Posted on 12/01/2023 12:13:11 PM PST by Sequoyah101
Please suffer me this infrequent vanity post. I want to make readers aware of what looks to me like a hazard and see if anyone else has heard of it or knows how it can be done. We have some smart people on many subjects in these pages.
It looks to me like AARP-United Health Care may have some kind of security problem and since Wednesday morning and 5 calls, 2 with supervisors, I have gotten no satisfaction to correct it or protect my account. Maybe someone on here understands what is taking place. I don't unless someone is either tracking key-strokes or is hijacking accounts or something else. Here is the story so far:
I logged on Sunday night through the myAARPmedicare.com portal as per usual. My mission was simply to confirm the user information, that my payments are current and such.
I was shifted to United Health Care from the myAARP site as usual and logged in using my password and it was accepted. I use two part verification and so the screen pops up saying a text message will be sent with the proper security number in the two part verification. My phone chimed and there it was, a text message with a number that I then put into the proper spaces and Voila!, I'm in.
I checked the profile data, the subscriber ID number and payments. All appeared to be in order and I thought nothing more of it until Wednesday morning.
In looking at my text messages Wednesday morning I noticed one from a strange phone number from 9:02 PM Sunday night, the time I logged in to UHC. The text message didn't look right and so I verified the time of the text and my online activity via my browser log, all looked correct, I had used the right URL. It was from the same time I logged into UHC and sure enough, it was the text with the security number. Problem is and what prompted me to call UHC to tell them I suspect a security problem is that the text message just had the security number, nothing more. I have never seen that before. The security codes always come with a message saying something like, "this is your security number form UHC, do not give it to anyone else". The number the text message came from is 318-xxx-xxxx so I called it, no answer, not working. Not too surprising. I looked up the number, it is from a residence somewhere in the Shreveport, Louisiana area.
I called UHC and got a series of know-nothings in 5 phone conversations since Wednesday morning. At least one of those persons checked and said the phone number was not from UHC but she was not curious or interested beyond that. Having explained all of this to each of the 5 people at UHC I have spoken with I am exhausted and now just waiting again for the response in 1 to 2 business days as per usual. Meanwhile, I suspect my account is compromised somehow and for some reason.
I spent half the day on Wednesday changing passwords and updating security on my vital accounts.
I won't go into all the convoluted logic of how it can happen just that this did happen as I have described. I read that there is such a thing as MAF or MAP where hackers are trying to intercept the text delivered security codes. I can't see how anyone that did not have accurate and real-time access to the account could possibly generate a valid security number to send by text that would work on the UHC web-site unless they have full account access and if that then why would they want to further their fraudulent activity? I also can't think of a reason they would want to send a security number via text from a fraudulent phone number.
This is not the first suspicious activity on a UHC system and that heightens my wariness. Their lack of response and urgency does nothing for my comfort either. Earlier this year there was breach that resulted in the theft of data from thousands of accounts. As per usual in such a case UHC sent a letter to subscribers claiming that no vital information was lost.
If anyone has any helpful thoughts on this matter I'll appreciate them. If anyone else has seen this kind of thing or does you will know to beware, always look for that text number but also some related and legitimate identification in the text.
My PII has been leaked 3 times. All by healthcare providers.
First thing to understand is all information security is an illusion. Machines operated by humans are not secure and cannot be made secure.
Subscribe to good identity protection on your own. Don’t rely on anything given to you free after a breach.
If two factor authentication is offered, set it up and use it. It’s much more secure than just a pwd, but not entirely foolproof.
Why is healthcare so hazardous and to what end do the hackers use this information?
Several years ago I got a notice that my debit card was being used in a spree of shopping and eating in a trail across East Texas from Houston to Texarkana. First problem, I didn't have a debit card at least not one I activated and used. I called my banker and got the thing shut down almost immediately the day it began. It was an inside job. The bank never admitted it but I was never charged to me of course. That is not the first time I was victim of an inside fraud job. The temptation for theft between the haves and have nots is just too tempting.
Working on Victoria Island in Lagos, Nigeria I drove past the fraud palaces every day. Large compounds where kids recruited from internet cafes lived and worked hacking away every day. Mostly the prince needing a place to put money scams.
I resisted online for a very long time but you are just about forced to use it. My wife does her banking and cc by mail, pays all her bills that way too. She does just fine the old way. She shops online but I order most things for her.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.