Posted on 12/01/2023 12:13:11 PM PST by Sequoyah101
Please suffer me this infrequent vanity post. I want to make readers aware of what looks to me like a hazard and see if anyone else has heard of it or knows how it can be done. We have some smart people on many subjects in these pages.
It looks to me like AARP-United Health Care may have some kind of security problem and since Wednesday morning and 5 calls, 2 with supervisors, I have gotten no satisfaction to correct it or protect my account. Maybe someone on here understands what is taking place. I don't unless someone is either tracking key-strokes or is hijacking accounts or something else. Here is the story so far:
I logged on Sunday night through the myAARPmedicare.com portal as per usual. My mission was simply to confirm the user information, that my payments are current and such.
I was shifted to United Health Care from the myAARP site as usual and logged in using my password and it was accepted. I use two part verification and so the screen pops up saying a text message will be sent with the proper security number in the two part verification. My phone chimed and there it was, a text message with a number that I then put into the proper spaces and Voila!, I'm in.
I checked the profile data, the subscriber ID number and payments. All appeared to be in order and I thought nothing more of it until Wednesday morning.
In looking at my text messages Wednesday morning I noticed one from a strange phone number from 9:02 PM Sunday night, the time I logged in to UHC. The text message didn't look right and so I verified the time of the text and my online activity via my browser log, all looked correct, I had used the right URL. It was from the same time I logged into UHC and sure enough, it was the text with the security number. Problem is and what prompted me to call UHC to tell them I suspect a security problem is that the text message just had the security number, nothing more. I have never seen that before. The security codes always come with a message saying something like, "this is your security number form UHC, do not give it to anyone else". The number the text message came from is 318-xxx-xxxx so I called it, no answer, not working. Not too surprising. I looked up the number, it is from a residence somewhere in the Shreveport, Louisiana area.
I called UHC and got a series of know-nothings in 5 phone conversations since Wednesday morning. At least one of those persons checked and said the phone number was not from UHC but she was not curious or interested beyond that. Having explained all of this to each of the 5 people at UHC I have spoken with I am exhausted and now just waiting again for the response in 1 to 2 business days as per usual. Meanwhile, I suspect my account is compromised somehow and for some reason.
I spent half the day on Wednesday changing passwords and updating security on my vital accounts.
I won't go into all the convoluted logic of how it can happen just that this did happen as I have described. I read that there is such a thing as MAF or MAP where hackers are trying to intercept the text delivered security codes. I can't see how anyone that did not have accurate and real-time access to the account could possibly generate a valid security number to send by text that would work on the UHC web-site unless they have full account access and if that then why would they want to further their fraudulent activity? I also can't think of a reason they would want to send a security number via text from a fraudulent phone number.
This is not the first suspicious activity on a UHC system and that heightens my wariness. Their lack of response and urgency does nothing for my comfort either. Earlier this year there was breach that resulted in the theft of data from thousands of accounts. As per usual in such a case UHC sent a letter to subscribers claiming that no vital information was lost.
If anyone has any helpful thoughts on this matter I'll appreciate them. If anyone else has seen this kind of thing or does you will know to beware, always look for that text number but also some related and legitimate identification in the text.
Each similar event leaves me / us less trusting of these systems and with good reason. We have not advanced, we have become slaves to these systems and they consume us.
For later.
Clearly this is too late for this event, but I usually save the numbers of those sites that send two-factor codes into my contacts by the company name. So then the next time they send an access code, I see their name on the text, not just the originating texter’s digits (which are rarely an actual phone number sequence.) Most companies that perform this two-factor authentication use the same ‘from’ number each time.
Never worry though. Your government issued CBDC will be completely safe and hacker-proof.
When hell freezes over.
One further thought: If you were sent a two-factor code without having to provide a cell phone number during your attempted log-in, then you can be assured that it was a genuine two-factor code because they used your stored profile information to know what cell phone number to send the two-factor code to. No hacker would know what cell phone number you have in order to spoof the two-factor process.
American Association of Retired LIBERAL People.
AMAC’s Medicare Advisory Service
The Association of Mature American Citizens (AMAC)
There seems to be over the past year, a coordinated effort to collect all American’s health records.
Recently I’ve been getting phone calls at any time of the day or night which I ignore.
One call came in at 6 am Saturday morning. A few days later I took a chance and called the number back. The man spoke in a rushed haphazard manner and you could hear other people in a call center calling and delivering the same script.
I couldn’t hear him well because of all the other call center staff. UHC normally doesn’t sound like that a all.
I was wondering what was going on and didn’t speak for a moment and I could barely hear him above the noise so he abruptly asked, “Can you hear me” to which I replied, “Not really, there’s so much noise behind you.”
He then blurted, “Do you have diabetes?” as if the fact I just said I could barely hear him was irrelevant.
I don’t have diabetes in my medical records. He must not have access to the medical side of my personal information or he would know that. Why would UHC call their members and ask if they have diabetes?
He sounded Indian, as did those in the call center behind him. He was unaware of how suspicious and unprofessional this line of conversation was.
I hung up.
I suspect the UHC staff knows all about their latest breach or that user identity information really was stolen in the prior breach, and so they act like it doesn’t matter to de-escalate concern as if to say, “We’re not worried, so you shouldn’t be worried.”
Unless a hacker had obtained all of the AARP United Healthcare database that included the phone number of record.
And know exactly when you were logging in so that they could send you a spoofed two-factor number?
That makes sense until they said they have no such number, the number location. I am clearly not just agitated about this suspicious problem but about the haphazard way they have handled it.
That knowledge and process are a reason for this post. Not normally something I consider to be wary of.
Thanks!
Are you sure it’s not your phone that’s compromised?
AARP = Socialism for Blue Hairs
They want you to say YES. They record your voice saying yes to whatever they ask you. It’s a hack.
Never answer phone to unknown number and say yes when they ask you a question if you do answer it.
Yes, it is all very strange but still no surprise considering the times we are in. Someone has said, “The problem is not that we are paranoid; the probelem is that we are not paranoid enough.”
And know exactly when you were logging in so that they could send you a spoofed two-factor number?
The scammer can creat an identical website that works exactly the same as the original site that they have spoofed. They will only connect to a portion of the original customer base, according how much his fake routing has been propagated through the network.
Something that most people would never believe is that our own government intelligence agencies perform Man In The Middle data captures since the Patriot Act has existed.ARP Spoofing Attacks
The effects of ARP spoofing attacks can have serious implications for enterprises. In their most basic application, ARP spoofing attacks are used to steal sensitive information. Beyond this, ARP spoofing attacks are often used to facilitate other attacks such as:
- Denial-of-service attacks: DoS attacks often leverage ARP spoofing to link multiple IP addresses with a single target’s MAC address. As a result, traffic that is intended for many different IP addresses will be redirected to the target’s MAC address, overloading the target with traffic.
- Session hijacking: Session hijacking attacks can use ARP spoofing to steal session IDs, granting attackers access to private systems and data.
- Man-in-the-middle attacks: MITM attacks can rely on ARP spoofing to intercept and modify traffic between victims.
ARP Spoofing Tutorial
ARP spoofing attacks typically follow a similar progression. The steps to an ARP spoofing attack usually include:
- The attacker opens an ARP spoofing tool and sets the tool’s IP address to match the IP subnet of a target. Examples of popular ARP spoofing software include Arpspoof, Cain & Abel, Arpoison and Ettercap.
- The attacker uses the ARP spoofing tool to scan for the IP and MAC addresses of hosts in the target’s subnet.
- The attacker chooses its target and begins sending ARP packets across the LAN that contain the attacker’s MAC address and the target’s IP address.
- As other hosts on the LAN cache the spoofed ARP packets, data that those hosts send to the victim will go to the attacker instead. From here, the attacker can steal data or launch a more sophisticated follow-up attack.
ARP Spoofing Detection, Prevention and Protection
The following methods are recommended measures for detecting, preventing and protecting against ARP spoofing attacks:
- Packet filtering: Packet filters inspect packets as they are transmitted across a network. Packet filters are useful in ARP spoofing prevention because they are capable of filtering out and blocking packets with conflicting source address information (packets from outside the network that show source addresses from inside the network and vice-versa).
- Avoid trust relationships: Organizations should develop protocols that rely on trust relationships as little as possible. Trust relationships rely only on IP addresses for authentication, making it significantly easier for attackers to run ARP spoofing attacks when they are in place.
- Use ARP spoofing detection software: There are many programs available that help organizations detect ARP spoofing attacks. These programs work by inspecting and certifying data before it is transmitted and blocking data that appears to be spoofed.
- Use cryptographic network protocols: Transport Layer Security (TLS), Secure Shell (SSH), HTTP Secure (HTTPS) and other secure communications protocols bolster ARP spoofing attack prevention by encrypting data prior to transmission and authenticating data when it is received.
Service providers are the major instruments of control and surveillance. Bloggers monitored by the government frequently undergo man-in-the-middle attacks. These are designed to intercept data meant to be sent to secure (https) sites, allowing passwords and other communication to be intercepted.Nothing is secure so I just make sure I have nothing to hide or steal.
You are welcome.
Why are you not logging in directly from the UHC website? Why bother with a redirect from the AARP website? That’s just another layer of vulnerability. Do you have the UHC app? You can get any info through the app.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.