Is Your Gym Exposing More Than Your Abs?

The gym is a great place to burn off steam — and to get scammed.

When Apple announced a serious hardware flaw last week, and the critical security patch that addressed it, my first thought was perhaps arbitrary: “That exploit would work at the gym.” My next thought: what else would?

The discovery of a zero-day exploit affecting hardware—specifically a WiFi chip embedded in the main processors of Apple devices—was serious news. The vulnerability makes it possible for a hacker within range to “execute arbitrary code on the Wi-Fi chip.” A similar vulnerability was announced and patched on the Android platform earlier in the month.

The gym is often seen as a safe space to burn off steam, clear your head and boost your heart rate but it can also be dangerous. The gym stores a lot of personal information and is filled with strangers in close proximity to one another. Because of this, it’s important to think about more than building physical strength — building cyber strength is crucial to making yourself a harder target to hit.

The gym is often seen as a safe space to burn off steam, clear your head and boost your heart rate but it can also be dangerous. The gym stores a lot of personal information and is filled with strangers in close proximity to one another. Because of this, it’s important to think about more than building physical strength — building cyber strength is crucial to making yourself a harder target to hit.

Here are a few things to make your next trip to the gym as scam-proof as possible.

How Is Your Personal Information Stored?

Your gym can require and request a ton of personal information: your Social Security number, driver’s license number, credit and banking information, your home address, and in some cases your medical or health information. When in the hands of the wrong person, this information can lead to identity theft and major breach of privacy.

Your job is to reduce your attackable surface and watch out for scams.

The first question you should ask is how your information is stored, and who has access to it. Don’t accept a vague answer unless it is the correct answer. “I’m not sure,” might indicate an ill-informed point of contact at the front desk or, worse, a total lack of data security. Don’t be surprised if everyone who punches the clock at your gym has access to your information.

Because of this, it’s important to think about what kind of information your gym has and why they need it. Try to limit what information they get, even if it is “required.” While the gym needs to identify you, they don’t need much data to do that. It’s your job to give them the bare minimum they need.

Juice Jacking

Be wary of charging your devices at the gym. Simply plugging your phone into the wall can make you vulnerable to juice jacking, a cyberattack where a charging port does double duty as a data connection that either steals user data or downloads malware to steal it at a later time.

Though it seems unlikely, if your gym’s owner isn’t up to date with scams, the gym may unwittingly allow a hacker to install a data-stealing kiosk for members to use.

Always pay attention to phone pop-ups. Both Apple and Android now have stopgaps to avoid juice jacking exploits, but the warning screen can be distractedly tapped away and ignored, thus opening the door to an intruder.
If you want to reduce the risks while charging your devices at the gym, look into USB cords without data transporting cables. You can also make juice jacking impossible by using the AC adapter your device came with or a back-up battery device.

Public Wi-Fi

Here’s another way your devices can leave you vulnerable to attack. Signing on to your gym’s public Wi-Fi can be risky — such is the case whenever you log on to a public Wi-Fi network. Another thing to remember: Hackers may not always ask for the gym owner’s permission to set up the Wi-Fi network that’s labeled with the gym’s name.

In addition to the fake Wi-Fi set up, there’s the threat of a man-in-the-middle attack. This attack can secretly alter the communication between two parties and even lead to eavesdropping by an unknown third party.

If you are going to log on to the Wi-Fi at your gym, always look for HTTPS in the address and the green lock near the URL of the sites you visit and think long and hard before visiting destinations like banks, credit cards and the like that require or provide access to sensitive information.

Remember, if you ever have any suspicion your information has been compromised, always contact your credit card providers ASAP. It’s also helpful to check your credit for any sudden changes (You can get a free credit report snapshot at Credit.com) While knowing the latest threats out there, and utilizing security updates the moment they are issued is great and absolutely necessary, it’s important to bear in mind that there is no anti-fraud silver bullet. Gyms are neither better nor worse than anywhere else when it comes to data security practices, but they are definitely places where you can be harmed.

If you assume your information is vulnerable, at the gym or anywhere else, and you take the effort to limit your data exposure and minimize your attackable surface, you have the best shot at staying in good shape. If you do find a security problem at your gym, maybe it’s time to demand solutions. At the very least, if you see something, say something. And if you’re really worried, find a new gym that practices better cyber and data hygiene.

Image: BraunS

The post Is Your Gym Exposing More Than Your Abs? appeared first on Credit.com.

Review: IdentityForce Identity Theft Protection

Pickpocketing at the subway station

About 7% of U.S. residents over the age of 16 were victims of identity theft in 2014, according to a report published in September 2015 by the Bureau of Justice Statistics.

Over half of the victims were able to resolve issues within a day or less. However, victims that took longer to recover their identity were more likely to experience problems with work, relationship stress and emotional distress than those who could fix the problem quickly.

The purpose of services like IdentityForce is to catch identity theft fast so you can resolve issues right away and utilize services such as identity restoration to minimize the hassle of reclaiming your identity from scam artists.

IdentityForce Services at a Glance

The IdentityForce product comes with identity monitoring of public and court records. It also monitors for change of address requests, sex offender listings and payday loans in your name. You’ll get alerted if there’s any unusual activity with your personal information or strange transactions on your credit card or bank accounts.

If your identity is compromised you get one-on-one, 24/7 support from Certified Protection Experts and $1 million in an insurance policy to cover the cost of repairing your identity. This insurance is for the purpose of helping you recover your identity. The $1 million insurance does not cover $1 million in stolen funds.

IdentityForce offers two plans:

The base plan (UltraSecure) has everything discussed above (identity monitoring, alerts, restoration and insurance), but it excludes credit monitoring.

The IdentityForce premium plan (UltraSecure + Credit) gives you the extra benefit of daily 3-bureau credit monitoring along with credit scores and reports from all 3 credit bureaus.

Out of all the service features where IdentityForce shines is the restoration service because technically you can take care of everything else on your own or use a free tool. You can check public records for your own personal information. You can set up alerts with your bank or credit card company to notify you of excess spending or withdrawals.

You can also use a site like Credit Karma to monitor your credit reports for unusual activity and set alerts if there are changes to your accounts.

But, what’s more challenging to do by yourself is taking care of the problems that arise after your identity is stolen. If you sign over power of attorney to IdentityForce when your identity is stolen a specialist will make all the calls on your behalf to recover your identity.

Child Watch and Medical Identity Theft Protection

IdentityForce offers Child Watch and Medical Identity Theft Protection as service add-ons.

Once you subscribe you can add your children to the Child Watch program. This extra feature will notify you if there’s suspicious activity under your child’s name. Child Watch is also included in the $1 million insurance policy and restoration service.

Medical identity fraud happens when someone uses your insurance and personal information to get medical care without paying. Then medical bills you’re completely unaware of show up on your delinquent accounts and impact your credit. IdentityForce will monitor your medical accounts and medical insurance to stay on top of fraud.

IdentityForce Transparency Level

Overall the IdentityForce service is transparent with its terms and how the service works. In small print on the Family Identity Theft Protection page, IdentityForce mentions no one (or service in this case) can prevent all identity theft. It’s true.

If you purchase a service like this the purpose is to catch identity theft early so you can nip it in the bud. You can’t eliminate your chances of experiencing fraud entirely.

IdentityForce is also transparent about what the insurance policy does and doesn’t cover. This is a plus because you don’t want to sign up for a service and then get an unpleasant surprise when you need to submit a claim.

In a nutshell, the insurance will cover the costs of reinstating your identity if you’re found to be a confirmed victim of identity theft. According to the terms, getting a purse, wallet or sensitive documents stolen does not automatically mean you’re a confirmed victim.

After money is stolen from your bank account or other fraud activity occurs, you’re then considered a confirmed victim and qualified for coverage. The insurance plan covers reasonable and necessary costs like long-distance calls, loan re-application fees and the cost of up to 6 credit reports while resolving identity theft.

You’ll also get coverage for lost wages if you have to take off from work. Another benefit of insurance coverage is it’ll cover legal and defense fees for charges brought against you as a result of identity theft if you choose an attorney that’s approved by IdentityForce.

The Cost of IdentityForce

The UltraSecure Plan costs $17.95 per month or $179.50 per year: This is the basic plan including monitoring of public records and activity alerts. Also comes with restoration services and the $1 million insurance policy.

The UltraSecure+ Credit Plan costs $23.95 per month or $239.50 per year: This plan includes everything from the UltraSecure Plan plus daily credit monitoring. You’ll get credit reports and scores from all 3 credit bureaus. There’s a monthly score tracker and a credit score simulator.

Other Identity Theft Protection Alternatives

Zander is another identity protection service that offers similar features as IdentityForce without the credit monitoring aspect although you get free credit reports.

Identity monitoring, fraud alerts and identity restoration is included in the service. You’ll also get reimbursed up to $1 million of expenses caused by identity theft. Zander is $6.75 per month for individuals (or $75 per year) and $12.90 per month for families (or $145 per year).

TrustedID offers 3-bureau credit monitoring, credit reports and credit scores. It has fraud alerts, medical benefits protections, protection support specialists and $1 million of identity theft insurance. The plan for individuals costs $14.17 per month billed in one installment of $170 per year. For families it costs $25 per month billed in one installment of $300 per year.

Is IdentityForce Worth the Cost?

Comparing costs of IdentityForce against both Zander and TrustedID, IdentityForce is slightly more expensive.

If you were to pick between Zander and IdentityForce (since both offer restoration services), Zander gives you a comparable service for less money. And you can always solve the problem of Zander not having credit monitoring by coupling it with another free service (i.e. Credit Karma).

Ultimately, before checking out any identity protection product you should think about whether you can do monitoring on your own and avoid the cost entirely. For pros and cons of using an identity theft protection service check out this post.

The post Review: IdentityForce Identity Theft Protection appeared first on MagnifyMoney.