Sign up for the #DataInsecurity Digest

Welcome to The #DataInsecurity Digest, a publication of the National Consumers League, which has been advocating for Congress and the Administration to pass comprehensive data security protections for years.

Since 2015, The #DataInsecurity Digest has delivered important, consumer-focused data security news, policy analysis, and information about upcoming events directly to subscribers’ inbox biweekly.

Curated by NCL’s Vice President of Public Policy, Telecommunications, and Fraud John Breyault, the publication is a collection of the latest coverage and analysis of data security issues by trusted authors, with commentary offered by Breyault.

We’d love your feedback! Drop author John Breyault a line at johnb@nclnet.org to tell him what you think!

Scammers coming out of woodwork to prey on vulnerable

Today’s economic news is grim. Nearly 40 million Americans have found themselves without employment due to the COVID-19 pandemic. For the newly jobless, state unemployment insurance benefits are a lifeline that helps them keep the lights on and provide food for their families. Unfortunately, the combination of billions of dollars in federal stimulus money flowing to state unemployment funds and the tens of millions of new claimants has created a once-in-a- lifetime opportunity for identity thieves: unemployment benefits scams.

According to the Secret Service and media reports, organized rings of criminals are working to siphon off unemployment insurance payments, potentially worth hundreds of millions of dollars, intended for workers who have been laid off due to the COVID-19 pandemic. In the state of Washington, for example, scammers reportedly made off with nearly $1.6 million in a single month. This scam is reportedly even affecting consumers who have not yet lost their jobs.

The recent spike in this type of scam is unfortunately not unique. When news captures the public’s attention—think major hurricanes, terrorist attacks, and economic slowdowns—scammers come out of the woodwork to take advantage of legitimate fears and concerns. In today’s coronavirus environment, there is an unprecedented opportunity for criminals to use the public’s fears about the virus and the resulting economic downturn to defraud consumers.

Since the pandemic began, NCL’s Fraud.org project has seen an uptick in complaints about a variety of scams preying on increasingly vulnerable, financially strapped, and fearful consumers.

“Scammers running phishing schemes, stimulus check fraud, and even pet adoption scams have all been working overtime to use the COVID-19 pandemic as a way to defraud consumers,” said John Breyault, director of NCL’s Fraud.org campaign. “We forecast these scams will continue to increase and evolve and are eager to get the word out about how Pennsylvanians can protect themselves.”

Over the last several months, NCL has devoted monthly Fraud Alerts to giving consumers the tools to spot and avoid some of the many types of scams related to COVID-19. Alerts have featured the most pernicious types of scams that are increasing due to coronavirus, ranging from job scams to increased reports of fraudulent robocall activity.

“As the coronavirus has upended daily life, robocall operators have quickly shifted to blasting out spam phone calls offering all manner of coronavirus-related products and services,” said Breyault. It’s estimated that at least one million robocalls per day are inundating Americans’ cell phones. Fraudulent robocallers are offering air duct sanitation services, work-from-home opportunities, cut-rate health insurance, and immune-system boosting nutritional supplements. Other robocalls have reportedly offered free insulin kits to diabetics, along with free coronavirus testing kits.

“At best, consumers who respond to these calls are setting themselves up to lose money for a non-existent product or service,” said Breyault. “At worst, delaying needed emergency treatments on the belief that a fake coronavirus treatment will save your life could be deadly to you and those you come into contact with.”

In May, NCL hosted a virtual fireside chat with Pennsylvania Attorney General Josh Shapiro and a panel of consumer protection experts on the growing threat of scams linked to the COVID-19 pandemic. NCL’s Breyault and AG Shapiro discussed what they are hearing from consumers, tactics for reaching the most vulnerable populations, and the importance of collaboration for getting key messages out to consumers.

“The work [NCL] is doing to get the word out is so important,” said General Shapiro. “There will be some people who hear my voice, and some people who hear your voice. But the key is that collectively we are warning people about scams and that we’re working together to share actual information—not myths—and not propaganda by one group or the other.”

NCL urges Administration to take action to combat COVID-themed fraud, patient harms online

April 10, 2020

Contact: National Consumers League – Carol McKay, carolm@nclnet.org, (412) 945-3242 or Taun Sterling, tauns@nclnet.org, (202) 207-2832

Washington, DC – April 10, 2020 – The National Consumers League (NCL), in partnership with 42 patient and provider advocacy, public health, industry, and research groups, has issued joint letters to Vice President Mike Pence, the U.S. Department of Justice (DOJ), U.S. Federal Trade Commission (FTC), U.S. Food and Drug Administration (FDA), and other state and federal leaders calling for swift action to protect consumers against COVID-19 misinformation, scams, and fraud online.

“NCL commends the White House Coronavirus Task Force and other officials for their dedication in responding to the coronavirus crisis,” said NCL Executive Director Sally Greenberg. “The COVID-19 pandemic makes your work against healthcare and financial fraud more important now than ever. However to further flatten the curve and save lives, we urge the Administration to quickly implement increased evidence-based actions and to help protect consumers from predatory attempts to take advantage of our new economy.”

Since the start of the pandemic, criminals launched thousands of COVID-specific global scams and phishing attacks, using the coronavirus crisis to profit at patients’ expense. “Criminals have exploited the fear and confusion caused by the coronavirus for their own personal profits. More must be done to mitigate the health and financial harms experienced by consumers nationwide,” said Greenberg. In the past few weeks alone, more than 100,000 website domain names have been registered containing terms like “covid,” and “corona,” most of which have been found to be outright dangerous. The Federal Trade Commission indicated receipt of nearly 14,000 coronavirus-related complaints totaling fraudulent losses nearly $10 million.

NCL has long called for increased regulation and enforcement against illegal online acts that result in public health and economic harm. The joint letter encourages the Administration to move swiftly to enact and enforce existing no-cost solutions to better protect consumers. Additionally, it calls on the Administration to  ground their efforts in science, address systemic internet policy problems and prepare for an ongoing wave of COVID-19 related scams during the economic downturn.

Co-signers of the letters include Alliance for Safe Online Pharmacies, BIO, Coalition for a Safe and Transparent Internet, Consumer Brands Association, Kroll, Lilly, LegitScript, and USP. The full letter can be read here.

###

About the National Consumers League

The National Consumers League, founded in 1899, is America’s pioneering consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.

 

How consumers must respond to the security threat inside nearly every computer

Nearly two years ago, researchers revealed flaws in the chips of virtually every computer made since the mid-1990’s. The flaws—primarily found in Intel’s chips—create a vulnerability that can be exploited by allowing hackers to obtain unauthorized access to privileged information.

Since the initial exploits were first exposed, new versions have continued to be discovered—the most recent of which was found this past NovemberWhile software “fixes” have been released, they tend to reduce the speed and performance of computers—as much as 40 percent, according to some reportsIn additionsince the flaw is hardware-based, the “fix is only good until the next exploit is discovered. 

At the time of the discovery of one of the “worst CPU bugs ever found,” there was significant alarm expressed in the news as well as across the cybersecurity communitySince that timepublic attention has waned. Unfortunately, the problem has only grown worse. And while there has been considerable discussion of the impact these flaws have on businessesthe impact on consumers has been somewhat overlooked. 

That’s why NCL’s #DataInsecurity Project recently released a paper detailing the threat that these bugs—with scary names like MeltdownSpectre, and Zombieloadpose to consumers, their data, and the performance of their computers.  

Every organization or individual running a server or computer with affected hardware should take action to protect themselves. Unfortunately, consumers are less likely to know what to do or have the resources to do it, leaving them more exposed 

For example, consumers are more likely to be running older or outdated software. Consumers are also likely to keep their computers much longer than a business, making their hardware older as well. The way these flaws work, older hardware generally sees a greater slowdown when the security patches are applied. 

Additionally, the small businesses that consumers interact with may also be running “legacy” hardware or software. These businesses may not be able to afford the high cost of additional servers to offset the speed loss from the patches or of entirely replacing old systems. This difficult choice for small businesses could mean that some decide against applying patches – with potentially severe consequences for consumers’ data security.  

Google has taken preemptive steps to protect consumers, but it also warned that as a result of these security measures, “some users may notice slower performance with some apps and games.” Apple, conversely, has offered software patches but left other security measures as an “opt-in” for consumers.  

So, while consumers may not face the same type of risk as businesses, they do face a lot of challenges when it comes to addressing these exploits. Consumers already live in heightened threat environment, filled with phishing emails and computer viruses. They shouldn’t have to choose between the security of their data or the performance of their computers.  

To learn more about these issues and the best way to protect yourself, you can find NCL’s white paper here.

Consumer group: Capital One breach highlights need for Congressional action on data security legislation

July 30, 2019

Media contact: National Consumers League – Carol McKay, carolm@nclnet.org, (412) 945-3242, or Taun Sterling, tauns@nclnet.org, (202) 207-2832

Washington, DC—Just one week after consumers received relief from the massive Equifax breach, yet another massive breach—this time at Capital One bank—is placing consumers at risk, yet again, of identity theft. 

In one of the largest financial breaches in history, more than 100 million Capital One accounts and 140,000 Social Security numbers were reportedly compromised. As was the case in previous breaches, the Capital One breach appears to have stemmed from a third-party cloud hosting vendor that stored Capital One’s data. 

The National Consumers League (NCL), the nation’s pioneering consumer and worker advocacy organization, is calling on Congress to immediately pass comprehensive privacy legislation and protect highly personal data. 

“Consumers are sitting ducks if big banks like Capital One, giant hotel chains like Marriott, and credit scoring companies like Equifax don’t take the necessary steps to protect our data,” said John Breyault, NCL’s vice president of public policy, telecommunications, and fraud. “When companies like Capital One are sloppy in protecting consumers’ data, it allows hackers steal consumer information which ultimately fuels identity theft and other frauds against us.” 

“More than five years after hackers compromised the personal information of nearly 110 million Target customers, criminals are still breaking through supposedly strong firewalls and stealing consumers’ personal data from companies. Any data security legislation must require that consumer data be protected with strong fines and criminal penalties for failing to do so,” said NCL Executive Director Sally Greenberg. 

###

About the National Consumers League

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.