Cyber Security has become a big issue, especially lately.
I ran across an industry newsletter and thought I would share it. In this “Industry Newsletter” it explains what the issue is and how to protect your information and the information you are sending on your computer.
"We live in a different world!"
I myself have recently experienced the takeover of my Messenger and Facebook accounts, which I recently got back ownership of my own accounts in February AND someone has filed Unemployment Benefits against my Social Security number. I have NOT filed for unemployment. When discussing with my CPA, I learned that this unemployment (forgery) is running ramped and MANY people are experiencing the same; where they have not claimed or filed for Unemployment but are receiving notices about applied for benefits.
Here is a segment from the newsletter I received:
February 16, 2021
From: Cybersecurity Division, Department of Financial Services
Re: Cyber Fraud Alert
The Department of Financial Services (“DFS”) recently learned of a systemic and aggressive campaign to exploit cybersecurity flaws in public-facing websites to steal Nonpublic Information (NPI).
The unauthorized collection of NPI appears to be part of a growing fraud campaign targeting pandemic and unemployment benefits. Specifically, the hacks are focused on stealing NPI from public-facing websites that display or transmit consumer NPI. This includes websites that provide an instant quote such as an auto insurance rate using the consumers’ NPI and displaying redacted NPI back to the consumer, such as a redacted driver’s license number (“Instant Quote Websites”).
DFS urges all regulated entities (like a bank or insurance company) with Instant Quote Websites to immediately review those websites for evidence of hacking. Even if that NPI is redacted, hackers have shown that they are adept at stealing the full unredacted NPI. DFS has already received several reports from regulated entities that have detected both successful and unsuccessful versions of these cyber-attacks. An overview of hacking techniques seen to date is described below, as well as certain indicators of compromise (“IOCs”) that can signal that an attack has occurred.
In addition to data theft targeted at Instant Quote Websites, DFS is aware of increased attempts to steal NPI from other public-facing websites. All regulated entities with public-facing websites that display or transmit NPI – even redacted NPI – should be vigilant and should consider the recommendations below.
DFS also asks that any attempt to steal NPI from any public-facing website be promptly reported to DFS. Reports of unsuccessful attacks have been useful in identifying techniques used by the attackers and enable DFS to respond quickly to new threats to continue to protect consumers and the financial services industry.
I. The Cyber Fraud
DFS first became aware of this cyber campaign when it received reports from two auto insurers in late December 2020 and early January 2021, that cybercriminals were targeting their websites that offer instant online automobile insurance premium quotes (“Auto Quote Websites”) to steal unredacted driver’s license numbers. The insurers first noticed this activity because of an unusually high number of abandoned quotes or quotes not pursued after the display of the estimated insurance premium. On the Auto Quote Websites, the criminals entered valid name, any date of birth and any address information into the required fields. The Auto Quote Websites then displayed an estimated insurance premium quote along with partial or redacted consumer NPI including a driver’s license number. The attackers captured the full, unredacted driver’s license numbers without going any further in the process and abandoned the quote.
In January 2021, DFS alerted approximately a dozen regulated entities maintaining Auto Quote Websites that they were likely targets of hackers looking to gain access to New Yorkers’ NPI, specifically driver’s license numbers. Following that alert, six more insurers reported to DFS the malicious targeting of their Auto Quote Websites. Two of those insurers reported that the attackers failed to gain access to NPI and four reported that the attackers did gain access to NPI or that their investigation was still ongoing. We appreciate the engagement of our regulated entities and their prompt response to our earlier, limited alert.
This activity appears to be part of an overall increase in efforts to steal NPI, driven in part by increased fraud activity during the pandemic. Since the COVID-19 pandemic started, the U.S. has seen an unprecedented surge in benefits fraud. DFS has confirmed that, at least in some cases, this stolen information has been used to submit fraudulent claims for pandemic and unemployment benefits. Notably, the concerted effort to steal NPI from New Yorkers seems to have coincided with the implementation of enhanced identity requirements to obtain pandemic benefits in New York.
Reports to date have confirmed several methods that criminals used successfully (or attempted to use) to steal NPI from Auto Quote Websites:
- Taking unredacted NPI from the Auto Quote Websites’ Hypertext Markup Language (“HTML”) that was not displayed in the rendered webpage but visible in the HTML.
- Using developer debug tools to intercept and decode unredacted NPI. In some cases, developer tools were used on the public-facing website to access the HTML code and reshape website frames to view hidden NPI.
- Manipulating the technology used to redact portions of NPI by using web browser developer tools to access the parts of the websites that redacted data, therefore fully revealing the NPI on the public-facing website.
- Purchasing a policy, after requesting a quote, using fraudulent payment methods in order to view the policy owner's information, including his or her driver’s license number.
- Requesting a quote and receiving an agent’s contact information, and then calling the agent and using social engineering to elicit NPI from the agent.
These methods can be applied to any Instant Quote Websites and any websites that display redacted NPI, not just the websites of auto insurers. DFS is aware of evidence that this cybercrime activity is not limited to auto insurance websites.
DFS’s Cyber Intelligence Unit also has discovered communications on cybercrime forums offering to sell techniques to access driver’s license numbers from auto insurance websites and step-by-step instructions on how to steal them. Step-by-step instructions for stealing NPI from an auto insurer’s website were also found in an open-source repository, an online public archive for sharing and storing files. DFS’s Cyber Intelligence Unit further discovered similar offers from cybercriminals to sell access to, and techniques for stealing, NPI from public-facing websites of other types of financial services companies, such as mortgage lending providers and credit reporting bureaus.
All entities with a public-facing website that display or transmit redacted NPI – i.e. that use Instant Quote Websites -- are vulnerable to this type of data theft.