Fight Identity Theft Blog

Medicare receives 4.4 million claims a day and approximately 1 out of 10 of those are fraudulent. All of the fraudulent claims add up to a large sum of wasted time and money and the government is trying to put a stop to it. The Department of Justice (DOJ) and the Health and Human Services (HHS) Office of the Inspector General have been working together to reduce fraudulent activity.

In 2008, the DOJ and HHS and the Centers for Medicare and Medicaid Services worked together through the criminal and civil systems to secure 588 criminal convictions, obtain 337 civil administrative actions against individuals and organizations who were committing Medicare Fraud, and recovered more than a billion dollars in health care fraud monies . . . To date in fiscal year 2009, the Department of Justice has already recovered nearly a billion dollars in health care fraud monies and recorded 300 convictions.

In addition to catching Medicare thieves the DOJ and HHS want to enable seniors to participate in the fight. They want to raise awareness about the kinds of fraud that are happening and give seniors the tools they need to deter, detect and defend!

Medicare Fraud Examples

Here are a few examples of how Medicare is scammed out of billions of dollars a year.

• Medicare is billed for services or equipment not received
• An unathorized person uses a Medicare card to receive treatment, supplies or equipment
• Medicare is billed for equipment after it has been returned
• A company offers an unapproved Medicare drug plan
• A company leads you to join a Medicare plan using false information

Deter

Medicare recipients need to keep themselves safe.

• Treat your Medicare number and Social Security number like gold. Avoid carrying them in your wallet or purse.
• Your Medicare number is not needed to get free equipment. If someone offers you free equipment and then asks for your Medicare number, run away or hang up the phone.
• Your number is for your use only. It is illegal for others to file claims with your Medicare number.

Detect

Learn to recognize common schemes. A few common fraud schemes are:

• Being approached in grocery stores, parking lots, on the street, etc. and being offered goods, services or help in exchange for your Medicare number. Just run away!
• Receiving a call from a  phone solicitor doing a health survey and asking for your Medicare number. Just hang up! They don't need your number to conduct a survey.
• Receiving a call from a telemarketer claiming to be with Medicare or Social Security asking for you to pay for equipment over the phone or the internet. Again, hang up!

Defend

It's critical that Medicare recipients check their statement summary sheets and look for:

• Were you charged for the same thing more than once?
• Are there doctor visit dates look unfamiliar?
• Were you over charged for a service?
• Were you charged for equipment or services that you didn't receive?

If you see any of these problems make a phone call to your provider or Medicare to get it resolved. It could just be a clerical error or it could be a fraudulent act that needs to be reported.

Help is Available

To some the task above may seem very overwhelming. The DOJ and HHS understand that seniors want to protect themselves but may not have the knowledge to do so. For this reason Senior Medicare Patrols (SMP's) were created. SMP's are groups or seniors, formed in communities, that help other senior citizens learn how to combat Medicare Fraud. They bring awareness to seniors in the community, teach seniors how to read and understand their Medicare summary statements and offer support.

• Use the www.smpresource.org web site to find a group in your area.

Medical identity theft and Medicare fraud are a huge problem that the government cannot tackle on its own. While they do their part it's important for senior citizens to do their part to protect themselves from medical identity theft and be on the watch for Medicare fraud.

Fight Back! Brochure

More detailed information is available in the Fight Back! Medical Identity Theft and Medicare Fraud brochure put out by the HHS.

HHS Even Webcast on Preventing Medial Identity Theft and Medicare Fraud

Video Points of Interest

• Time 7:11 Assistant Attorney General of Civil Division of DOJ, Tony West, discusses the consequences of Medicare fraud and the work of the DOJ and HHS partnership.
• Time 14:38 Inspector General, Dan Levinson, discusses new fraud education materials.
• Time 23:08 SMP volunteer, Joanne, discusses her experiences with Medicare fraud and her roll as part of the SMP in her community.

More information is available at Stop Medicare Fraud's website.

26% of Twitter messages contain links, half of which are from spammers and lead to malicious websites.

With only 140 characters per Twitter message, it makes sense to shorten URLs and leave characters to say what you have to say. But with shortened URLs you have no idea what your final web destination will be. A spreader of malware and malicious websites couldn't be happier!

Malicious Links in Abundance

Researchers at Kaspersky Labs have found that as many as one in every 500 links on Twitter lead to sites hosting malware. They have also discovered that about 26% of Twitter messages - tweets - contain links and about half of those are created by spammers and people with bad intentions.

The two most popular URLs that the Krawler found posted to Twitter so far passed through the system in September. Both directed users to online dating sites. One of the sites, getion.com, is known to have hosted malware in the past, Raiu said.

What Twitter is Doing

So why isn't Twitter doing something to keep its users safe?  Well, it is to an extent. In August Twitter started using a filtering system by Google to detect malicious URLs. The system checks the URLs against a blacklist and then either blocks the malicious URL from being posted or warns users to think before clicking on the link. However, the system only scans URLs that are shortened using the Bit.ly shortening service - the most commonly used on Twitter. Any links shortened using any of the over 200 other formats are not picked up by Twitter's filter.

Malicious URLs were discovered over a year ago before Twitter gained it's current level of popularity. Now, malware links regularly appear in "trending topics" where people are often checking to see what is the latest and greatest.

What You Can Do

• There are several companies that have developed more inclusive filters to sift through the shortened URLs on Twitter. Kaspersky has developed the Krab Krawler that currently examines 500,000 unique URLs a day. Of the URLs examined, 100 to 1,000 a day are sites hosting malware.
• AVG Technologies offers LinkScanner, a tool that scans and strips URLs of any malware that they may contain. Finjan Inc. has a tool, SecureTwitter, that sends out a warning message when a malicious URL is detected.
• You also have the option of expanding the shortened link before you click on it. The bit.ly blog has instructions on how to get the plug-in tool to expand bit.ly (and other) shortened URLs.
• Consider using stand-alone Twitter software such as TweetDeck. They will often provide filtering of their own and/or a preference item to expand shortened URLs before you click them.

Video Interview with Kaspersky Lab Malware Researcher Costin Raiu

 Read more at the Threat Level blog. Graph courtesy of Kaspersky Labs

Halloween is all about tricks, treats and pretending to be something your not. Scareware must think every day is Halloween.

Computer experts are reporting that scareware is on the rise. Scareware - a sneaky hacker technique used to steal personal information and spread viruses - is being found in more and more places online and even on trusted sites, like the New York Times.

"The recent scareware attacks are cropping up everywhere and can be found on even the most trusted Web sites online," said Alison Southwick, BBB spokesperson. "The threat of scareware undermines consumer trust in compromised Web sites, and on the Internet in general, but there are steps computer users can take to protect themselves."

How Scareware Tricks and Treats

Scareware usually presents itself as a pop up window on your computer that looks like it is from your computer. It gives some message that your computer has been infected with a virus that needs to be removed. Often the message tells you to go to the link provided to purchase and download anti-virus software. Once the software is purchased the download begins. Unfortunately, it is not anti-virus software that is being downloaded, but more viruses and malware.

If that weren't bad enough, now the hackers have your credit card information too.

This senario is playing out all over the internet. It was in mid-September that visitors to the New York Times web site started getting the infected pop up window. The New York Times traced the infected window back to an unauthorized ad. They later found out that the ad space was sold to hackers posing as Vonage.

But The New York Times is not the only site being affected and pop up windows are only half the story with scareware. According to Computer World Magazine, hackers are also "poisoning Google search results." Hackers monitor popular search topics and then create infected web pages with related content. They work to get those to the top of Google search results and when someone clicks a link in the search results - the infamous pop up window appears.

How to Protect Your Computer

Fortunately there are steps that you can take to protect your computer from scareware:

• Never let your guard down. It is a fact that scareware can show up on even the most trusted sites, Google, Twitter, The New York Times, etc.
• Protect your computer. Keep your operating system updated and install a good quality anti-virus program. We recommend the following packages: Norton 360 (includes backup and other features), Norton Internet Security 2010 (good all around option), or avast! (free and good), and keep it up to date. Also make sure that all security patches and updates are installed for your webrowser and programs like Adobe Flash Player.
• Take immediate action during an attack. If a scareware window opens up, force close it using the task manager and then run your trusted anti-virus software.

If you clicked on the link and have downloaded the software all is not lost, but things aren't good. The Washington Post offers advice on their Security Fix blog of how to rid your computer of the viruses and malware. But if you aren't computer savvy, you may think about calling a professional to clean up the mess.

UPDATE: An article from Wired magazine's Threat Level blog sheds more light on how web sites are being targeted for malware distribution:

Web ads have become much more advanced over the years and many now include scripts that provide data tracking and other functions. Because of this, crooks are working to have their "ads" run on popular websites. Their ads also contain scripts, but the code displays scareware instead of tracking clicks or views.

In the article, Gawker Media - a major blog network of sites like Gizmodo, LifeHacker, Jalopnik and others - was targeted for ad placement, but fortunately Gawker has a team of geeks that digs into the code of any ad and confirms that it contains no malicious code. I'm guessing the NY Times now is enforcing a similar policy (yep, it is now).

Heaven help us when we visit sites that have no such team of geeks to protect us from malicious ads...

Zone Alarm has made their excellent Zone Alarm Pro 2010 software available for download today - October 13, 2009 - free of charge. It will be available until 6am PST on October 14, 2009.

The free download has the following stipulations:

• License valid for one year (10/13/09 to 10/14/10)
• License valid for up to 3 PCs
• This offer is valid for new customers only
• Limit one per customer

The software is available for download here - http://download.zonealarm.com/bin/free/sum/index.html?cid=W100020