Fake websites designed to steal your identity or empty your bank accounts are nothing new. However, the uncertainty surrounding new programs that fall under the umbrella of the Affordable Care Act, or ObamaCare, have presented an unusually large and easy target for phishing scams and malicious websites. With registration being a legal requirement for many Americans, it's open season for digital highway robbery.
The ACA umbrella covers federal exchanges, state exchanges, new health industry plans as well as individual health professionals, each of which is another opportunity for professional digital thieves to create fake medical websites as a means of baiting individuals into willfully giving away their personal financial information. No amount of security software can prevent a person from succumbing to such scams.
Many of these sites go beyond the goal of stealing your personal information. The mere act of visiting the fake website opens your computer up to the vulnerabilities of malware and malicious code, which can potentially steal far more valuable data you are safeguarding.
So what protection do you have against the code your browser runs everyday?
Once a website is identified as malicious, your browser will typically block it and give the familiar 'this website may harm your computer' warning. Unfortunately, this is a reactionary defense based on blacklisting known malicious sites. A professional scammer can create dozens of convincing websites in the time it takes for just one of these sites to be identified as malicious.
Unfortunately it's not just the fake websites you need to be concerned about. As one of our previous blog posts discusses, many legitimate websites which see millions of visitors of day have been hacked, including the Department of Labor.
So how do you stay safe? Clearly, a proactive approach needs to be utilized, where the user is inherently safe from malware, whether its self-imposed or other.
One such option is an Air Gap browser, which allows you the freedom to fearlessly investigate and comb through questionable sites knowing that any code a website executes is running on another machine with no means to access the sensitive data on your local machine or network. With an air gapped browser, the user is inherently safe from attacks due to the physical separation from the machine which is actually running any code.