CYBER THIEVES ARE STALKINGYOU… WHAT YOU CAN DO TO PROTECTYOURSELF
An article in the Wall Street Journal this past Friday announced that TurboTax wastemporarilysuspendingtransmissionofstatee-filedtaxreturnsinresponsetoasurgeincomplaintsfromconsumerswho logged into their TurboTax accounts only to find thieves had already claimed a refund intheir name. That news comes as the most recent of a long trend of cyber threats includingcyberattacks against Home Depot, JP Morgan Chase and Anthem, Inc. Fraudulent return filings stealing millionsof dollars of taxpayer refunds are on the rise. The IRS estimated that it paid $5.2 billion in fraudulentID- theft-relatedrefundsin2013andthey’reexpectingthatnumbertosignificantlyincreasein2014.
The TurboTax problem brings to light a key security issue – end users (individual people) aregetting hacked from their home computers. We speculate that thieves did not break into TurboTax andstealidentities, there was no breach of their security that they could detect.Instead, thieves arestealing your logon information directly from your home and office computers. How? Oftenthrough malware/spyware that loads onto your machine through virus-infected e-mails in your inbox orby visiting infected/compromised websites. Rootkits (a type of virus) is a collection of tools (programs)that may consist of spyware and other programs that secretly monitor your network traffic andrecordkeystrokes as you use your computer and send the information back to the hacker who gathersthis information and sometimes uses or sells it on the dark web to criminals. Another way cybercriminalsgain access to your information is through their ability to hack into your e-mail account. Mostpeople have easy to remember passwords that are also easy to crack which hackers use a tactic calledsocialengineering. A cyber thief cracks your e-mail password, logs in as you, can easily search through youre- mail and gather all sorts of financial information about you (how many of us get our monthly bankand quarterly investment information e-mailed to us instead of paper-mailed?). They then accessthose financial sites and use the “reset logon” or “reset password” features most sites permit, wait forthe “reset” e-mail to hit your e-mail account and change the logon information. Some of the moresecure siteshaveimplementedsecurityquestionsasanextralevelofsecuritywhichcanpreventhacking.
There’s definitely a trend for thieves to get into your computer and gather enough informationabout you to file a fake tax return. At Wiss we’ve had a handful of clients experience this. Our firm hasvery sophisticated, multi-level security in place to protect our clients’ data, but thieves had stolenenoughinformationfromclients’homecomputertofilloutafakereturnandgetsomesortofrefunddelivered to an account that was then closed. We became aware of it when we went to file the actual returnand the taxing authority rejected it because one had already been filed for that taxpayer’s socialsecurity information. Working with the taxing authority to register the theft, file the correct return andsecure the refund for the client is an arduous task that can take many months and requires a ton ofpaperwork and proof of identity by the taxingauthority.
So what can you do to protect yourself?Here are some basic things you cando:
1.Install and maintain a quality anti-virus software which will check for viruses on yourhome and/or office computer on a regular basis which also checks for viruses on incoming email.Just as important as installing anti-virus software is to update it regularly. As new versionsare released upgrades should be installed. Cyber thieves and hackers are fast and adaptable.New
viruses are discovered hourly so it’s very important to make sure your anti-virussoftwareupdates on an automatic schedule which should be set to an hourlybasis.
2.Firewalls either on your network and/or computer must be enabled, configured properly,and updated. Firewalls can keep the bad guys out and your datasafe.
3.Never open unknown or suspicious e-mail. Know your senders and know what you subscribeto. Social engineering and phishing tactics are used to infiltrate your computer, meaning theyenter your computer when you open the e-mail containing the virus. For example, an email froma frequent contact may appear to be from them but the email address behind the person’sname is from a cyber-thief. Viruses can do things like track keystrokes and send the informationback to the cyber thief who can then access any accounts you’ve visited on yourcomputer.
4.Obtain your software from reputable sources – downloading programs you’ve purchasedfrom shady sources or freeware sites are most likely infected. Be sure to keep your systemand programs up to date as security patches are released periodically. Internet browsershave security features in them such as popup blockers, smart screen filters, ActiveX filteringand security features that should be enabled and configuredproperly.
5.Hackers often leave infected USB drives unattended for you to pick up in the hopes thatyou plugit intoyourcomputerso theycangainaccess.Mostvirusscansoftwarewillscanmediaasit is introduced to your computer. As a best practice you should always scan all mediabeforeintroducing to your computer andnetwork.
6.Don’t keep sensitive financial passwords, logons and other information in your online mailor transmit this information electronically. I can’t tell you how many clients we see who storetheir social security number, logons with passwords for financial institutions and other data asa “contact or email from themselves” in their mailbox or keep scans of social security cardsstored in their online photo album or on their computer desktop or “C” drive. This is prime fodderfor cyber thieves who have applications to scan and pick up this information quickly andeasily.
7.Thieves are also highly-adept at figuring out passwords and utilize complex passwordcracking programs so you need to keep a step ahead of them by making your passwordimpenetrable:
a.The longer the password, the tougher it is to crack so try to use 10 or 12character passwords that mix letters and numbers. Best way to do a password: pick a sentenceor phrase you can easily remember and then use the first letters/numbers of eachword, alternating capitals and lowercase and adding a special character somewhere.For example, take the phrase: “Jack and Jill went up a hill” which can be typedas, J@cknJiL!w3nt^Ahi!! . That’s a tough password tocrack.
b.Be unpredictable – don’t use birthdays, your name, common words, SSN, etc. in anypartof thepassword.
c.Do not use the same password for multipleaccounts.
d.Do not text message, email passwords or store passwordselectronically.
e.Change your password regularly (make it a practice to change themquarterly)
f.Do not use sticky notes on your monitor or desk with logon information. Thisisextremely dangerous.
A new year, a new design, another win. BlackBerry’s PRIV secure smartphone powered by Android, has hit the ground running with rave reviews from journalists, customers and respected third-party testing agencies highlighting its one-of-a-kind design and security features.
By the way. Did you know that you can eliminate your Frontier lines, and the aggravation and billing issues with Frontier?
We have helped many companies such as real estate management firms, healthcare , and many others create one bill for all their Verizon/Frontier lines . We can also embed the cost center associated into the bill. We do all this and lower the monthly cost as well.
Because his IT director eliminated his Frontier andVerizon lines, and moved 90% of his servers, and phones to the cloud, while eliminating capex from future budgets. At the same time, IT implemented a cloud based Disaster recovery plan, and is geographically diverse.
Call us and discover if one of our consulting services in conjunction with our partners, which include Verizon, AT&T, Evolve and many others can provide cost-effective solutions for you.
At this point, disenfranchised “Nigerian royalty” asking for money through a poorly worded email is the ultimate cliche of internet scams.
So why does it still exist?
According to new book “Think Like A Freak,” a follow-up to the popular “Freakonomics” by Steven D. Levitt and Stephen J. Dubner, the scam’s obviousness is its chief selling point.
The book refers to research from Microsoft Research computer scientist Cormac Herley, who looked at Nigerian scams — technically called advance-fee fraud — from the point of view of the scammer. How, he wondered, were scammers who never sent an email free of typos earning enough money for the United States Secret Service to establish its own task force to fight them?
In fact, those typos are a key part of the scam.
Levitt and Dubner explain the genius behind such an obvious scam in terms of “false positives,” referring to email recipients who engage with the scammers but don’t ultimately pay. Reaching out to scores of potential victims isn’t much work, thanks to the ease of email, but with each reply from a gullible target, the scammers are required to put forth a little more effort.
Therefore, it’s in the scammers’ best interest to minimize the number of false positives who cost them effort but never send them cash. By sending an initial email that’s obvious in its shortcomings, the scammers are isolating the most gullible targets. If you trash their email, that’s fine. They don’t want you, someone from whom there’s virtually no chance of receiving any money. They want people who, faced with a ridiculous email, still don’t recognize its illegitimacy.
As Herley tells the book’s authors, “Anybody who doesn’t fall off their chair laughing is exactly who they want to talk to.”
While no one is recommending you engage with scammers, Herley tells Levitt and Dubner that the best defense against these crooks is to game their system and waste their time. Ideally, he says, this would take the form of a chatbot that engages with scammers, to make them put in the effort toward the false positives they’re trying to avoid.
For those who don’t follow South Jersey News, Today’s Article outlined the options for utility customers who find errors in their utility bills.
The article outlines the difficulty in dealing with a utility company that can easily get upwards of 2000 complaints a day.
Stefanie Brand, director of New Jersey’s Division of Rate Counsel, recommends that customers record conversations with a company’s customer service to ensure that proof of a conversation is available. “I would strongly recommend taking careful notes of exactly who you are speaking with and the details of the conversation, and if you have to go to the board, then you can provide that information. You want to know your customer service rep, record what they’re saying, and if you’re unable to resolve it with the company, you have the right to file with the BPU.”
It’s a strenuous process. Especially for businesses who, in addition to billing errors, are often in the wrong rate group all together with no knowledge to know the difference. Luckily there is a better way. If you believe you may be facing billing errors, contact Applied Utility Auditors today and let them deal with the utility’s bureaucracy
Is your board of directors fully engaged in cyber-security?
According to a recent whitepaper by AT&T, 75% of corporate boards are not involved in active oversight of cyber-security despite the threat it poses to brand equity, employees, and customers.
When did you and your board review your last risk assessment?
Your IT department should be consistently and regularly performing risk assessments with recommendations for upper management. These risk assessments should not be taken lightly and should include oversight from the biggest decision makers in the company.
What makes you a target for attacks?
One of the biggest errors companies make is thinking their company will be passed up for a “more lucrative” fish. Cyber attacks come big and small – and for a variety of reasons. Do you have access to personal financial information? Medical records? Is your industry controversial in any way making you a target for “hacktivists”? It’s best to assess what value attacking your company has and protect that information specifically.
What data is leaving your company and is it secure? The economics of cyber corporate espionage are clear. It’s much easier to steal proprietary information than it is to do research and development on one’s own. Foreign nations themselves have been known to fund the hacking of corporations in order to give industry in their countries a let up. Who has access to your proprietary information and how are they handling that information?
How have I provided my security organization with all the tools and resources they need to help prevent a security breach?
This is an industry that changes almost overnight. Last year’s technology is not likely to help you – and your risk assessment team should also be regularly reviewing the latest protective measures available. The longer a security method is used, the more time the hackers have to compromise its integrity. Are you sure that you’ve given your IT department the tools to keep one step ahead?
Just recently, the Poteck Power Corporation in Midwestern Ontario has paid out a total of $4.3 million to customers across that region for incorrect utility bills. The Maplewood Manor in Seaforth, Canada, just one of the many businesses to fall victim to the utility bill errors has been refunded nearly $10,0000.
Jill MacCannell, public relations coordinator for Poteck Power Corporation, the company responsible for retrieving the large lump sums of money throughout the province said this phenomenon of “overcharging” utility customers is presently occurring “all over Ontario.”
Locals throughout that region have been appalled at the types of customers falling prey to the overcharges – including many nursing homes and non-profit organizations.
Had a private Utility Bill Auditing Company not reached out to the organization and encouraged them to examine their utilities, they would never have found the error and could have been paying those high rates for years.
Don’t want to pay to find errors that might not be there? Applied Utility Auditors offers bill auditing on contingency.
A new year, a new design, another win. BlackBerry’s PRIV secure smartphone powered by Android, has hit the ground running with rave reviews from journalists, customers and respected third-party testing agencies highlighting its one-of-a-kind design and security features. PRIV demonstrated its design prowess in one of the most important competitions dedicated to product design, Red Dot Product Design 2016. Red Dot awarded PRIV the Product Design award for high design quality, where only outstanding products were recognized for their achievements. PRIV was selected from a record number of 5,214 products from 57 nations, where 41 jury members designated the awards. Blackberry has consistently been recognized by Red Dot for its outstanding work in design. In 2015, the BlackBerry Passport won Red Dot: Best of the Best for its innovative design. In 2014 the BlackBerry Q10 won a Red Dot award and again in 2013 with the BlackBerry Z10. In 2013 Porsche Design won in the “Best of the Best” category for Porsche Design P’9981 smartphone. Danish fashion designer David Andersen was on-site for this year’s jury session and said: “It is inspiring to see designs from all over the world and to follow the development. It is a pleasure to be a juror in a group of such competent designers who are looking at so many fantastic products and discussing each one individually.” BlackBerry’s PRIV was designed by a highly skilled team of engineers and architects who brought to life the ideation of an Android-powered device with BlackBerry’s acclaimed physical keyboard, alongside a new world of security functions. “Our BlackBerry Design Team is extremely excited to be recognized by the prestigious Red Dot, given the time and energy spent on developing this next level design for BlackBerry,” said Scott Wenger, Global Head of BlackBerry Devices Design. “PRIV is an innovative device encompassing a re-imagined form factor while also offering security standards on an Android device that many in the industry never thought would be possible. These design features and security enhancements set PRIV apart from the pack.” We are so impressed and thankful for the brilliant designers, engineers, and overall team who came together to help us develop PRIV! Giant congratulations to the BlackBerry Design team!
