Close X
Attorney Spotlight

How did a clerkship with Judge Merritt change the way Chris Climo approaches the practice of law? Find out more>

Search

Close X

Experience

Search our Experience

Experience Spotlight

Primary Care Providers Win Challenge of CMS Interpretation of Enhanced Payment Law

With the help and support of the Tennessee Medical Association, 21 Tennessee physicians of underserved communities joined together and retained Bass, Berry & Sims to file suit against the Centers for Medicare & Medicaid Services to stop improper collection efforts. Our team, led by David King, was successful in halting efforts to recoup TennCare payments that were used legitimately to expand services in communities that needed them. Read more

Tennessee Medical Association & Bass, Berry & Sims

Close X

Thought Leadership

Enter your search terms in the relevant box(es) below to search for specific Thought Leadership.
To see a recent listing of Thought Leadership, click the blue Search button below.

Thought Leadership Spotlight

Download the Healthcare Fraud & Abuse Review 2017, authored by Bass, Berry & Sims

The Healthcare Fraud & Abuse Review 2017 details all healthcare-related False Claims Act settlements from last year, organized by particular sectors of the healthcare industry. In addition to reviewing all healthcare fraud-related settlements, the Review includes updates on enforcement-related litigation involving the Stark Law and Anti-Kickback Statute, and looks at the continued implications from the government's focus on enforcement efforts involving individual actors in connection with civil and criminal healthcare fraud investigations.

Click here to download the Review.

Privacy Perils: Phishing in the Ocean of Apps

Firm Publication

Publications

October 20, 2017

News about phishing attacks implemented through email and websites is very common (see Déjà vu All Over Again; American Express – New Bait for an Old Phishing Lure; Beware of Text Scam, iPhone Users; Beware New Hacker Scheme Requesting Employee W-2 Information; and Dangers of Spear Phishing), but such attacks are not limited to those platforms. Any time you are asked to provide information over the internet, consider whether the request is legitimate. This includes being skeptical of requests for passwords within apps. 

Last week, a developer wrote about a phishing attack that uses a popup within an app that indistinguishably mimics Apple's frequent request for iCloud passwords. There have been no reports of this type of attack in the wild, but the developer notes it is relatively simple to implement.

The developer has provided some tips to protect against this type of attack:

  1. Hit the home button, and see if the app quits; if the app closes, it was a phishing attack. (Note: The tip is actually more complicated than that, discussing the "system dialog." Read the developer's post for the full explanation.)
  2. "Don't enter your credentials into a popup; instead, dismiss it, and open the Settings app manually."
  3. If you are not sure that the popup is valid, enter nothing because even "if you hit the Cancel button on a dialog, the app still gets access to the content of the password field," and "after entering the first characters, the app probably already has your password."

Although this discussion is iOS specific, the takeaway is not limited to Apple devices. Bad guys are creative, so be wary of any request to hand over your personal information. This should also serve as yet another (see Strong Passwords IV: The Phrase Awakens, Protecting Your Credit Card Online 3.0, and Additional Password Tips) reminder that using the same password across multiple accounts increases your vulnerability. A hacker can use the stolen password across multiple accounts to find ways to gain access to the desired information.

Privacy Perils imageCheck out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.


Related Services

Notice

Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.