, “Anthem Grossly Negligent: 79 Million Unencrypted Records Stolen”, click HERE.
Step #2 – Use Two-Factor Authentication (2FA)
Most of the major sites – such as Google, Facebook, and Amazon – have 2FA as an optional feature. If you take a couple minutes to activate it in your settings, logging in will get slightly more complicated – which is a good thing.
Example: When you use Google’s version of this technology, you enter your username and password like normal and then enter the dedicated Authenticator app through your phone (regardless of the device you use to enter your username and password). “It’s easy, and worth the peace of mind,” advises Blue.
Step #3 – Consider Your Other Accounts
The email address listed within the Anthem network is now compromised.
Switch your Anthem password to something different, preferably using a random password generator.
You may know that it is important to diversify your passwords and thereby better divide your attack surface. On the other hand, if your Anthem password is also used with other accounts, change those ones as well.
Beyond looking at places where you reused the password, you also want to look at any accounts identified with the same email address. For those accounts, you want a new password; you also want a new email address if it serves as a username.
The problem with complex, individualized passwords is that they are difficult to remember. To simplify the use of dozens of unwieldy passwords, Blue recommends Blur and 1Password.
Acknowledging that the process of changing everything is tedious and time-consuming, she urges irritated customers to direct their frustration at the insurance carrier.
Step #4 – Contact Your Credit Cards
Although the insurer announced that payment data was not exposed, the attackers can destroy your credit and slam your card with fraudulent purchases.
Call the financial institution behind each of your charge accounts and let them know that your personal information was hacked.
“Your credit card’s customer assistance may be idiots in their response to you,” Blue warns, “but you need to get your warning on the record in case anything comes up later.”
Once you have reported the problem, you want to sign up to receive alerts when uncharacteristic charges post.
Maybe twice a week, log into your account to verify that your identity is not being misused.
Step #5 – Avoid Phishing Victimization
It is commonplace for confidential data to be incorporated into sophisticated phishing campaigns. The Symantec Phish-or-No-Phish Challenge, a web marketing award winner, is a quick and interactive way to learn more about this persistent threat. Microsoft also offers a step-by-step protection guide.
Be on the lookout for illegitimate notifications to reset your password or otherwise provide additional credentials to phishers. Ironically, those who know about the hack could be more vulnerable because they are expecting an email from Anthem about the incident. Don’t click any links or give any information. Call Anthem or the relevant organization if you have any doubts.
Step #6 – Thwart the Bypass
The Anthem password change system requires you to enter a member number or email address.
Keep in mind that a cybercriminal particularly wants access to your email. Why? That way they can conceal any real fraud-alert messages. To do so, they simply create a filter so that the alerts are removed from your inbox and show up elsewhere instead. Keep an eye on your trash, spam, and sent folders. If you log into your account one day and everything is missing from your spam box, that’s a good sign that a hacker is destroying evidence. “Change your email password immediately (on the spot),” Blue recommends, “and go into lockdown mode on all of your critical accounts.”
Step #7 – Keep Reset Locations Readily Available
If you ever have personal information stolen, you want to go to all of your major accounts, change passwords, and take a look at the preferences to see if anything has been manipulated.
Are you locked out of any accounts? In that case, you need recovery. Typically a specific process has been developed that allows users whose identities have been stolen to regain control.
PayPal and EBay aren’t known for outstanding support. Nonetheless, you may need to speak directly with a service if you experience a lockout:
- Google – Recover your account here.
- PayPal – Call 888-221-1161 from the United States or 402-935-2050 from other locations.
- EBay – Call 866-961-9253 and respond to the voice prompts with “Account” and “Someone has used my account.”
- Amazon – Sign in and visit “Contact Us” within the help section.
- Apple – Change your password here.
- Facebook – Follow the steps here.
- Twitter – Follow these instructions.
“Whatever you do, don’t feel overwhelmed or get upset,” Blue cautions. “Be methodical.”
Step #8 – Use a VPN
Beyond the advice offered by Blue, it’s also a good idea to set up a virtual private network (VPN) so that all your Internet use is encrypted. You can actually use a cloud virtual machine for that purpose. Here are a few comments from our many satisfied customers.
By Kent Roberts
Free use image via Wikipedia