Categories
beware of scams computer tips tech news

data breaches

Recently I received 2 letters saying my private information may have been breached from state and a private company.

Minnesota department of human services said an email account was compromised. http://mn.gov/dhs/media/news/index.jsp?id=1053-370213

Productive Alternatives said a server was compromised at its Brainerd MN location.

Both of these organizations handle very sensitive personal private information but unlikely financial gain.

Both only offered advise to check my credit report annually at annualcreditreport.com as allowed by US law and saying the software security problem was corrected. A report of the investigation was also offered by PA.

A Url http://www.consumer.gov/idtheft/ to information about identity theft was also provided.

Categories
beware of scams computer tips tech news

warn tax pros to be on alert step up security measures

received from MN Department of Revenue
WASHINGTON – The IRS, state tax agencies and the tax industry warned tax professionals to be alert to taxpayer data theft in the final weeks of the tax filing season. The Security Summit partners urged tax professionals to enhance their data safeguards immediately.
In recent days, the “New Client” scam has re-emerged, signaling ongoing attempts by cybercriminals to target tax professionals with spear phishing schemes. In this scam, a “new client” emails the tax pro about a tax issue, attaching documents to their email that they claim to be an IRS notice or prior-year tax information. The documents actually contain malware that, if opened, enable the criminals to steal taxpayer information.
This filing season, the Internal Revenue Service has seen a steep upswing in the number of reported thefts of taxpayer data from tax practitioner offices. Seventy-five firms reported taxpayer data thefts in January and February, nearly a 60 percent increase from the same time last year. Much of this increase follows one scam, the erroneous refund scheme, that affected thousands of taxpayers and numerous practitioners earlier this filing season.
January through April represents prime season for cybercriminals to attack tax practitioners, but data thefts can occur at any time. Tax professionals should be on high alert and deploy strong security measures as the filing season reaches a peak with the April 17 deadline approaching. Criminals try to take advantage of this extremely busy time of year when tax professionals are in greater contact with taxpayers and are therefore in possession of more data.
Some tax professionals may be unaware they are victims of data theft. Here are some signs:

  • Client e-filed returns begin to reject because returns with their Social Security numbers were already filed;
  • The number of returns filed with tax practitioner’s Electronic Filing Identification Number (EFIN) exceeds number of clients;
  • Clients who haven’t filed tax returns begin to receive authentication letters (5071C, 4883C, 5747C) from the IRS;
  • Network computers running slower than normal;
  • Computer cursors moving or changing numbers without touching the keyboard;
  • Network computers locking out tax practitioners.

Identity thieves often are part of sophisticated criminal syndicates based in the U.S. and abroad. These syndicates are resourceful, being tax savvy and having digital expertise to pull off these crimes. They use a variety of tactics to break into tax professionals’ computer systems and steal client information if appropriate security measures have not been taken.
A common tactic, called spear phishing, occurs when the criminal singles out one or more tax preparers in a firm and sends an email posing as a trusted source such as the IRS, e-Services, a tax software provider or a cloud storage provider. Thieves also may pose as clients or new prospects. The objective is to trick the tax professional into disclosing sensitive usernames and passwords or to open a link or attachment that secretly downloads malware enabling the thieves to track every keystroke.
The “New Client” scam is one form of spear phishing. Here’s an example: “I just moved here from Michigan. I have an urgent Tax issue and I was hoping you could help,” the email begins. “I hope you are taking on new clients.” The email says one attachment is the IRS notice and the other attachment is the prospective client’s prior-year tax return. This scam has many variations. (See IR-2018-2, Security Summit Partners Warn Tax Pros of Heightened Fraud Activity as Filing Season Approaches.)
The IRS Criminal Investigation Division continues to investigate a series of data thefts at tax preparers’ offices that occurred earlier this year in which the criminals added a new twist to their scheme to file fraudulent tax returns. The thieves directed the fraudulent refunds into the taxpayers’ actual bank accounts. This scam has claimed thousands of taxpayer victims. (See IR-2018-17, Scam Alert: IRS Urges Taxpayers to Watch Out for Erroneous Refunds.)
Although reports of this data theft have lessened recently, taxpayers and tax professionals should remain on alert for this scam. Taxpayers should return any fraudulent refunds to the IRS as well as discuss security options for their checking or savings accounts with their financial institutions. Here are the recommended security steps by the Security Summit:

  • Learn to recognize phishing emails, especially those pretending to be from the IRS, e-Services, a tax software provider or cloud storage provider. Never open a link or any attachment from a suspicious email. Remember: The IRS never initiates contact via email.
  • Create a data security plan using IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security – The Fundamentals, by the National Institute of Standards and Technology.
  • Review internal controls:
    • Install anti-malware/anti-virus security software on all devices (laptops, desktops, routers, tablets and phones) and keep software set to automatically update.
    • Use strong and unique passwords of 10 or more mixed characters, password protect all wireless devices, use a phrase or words that are easily remembered and change passwords periodically.
    • Encrypt all sensitive files/emails and use strong password protections.
    • Back up sensitive data to a safe and secure external source not connected fulltime to a network.
    • Wipe clean or destroy old computer hard drives that contain sensitive data.
    • Limit access to taxpayer data to individuals who need to know.
    • Check IRS e-Services account weekly for number of returns filed with EFIN.
  • Those who experience a security incident or a breach resulting in data disclosure should report the incident to the appropriate IRS Stakeholder Liaison.
  • Stay connected to the IRS through subscriptions to e-News for Tax Professionals, Quick Alert and Social Media.
Categories
beware of scams

IRS, state tax agencies, and the tax industry warn tax professionals of phishing emails

received in an email from Minnesota Revenue

WASHINGTON – The IRS, state tax agencies, and the tax industry recently warned tax professionals to beware of phishing emails purporting to be from a tax software education provider and seeking extensive amounts of sensitive preparer data.
The email’s origin is unknown but likely issued by cybercriminals who could be operating from the U.S. or abroad. The email is unusual for the amount of sensitive preparer data that it seeks. This preparer information will enable the thieves to steal client data and file fraudulent tax returns.
The IRS reminds all tax professionals that legitimate businesses and organizations never ask for usernames, passwords or sensitive data via email. Nor should a preparer ever provide such sensitive information via email if asked.
All tax professionals should be aware that their e-Services credentials, the Electronic Filing Information Number (EFIN), the Preparer Tax Identification Number (PTIN) and their Centralized Authorization File (CAF) number are extremely valuable to identity thieves. Anyone handling taxpayer information has a legal obligation to protect that data.
Because the IRS, state tax agencies and the tax industry, acting in partnership as the Security Summit, are making inroads on individual tax-related identity theft, cybercriminals increasingly target tax professionals. Thieves are looking for real client data so they can better impersonate the taxpayer when filing fraudulent returns for refunds.
The fake email uses the name of a real U.S.-based preparer education firm. Here’s the text as it appears in phishing emails being sent to tax professionals:
In our database, there is a failure, we need your information about your account.
In addition, we need a photo of the driver’s license, send all the data to the letter. Please do it as soon as possible, this will help us to revive the account.
Company Name
EServices Username
EServices Password
EServices Pin
CAF number
Answers to a secret question
EIN Number
Business Name
Owner/Principal Name
Owner/Principal DOB
Owner/Principal SSN
Prior Years AGI
Mother’s Maiden Name*
If you received or fell victim to the scam email, forward a copy to phishing@irs.gov. If you disclosed any credential information, contact the e-Services Help Desk to reset your password. If you disclosed information and taxpayer data was stolen, contact your local stakeholder liaison.

Categories
beware of scams computer tips

beware of phishing scams

Several phishing scams are prevalent right now through phone calls, emails, and other media.

  1. Fake phone calls claiming to be from IRS. The real IRS usually will try to contact by postal mail first. https://www.irs.gov/uac/tax-scams-consumer-alerts
  2. Fake emails pretending to be Apple or Google or another company.  A fake security alert. Although Apple and Google do send emails like this, some scammers have made spoofs that appear to be from those companies however they are not real and they will try to get your log in credentials and may try to get other private (such as contacts list) or financial information.
Categories
beware of scams

Beware of Tax scam

Recently I received an phishing email that said it was from TurboTax requesting I update my info.
But looking closer at the email it was sent from a .edu email address and the URL had a .ru address. So it was not from TurboTax, but a scam to try to get information.

Categories
beware of scams

The latest in scam emails that I've received

Hopefully most of these go straight to your junk or bulk email so you don’t have to look at these.
Some phishing scams I’ve seen:
US Solar department. There isn’t a US Solar department. There is US department of energy. There are sometimes government incentives federal state, and local. (In Minnesota the commerce department sometimes handles these)  But the emails that say US Solar department is a scam and there are also similar scams.
We need to update your security information right away. Saying it’s From an email provider, bank, government agency, or other place. It is highly unlikely that this from your actual email provider, bank, or government agency. It is someone trying to get your information.  All of these places have a different method of contacting you.
A friend or relative ends up in foreign country and needs money right away. If they didn’t tell you they were going there, this is a scam. Their  account may have been stolen, or the email may have been spoofed.
Too good to be true scams: “You’ve won a $1000 gift card, that you never entered a contest to be in”.” You won a foreign lottery. “” I’m a person from another country need you to take care of my millions of dollars.” “unsecured business loans” All of these are scams and if you get involved could loose a lot of money or even end up in a prison if you fall for them (especially if you try to go to another country to get the money back).  Also in the lines of too good to be true A brand new product, new model (not a clearance, refurbished, or used item or loss leader), for significantly less that other places
 
Prescription drug and medical devices advertisements in emails not only may it be a scam that will cost you money or get you in legal trouble, the product you get may be dangerous.  If it’s the right product, it still could be the wrong dose or size. Or simply not the one for you. Some of the medications or devices may make your problem worse or cause injury or death. Always check with your doctor for anything like this even if you are getting it from your local pharmacy or medical supply store.
It is a good idea just to delete these emails or mark them as junk/spam. And remember that these scams are not limited to emails, they can also happen with phone calls, social media, mail, and paid tv and radio programming so be careful.
 

Categories
beware of scams

Dealing with unwanted emails

Although in my view not as bad as junk postal mail or unwanted phone calls unwanted emails can be a problem or at least a nuisance.
They are called many things:

  • junk mail or email
  • spam
  • bulk mail
  • unsolicited mail
  • unwanted e-mail

How to reduce junk mail.

  • Certain email programs are better than others at handling junk mail. Many of the web based programs are slightly better at handling than desktop email clients.
  • Don’t sign up for emails you don’t want
  • If you signed up for an email you don’t want there should be an unsubscribe option.
  • If it’s a personal email address be careful who you give it out to.
  • Many email programs have a reporting option/ button like “This is spam” or “report junk mail” or “block sender”
  • Don’t click on the links of unwanted email, however sometimes the unsubscribe option is ok to click on.
  • Sometimes it is simply best to just delete it.

Phishing:

  • Phishing are emails, letters, phone calls pretending to be other people, businesses, and organizations.
  • They might pretend to be your friends or relatives.  Many of these emails are from out of the country.
  • Clues to phishing:
    • misspellings from companies
    • links look different
    • email addresses are slightly different
    • trouble with your bank or PayPal account
    • Email from your friends or relative, that are in unusual circumstance, and are different than how they usually word things

Common email/mail scams:

  • For Businesses:
    • SEO services (Search engine optimization saying your web site does poorly in search rankings even though that’s how they probably found you)
    • mobile web development
    • Listing services that look like a bill or look like it is needed for your web site
    • there are legitimate business services for those things listed above (like mine, I offer SEO, web development, and Business Listings) but you probably should not trust those that send you junk emails.
  • scam letters from out of the country saying you are getting money (Nigerian Letter Scams, Out of Country Lotteries)
  • phony virus alerts
  • Urban legends and misquoting famous people
  • and more

Another Problem:

  • There is so much junk email that some important email end up in your junk or bulk mail folder. So it is best to check it before emptying.
Categories
beware of scams

phony debt collection scam

Article from Mid-Minnesota FCU Fake arrest warrants
Minnesota AG: Phony debt collector scams

Categories
beware of scams computer tips

A newer problem I have noticed

New unwanted software is now getting accidentally installed by users often.
What is it?
Toolbars, Plugins and extensions.
Affecting these Programs: Internet Explorer, Firefox, Chrome, and other web browsers.
Toolbars have been a problem for a while. They are sometimes can be uninstalled with the Windows uninstaller (in a Windows OS) however many times now Toolbars, Add-ons, plugins, and extensions either have to be disabled or deleted/removed from the browser itself. Also search engine preferences, and home page sometimes need to be reset.
I will be posting more on this soon.

Categories
beware of scams computer learning computer tips Going Green

Online Banking

I use online banking frequently. Not just to check how much money is in the bank. But also to make sure that my transactions went through properly and to make sure there are no unexpected transactions.
I also use it to get my statement online instead of on paper. I download the statement onto my computer and keep it in Neat Digital filing system. Also my credit union lets my have free online bill pay by using online banking instead getting statements in the mail. The online bill pay saves me on stamps and checks and can make sure my bills get paid on time.
I also download transactions to use with my bookkeeping (Quickbooks).
About those unexpected transactions – I recommend be very cautious about giving away credit/debit card numbers or bank over the phone. If you do make sure you initiated the call and not someone who called you. Also when using online, make sure it is a company you trust and over a secure connection.

Content ©1999 - Nathan Steffenson, Nate's Computer Services - All rights reserved. - Be Green! save money and energy. Please do not print this web page.