Did You Know Hackers Can Infiltrate Your Network Via Fax Machine?

Fax machines seem to be a thing of the past for many new age businesses and professionals these days, but in reality, they’re still being used. In fact, according to Jive, more than 46 million businesses still use fax machines in some way or another. Typically businesses are still using fax machines because their clients still use them, potential government regulations or industry standards, proof of paper trail, convenience, and in some instances, fax machines are more secure.

However, an Israeli cyber security firm, Check Point, recently discovered that hackers may be infiltrating businesses networks using just a fax machine number…which might not even be connected to the internet. The researchers at Check Point demonstrated that a hacker can execute a script that targets the victim’s fax number in order to obtain network access. According to the researchers, the attacker can then use EternalBlue, a NSA-developed exploit leaked by the Shadow Brokers hacker group, to further infiltrate the network and execute malware.

Using the malware executed for this attack, the hacker can search and exploit specific information about the victim and send it back to the hacker’s fax machine. Additionally, the hacker can severely manipulate what gets sent and received. For example, if the victim sends sensitive account information to their bank, the cybercriminal can program the fax machine to send a copy to the attackers fax machine. The attacker can also tamper with the content included on the document being sent by altering the information to include or exclude what they to be attached to the document.
​
It’s worth noting that having a cyber security insurance policy in place will protect your business in the case that your fax machine does get exploited by hackers.  Contact Jon Jepsen at SentryWest Insurance for a cyber insurance quote.

(Courtesy Evolve MGA https://evolvemga.com/fax-machines/?ct=t)

​Your Identity Belongs to You. Protect It, Too.

One smart way to protect yourself against identity theft is to prevent it. If your identity is stolen, you’ll be able to lessen problems by acting quickly.

Start with Good Habits
​

• Keep this information handy
• Leave your Social Security card at home in a safe place
• Shred papers with personal information
• Reduce your credit card accounts, and carry only the cards you need
• Write checks with a permanent pen, and mail from a secure place
• Photocopy both sides of your credit cards and store safely

Watch Your Accounts Closely

• Review balances and transactions often by phone or online
• Make sure every transaction on your credit card statements is accurate
• Take advantage of free credit reports (see sidebar) and watch for unusual activity
• Sign up with Experian, Transunion, and Equifax and stagger your requests to get a free credit report every four months or sign up for credit watch services which will report directly to you for a fee

Fill Out the FTC Affidavit Quickly

• The FTC Theft Affidavit supplies proof that you didn’t authorize any accounts opened or debts run up by the identity thief
• New accounts need this FTC affidavit form to investigate the fraud and process your claim
• Call your existing accounts for instructions on disputing unauthorized charges as other forms may be needed
• Keep originals of the affidavit, and all supporting materials such as driver’s license or police report. Send copies only.
• Send quickly—many creditors request that you send the affidavit within two weeks

Keep This Information Handy

Federal Trade Commission ID Theft Line and websites:
1-877-438-4338
www.consumer.gov/idtheft
www.ftc.gov
Social Security Administration Fraud Line: 1-800-269-0271
Credit Reporting Agencies
Equifax: 1-800-525-6285
www.equifax.com
Experian: 1-888-397-3742
www.experian.com
Transunion: 1-800-680-7289
www.transunion.com

Identity Theft Plan

1. Call your credit card companies immediately. Explain what happened, and ask where to send a copy of the police report.
2. Call and report to the police. Make several copies of police report.
3. Complete a Federal Trade Commission (FTC) Theft Affidavit and FTC report (see contact information above to request these forms).
4. Call your bank. They can place an alert on your Driver’s License number and Social Security Number, and freeze your account.
5. Call fraud units of credit report agencies: Experian, Equifax, and Transunion

(Information Courtesy of SAFECO Insurance: http://www.safeco.com/insurance-101/consumer-tips/identity-theft)