Major threat this month: Phishing attacks that seem to come from Citibank, Paypal, Citizens Bank and US Bank

Phishing attacks have been doubling every month. In a phishing attack, the thieves pretend to be sending you to a reputable site like Citibank and ask for your private data, so they can steal your money or your identity. Recent research reports that one in twenty people are fooled by these types of attacks, which is why the thieves keep at it.  One of our goals is to make sure you don't get caught in the scams.

Also this month, graphical spam is increasing. Spammers send you a picture of the offer instead of the text of the offer, so that your company or internet provider's spam blockers are powerless to stop them even if they use very bad language.

The attacks discussed here are the tip of the iceberg.

To be safe:

1. DON'T open email attachments from anyone unless you know the sender and you were expecting the attachment.

2. DON'T click on links in emails or web sites unless you can guarantee the email came from someone who is not trying to fool you and that the web site is actually the site you think it is.

3. DON'T disclose private information unless you initiated the need to do so.

What To Avoid This Month

I. Emails from people trying to get you to divulge private details. These are often trying to steal your identity (and your money)

I.1 Maintenance Update (from Citibank)
I.2 PayPal account limited
I.3 Citizens Bank Fraud Verification Process
I.4 Citibank with various subjects and possibly a time stamp
I.5 Attn: Citibank Update
I.6 "notice: US Bank"

II. Opening attachments that have interesting subjects and provocative text in the body of the email.  Several viruses (Beagle, MyDoom, Netsky) are still spreading rapidly because they fool you into thinking they come from a friend and have data you want to see. Remember: do not open unexpected attachments without checking with the sender to be sure the attachment is safe. If you break this rule, you will hurt a lot of other people - people you know - because your infected computer will send viruses to people in your address book.

More Details About The Phishing Attacks

I. Emails from people trying to steal your identity (and your money)

I.1 Maintenance Update (from Citibank)

The bait:

An email that looks as if it comes from Citibank saying the company "could not verify your current information," and asking you to update it.

What it tries to make you do:

Click on a link and tell them your credit Card information, social security number, date of birth and mother's maiden name.

Where you can see how it actually appears:

<http://www.antiphishing.org/phishing_archive/09-02-04_Citibank_(Citibank.com_Maintenance_upgrade.html>

I.2PayPal account limited

The bait:

An email that looks as if it comes from PayPal and says, "We suspect that your PayPal account may have been accessed by an  unauthorized third party."

What it tries to make you do:

Click on a link and tell them your email and your PayPal password.

Where you can see how it actually appears:

<http://www.antiphishing.org/phishing_archive/09-01-04_Paypal_(PayPal_account_Limited).html>

I.3 Citizens Bank Fraud Verification Process

The bait:

An email that looks as if it comes from Citizens Bank saying they suspect your account may have been accessed by an unauthorized third party.

What it tries to make you do:

Click on a link and tell them your ATM or debit card number and password.

Where you can see how it actually appears:

<http://www.antiphishing.org/phishing_archive/08-31-04_Citizens_Bank_(Citizen_Bank_Fraud_Verification_Process).html>

I.4. Citibank with various subjects and possibly a time stamp

The bait:

An email that looks as if it comes from Citibank saying, they are updating their software and asking you to click on what looks like a real Citibank url.

What it tries to make you do:

Click anywhere on the image (the entire scam is a single image) and then provide a wealth of very private information ranging from your ATM card and PIN to your mother's maiden name.

Where you can see how it actually appears:

<http://www.antiphishing.org/phishing_archive/08-27-04_Citibank_(various_subjects,_image-only_email).html>

I.5. Attn: Citibank Update

The bait:

"Click here" link in an email that seems to come from Citibank saying that they noticed one or more attempt to log into your account from a foreign IP address.

What it tries to make you do:

Click on a link and tell them your ATM card number and PIN and username and password.

Where you can see how it actually appears:

<http://www.antiphishing.org/phishing_archive/08-26-04_Citibank_(Attn_Citibank_Update).html>

I.6  "notice: US Bank"

The bait:

An email that seems to come from US Bank asking you to login.

What it tries to make you do:

When you click on the login button, it asks for your ATM Card number and PIN.

Where you can see how it actually appears:

<http://www.antiphishing.org/phishing_archive/08-25-04_US_Bank_(Notice_Us__BANK).html>

 

Copyright 2004, The SANS Institute. http://www.sans.org Permission is granted to copy and redistribute this material to whomever it will help.

December 3, 2003

PARAMORE CONSULTING INC. IS CHOSEN BY PRIVAPLAN ASSOCIATES, INC. AS ITS EXCLUSIVE HIPAA TCS CONSULTING PARTNER

Louisville, KY – December 3, 2003 – Paramore Consulting, Inc. (PCI) announced today its partnership with PrivaPlan Associates, Inc. as its exclusive HIPAA TCS consulting partner.

Recently, PCI contributed to the Transactions & Code Sets (TCS) tool inside the PrivaPlan 2.0 version and the powerful new PrivaPlan EDI/TCS module.  PCI understands the unique HIPAA challenges facing small healthcare organizations and has developed a TCS Starter Kit, featuring the PrivaPlan tool.  This solution provides both the tool and the services needed to reach compliance on a budget.

Miriam Paramore, President and CEO of PCI, says “Small healthcare organizations have the most difficulty waded through the HIPAA rules.  We have been happy to use the PrivaPlan tool as part of our service of Privacy and Security offerings to smaller organizations, and have seen that it is very effective.  We are proud to extend our relationship with PrivaPlan into the TCS arena.  We look forward to providing high quality yet cost-effective HIPAA TCS consulting support to PrivaPlan customers.”

David Ginsberg, President of PrivaPlan Associates, Inc., says ”PCI has established themselves as an industry expert in the TCS consulting arena especially with hospitals and health plans. They provide a powerful alternative to the ‘big’ consulting houses and using the PrivaPlan tools can deliver services to this sector in a timely, accurate, and very cost-effective manner. PrivaPlan is equally proud to support PCI and recommend them as our TCS consulting partner.”

For more information regarding TCS and to sign up for our newsletter featuring important HIPAA Testing Tips, please go to: www.paramoreconsulting.com.

About PrivaPlan Associates, Inc.

PrivaPlan Associates, Inc., a leading source of HIPAA Privacy, Security, and electronic data interchange/transaction code set (EDI/TCS) expertise, offers HIPAA solutions that are viable for healthcare providers as well as health plans including self-insured group plans.PrivaPlan customers range from small to large medical practices, hospitals, and health plans.  It is the only comprehensive, low-cost, continuously updated HIPAA Privacy and Security compliance resource that has been endorsed by medical associations and insurance companies nationwide and is available in customized versions for select states. For more information, visit www.privaplan.com.

About PCI

Founded in 1997, PCI helps healthcare organizations develop and implement the strategies needed to do business electronically.  PCI’s consultants are nationally recognized healthcare industry leaders and HIPAA experts.  Specializing in Revenue Cycle Solutions, HIPAA compliance, and ecommerce/EDI operations, PCI offers professional services to providers, payers and vendors.  PCI’s services are innovative, targeted, and affordable giving its client access to the best knowledge base in the industry.  For additional information on PCI’s services, please visit www.paramoreconsulting.com. 

Contact:
Nicole Ryan
502-429-8555
nicole.ryan@hipaasurvival.com

August 18, 2003

PRIMA and PrivaPlan Announce Partnership on HIPAA Compliance Solutions

Approaching October 16 deadline looms for getting paid under HIPAA

Arlington, VA/Santa Fe, NM, August 18, 2003.  The Public Risk Management Association (PRIMA) and PrivaPlan Associates, Inc. announced today that they have formed an education partnership to assist PRIMA members in meeting the complex requirements of HIPAA compliance.

PRIMA and PrivaPlan Associates will offer a series of monthly audioconferences on critical aspects of HIPAA compliance that are specifically relevant to PRIMA members.

In addition, PrivaPlan is offering its nationally acclaimed HIPAA compliance interactive CD-ROM to PRIMA members at a discount.

PRIMA’s primary goal is to provide practical education and training for public sector risk management practitioners.  Given the complex requirements that many public entities have under HIPAA, PRIMA’s responsibility to its members is to help them make sure they meet the complex and imminent HIPAA requirements.  PrivaPlan is doing this through educational audioconferences and discounts on HIPAA solution products that have a well-established and excellent track record in the field and have received high acclaim in the industry. 

David A. Ginsberg, president of PrivaPlan Associates, Inc. said, “We are honored to partner with PRIMA in offering solutions and support to their members in every aspect of HIPAA compliance.  We know how confusing these fast-approaching deadlines can be, and we want to provide easy solutions and clear directions for PRIMA members. From our low-cost comprehensive CD-ROM which addresses both privacy and security to our complementary products on EDI/TCS (electronic data interchange and transaction code sets), self-insured plans, and HIPAA forms and labels, along with a free email discussion support group, we offer every aspect applicable to PRIMA members.  We’re committed to doing everything possible to meet their needs.”

PRIMA/PrivaPlan audioconferences on HIPAA compliance will be posted on both PRIMA and PrivaPlan websites. The first audioconference on “Getting Paid Under HIPAA After October 16, 2003 – What All Public Entities Need to Know!” will be on September 15th. 

For more information about PrivaPlan Associates, Inc., you can access their website at www.privaplan.com or call 1.877.218.7707.

October 10, 2002

Connecticut State Medical Society, PrivaPlan Associates Partner to Provide Cost-Effective HIPAA Privacy and Security Compliance Solution

NEW HAVEN (October 10, 2002) -- The Connecticut State Medical Society (CSMS), in conjunction with state County Medical Associations, the Connecticut Medical Insurance Company (CMIC), and the Connecticut State Medical Society – IPA (CSMS-IPA), has partnered with PrivaPlan Associates, Inc., to introduce the first cost-effective HIPAA Privacy and Security Compliance solution for Connecticut doctors.

Santa Fe-based PrivaPlan Associates, creators of the nationally available PrivaPlan™ HIPAA Privacy and Security Compliance Resource Kit, created a customized version of the HIPAA Resource Kit specifically for Connecticut doctors.  Available in interactive CD-ROM format, PrivaPlan’s Resource Kit incorporates both Connecticut law and Federal HIPAA Privacy requirements, making it a one-of-a-kind resource that is easy to follow, comprehensive, and cost-effective.

In addition, PrivaPlan, through the various County Medical Associations of the Connecticut State Medical Society, is offering free regional seminars to those who purchase the PrivaPlan Resource Kit.  The seminars will take place in Norwich, Norwalk, Waterbury, New Haven, and Hartford, at various times from October 15 – 18, 2002.  For times, dates and locations, please contact CSMS at (203) 867-0587 or visit www.csms.org .

 “The Connecticut State Medical Society is endorsing the PrivaPlan HIPAA Compliance Resource Kit because it addresses comprehensively the specific needs of our members,” said Timothy B. Norbeck, Executive Director, CSMS.   “Additionally, PrivaPlan’s free October seminars are a wonderful opportunity for our members to learn more about the compliance changes from the experts.” 

In addition to working with CSMS, PrivaPlan is the only company nationally that has worked with numerous state medical associations, professional liability carriers and other organizations to present HIPAA privacy and security compliance solutions, including those in California, Louisiana, Montana, Colorado, New Mexico, and Mississippi.

“Change can instill fear in people and organizations,” says David A. Ginsberg, president of PrivaPlan.  “To take the fear out of the upcoming HIPAA requirement changes, PrivaPlan worked very closely with the leadership at CSMS to ensure Connecticut doctors a comprehensive solution for HIPAA Privacy and Security compliance. The PrivaPlan CD-ROM solution is easy to follow, technically excellent, and very affordable.”

The PrivaPlan HIPAA Compliance Resource Kit will be available to CSMS members, or CMIC policyholders, at a discounted price. CSMS is accepting orders immediately.  CSMS members can order online through CSMS at www.csms.org , or by phone by calling PrivaPlan at (877) 218-7707.

PrivaPlan Associates, Inc. produces the PrivaPlan™ HIPAA Privacy and Security Compliance Resource Kit, an extensive, economical compliance resource kit on CD with online support.  It also conducts workshops on HIPAA compliance.  For more information, visit www.privaplan.com.

October 1, 2002

Louisiana State Medical Society Endorses PrivaPlan HIPAA Privacy and Security Compliance Resource Kit

SANTA FE, N.M.  (October 1, 2002) -- The Louisiana State Medical Society (LSMS) has endorsed the HIPAA Privacy and Security Compliance Resource Kit developed by PrivaPlan Associates, Inc. Santa Fe, and available in interactive CD-ROM format. 

“The Louisiana State Medical Society evaluated a number of HIPAA solutions for our physician members.  After careful consideration we chose the PrivaPlan™ HIPAA Compliance Resource Kit, and we are endorsing its use for our members,” said Amy Phillips, Esq., director of legal affairs and general counsel for LSMS. 

In addition, the Louisiana State Medical Society has developed a comprehensive package of services built around the PrivaPlan Resource Kit to help members implement their compliance program.

“We’re impressed by PrivaPlan’s comprehensive, easy-to-use and affordable solution to the complex HIPAA compliance regulations,” said Phillips. “We’re committed to helping our members navigate these difficult waters.”  

“Our goal at PrivaPlan is to offer a resource kit that contains everything a health care provider needs to conduct a HIPAA privacy and security compliance project, and to sell the kit for a price that every health care provider can afford,” says David A. Ginsberg, president of PrivaPlan.

The PrivaPlan HIPAA Compliance Resource Kit will be available to LSMS members at a discounted price of $360 .  LSMS is accepting orders immediately.  LSMS members can order online through LSMS at  www.legalaffairs@lsms.org, or by phone from LSMS at (800)375-9508.

PrivaPlan Associates, Inc. produces the PrivaPlan™ HIPAA Privacy and Security Compliance Resource Kit, an extensive, economical compliance resource kit on CD with online support.  It also conducts workshops on HIPAA compliance.  For more information, visit www.privaplan.com.

August 15, 2002

California Medical Association Partners with PrivaPlan on HIPAA Compliance ToolKit

• CMA-PrivaPlan ToolKit to Be Customized for California Law
• Offered at CMA Member Discount

SANTA FE, N.M. (August 15, 2002) – The California Medical Association (CMA) has endorsed a HIPAA compliance resource kit developed by PrivaPlan Associates, Inc., Santa Fe, and available in interactive CD-ROM format. CMA, in a unique agreement with a private partner, is customizing the program so that it complies with California law, and will offer the kit at a discount to its members and make it available to non-member physicians and other health care providers.

"We are delighted to partner with PrivaPlan to offer a HIPAA compliance resource kit that is comprehensive, easy to use and affordable," said John M. Whitelaw, M.D., president of CMA and a Sacramento physician.

"We are impressed by CMA’s commitment to helping its members navigate through the complex HIPAA regulations. Our goal at PrivaPlan is to offer a resource kit that contains everything a health care provider needs to conduct a HIPAA privacy and security compliance project, and to sell the kit for a price that every health care provider can afford," says David Ginsberg, president of PrivaPlan.

The CMA-PrivaPlan ToolKit on CD will be sold to CMA members at a discounted price of $325. It will retail to non-members for $495. CMA and PrivaPlan are accepting orders immediately. Until the customized CD is ready this fall, purchasers will receive the non-customized CD first and, for no additional charge, the customized CD when it is available. Order online through CMA at www.cmanet.org or by phone from PrivaPlan at (877) 218-7707.

CMA is the professional organization of 35,000 physicians from all specialties and modes of practice throughout California.

PrivaPlan Associates, Inc. produces the PrivaPlan™ HIPAA Privacy and Security Compliance Resource Kit, an extensive, economical compliance resource kit on CD with online support. It also conducts workshops on HIPAA compliance. For more information, visit www.privaplan.com.