Category Archives: Cyber Attacks

As Scammers try harder, just be more clever! (update)

Posted on by

We are constantly assaulted by texts, emails and calls with people trying to access our information for their benefit or trying to trick us into sending them payments.  How do you protect yourself?

The first step:  Think before panicking and reacting; careful observation could save you from a scam!  If you have an emotional response to a message, try to assess why and wait to respond.  Scammers use deception and emotions, so be wary.  

Second step:  practice computer and internet hygiene – install all updates, run anti-virus and malware programs, avoid suspicious interactions, freeze your credit accounts and monitor your credit, use multi-factor verification, and respond to any bona fide alerts.  Also encrypt and back-up sensitive data to protect it from access.  

Final step:  never divulge personal information without first verifying the contact independently.  For a text or email, check your account on your smartphone app or website browser – but don’t use the link in the message!  If the message is a text, you can often delete and report it as junk on your phone. 

We updated some examples of recent scams – any sound familiar? – to help you calm any emotional reaction before responding:

  • Do you really think you won a lottery you never entered?  There is the old joke that says, “what, you didn’t buy a ticket?”
  • If you don’t have a credit card with Wells Fargo, why are they calling you about a BestBuy purchase?  This may make you curious and want call only to hear the recording asking you to input your debit card number – don’t provide it!  Banks and brokers will not ask you to divulge your information.  Also, you can verify the bank numbers on line. 
  • If Amazon really thinks there is fraud, why does the person answering the call say “Thanks for calling Amazon” when the call came from them?  Why do they know nothing about your account information?  If there was a fraud, they would be telling you about the transaction instead of asking for all your account details.  Check your account on your app or the Amazon website. 
  • Do you think you won a gift from Ace Hardware, Walmart or another place where you haven’t been shopping?  Check the e-mail address or text number – if it’s not from the company, then someone is trying to gain access to your information.  
  • Should I respond to this silly personality quiz on Facebook?  No, it might be phishing for personal details for identity theft.
  • Is this great job offer for me?  If you didn’t apply, why is this company reaching out to you?  Again, check the email address or phone number independently. 
  • Do you actually think you are the one randomly chosen to receive an inheritance from someone in another country who supposedly has no heirs?  The estate mentioned is often from a country you may never have visited, and the estate is an enormous amount.  As your grandmother may have told you, “if it sounds too good to be true, it is!”
  • Does your phone or computer really have this terrible virus?  How did they detect this?  Run your own antivirus scan. 
  • If you did not buy a MacBook or AirPods and no one stole your credit card, why is someone calling from the Netherlands to claim a purchase was made on your account?  Often you can tell that the callers are not from the companies they claim. 
  • Why did you receive a Docusign message or a PDF attached to an email for your salary or benefits?  And why did it come from someone’s personal email?  Clicking on the link could allow them to install malware and gain access to your financial information – don’t!
  • It may look like a Microsoft message or some other legit message, but why do you suddenly need to update your account password or sign for a matter you don’t recognize?  Check the source of the message –official-looking messages can come from dubious senders, often outside the US.  Be wary of e-mails from random accounts rather than the actual vendor.  
  • Why is someone calling about a Zelle transfer? When you listen, the case number looks suspiciously like a phone number that could allow then to gain access to your bank account. 
  • Why is the border patrol in Texas calling you and claiming that they opened your mail and need to put a hold on your social security number?  What does it even mean to “put a hold on your social security number” and how does that even relate to contraband?
  • Why is UPS or FedEx claiming the item is undeliverable because your address is wrong?  If you did place an order, you would have confirmed the address.  Check the source of the text or email and independently verify any purchases on the vendor site. 
  • You may be worried about crime in your city, but is that robo-caller really providing funds to support police? Most police departments do not solicit funds by this way so hang up and verify any charity before donating.
  • Why are they offering tax debt relief when you are current on your taxes?  Was there some new IRS program you never heard of?  Check with us before responding. 

Summary

If something seems off, it probably is.  Try to avoid a panicked reaction when you receive a notice of an unauthorized payment, an overdue bill, a payment authorization you didn’t expect or a claim that you violated customs.  And don’t click on any link!  Go to the vendor’s phone app or website to access via a browser you trust to check before responding.  The link in a text or e-mail may appear okay but close examination may reveal some flaw.  

And here is good reminder from the IRS:

  • The IRS will never contact a taxpayer using social media or text message. The first contact from the IRS usually comes in the mail. Taxpayers who are unsure whether they owe money to the IRS can view their tax account information on IRS.gov.

The FTC suggests that you can send a screenshot to 7726 (SPAM).  This may help your wireless provider identify and block similar messages in the future.  You can also report it to the FTC at ReportFraud.ftc.gov.  And if you do become a victim, this New York Times article How to Avoid Online Scams and What to Do if You Become a Victim had information with links on what to do if you are scammed.  

Stay safe and let me know if you have any questions or comments! 

Steven

A collection of thoughts and links for 2023 tax prep season

Posted on by

Tax Season Tips and Links

As we gear up for tax season, here is a collection of thoughts and suggestions:

As noted previously, the TCJA expires after 2025, so we encourage planning for all those changes.  For some ideas, see our post on turn tax planning on its head for income taxes and see this post on estate planning.

When you work on your IRS form 1040 for 2023, how do you plan to answer the question on digital assets?  That question has changed over the years and now reads:

At any time during 2023, did you:  (a) receive (as a reward, award or payment for property or services); or (b) sell, exchange, gift or otherwise dispose of a digital asset (or a financial interest in a digital asset)? 

2023 form 1040

Some tax pros think this question covers items such as a ticket for events like the Super Bowl, as these are non-fungible tokens, or NFTs, being unique and recorded in digital ledgers.  Therefore, if you purchased such an NFT, you need to answer “yes.”  When in doubt, saying yes may be the best response.

We reported that the SECURE Act 2.0 allows for unused 529 plan contributions to go into a Roth IRAs.  Here is a planning suggestion for parents and grandparents:  start early with 529 plan contributions so that there is a surplus over college costs that can be converted to a Roth later, within the limits.  

There are also some significant cases before the Supreme Court we are watching, including the Moore case on unrealized income.  

The IRS continues to deal with a huge backlog of mail to process, including many amended returns.  They say that this is due to prioritizing answering calls over processing during the Pandemic.

And the IRS warns again to be wary of phishing attempts by phone, e-mail and text.  They have a page on phishing and how to respond.

Massachusetts changed the estate tax law so we now have a true exemption of $2 million.  This may tilt more toward planning to avoid capital gains rather than estate taxes.  

For more ideas, please see “Year-end Tax Planning 2023-2024 and recent changes” to read more and let us know if you want to discuss any of the strategies. 

Let me know if you want to discuss anything. 

Thank you and be well.

Steven

As Scammers try harder, just be more clever!

Posted on by

We are assaulted by people trying to access our information for their benefit or trying to trick us into sending a payment fraudulently.  Now, with all the news on artificial intelligence, we will see even more ways we may be assaulted. 

How do you protect yourself?

The first step:  Think before panicking and reacting; careful observation could save you from a scam!

Here are some examples, starting with familiar ones:

  • Do you really think you won a lottery you never entered?  There is an old joke about not buying a ticket.
  • Do you think you won a gift on Ace Hardware or Walmart when you haven’t been shopping there? Check the e-mail address – if it’s not from the company, then someone is trying to gain access to your information.
  • Do you actually think you are the one randomly chosen to receive an inheritance from someone in another country that supposedly has no heirs?  The estate mentioned is often from a country you may never have visited, and the estate is an enormous amount, so probability says it cannot be real.
  • If Amazon really thinks there is fraud, why does the person answering the call say “Thanks for calling Amazon” when the call came from them, and why do they know nothing about your account so that they have to ask for your information?  If there was a fraud, they would be telling you about the transaction instead of asking for all your account details.
  • No one stole your credit card, and you know you did not buy a MacBook or Airpods, so why is someone calling from the Netherlands to claim a purchase was made on your account?  Often you can tell that the callers are not from the companies they claim. 
  • It may look like a Microsoft message or some other legit message, but why do you suddenly need to update your account or sign for a matter you don’t recognize?  Check the source of the message – we have seen official-looking messages from many dubious senders, including some from India, Japan, Russia or somewhere else.  Be wary of e-mails from random accounts rather than the actual vendor.  
  • Why is the border patrol in Texas calling you claiming that they opened your mail and need to put a hold on your social security number? What does it even mean to “put a hold on your social security number” anyway and how does that even relate to contraband?

If you receive notice of an unauthorized payment or overdue bill, or even a payment authorization you didn’t expect, don’t click on the link, go to the vendor’s website to access via a browser you trust to check before responding.  The link in a text or e-mail may appear okay but close examination reveals some flaw.  

The same applies if you receive a DocuSign notice:  make sure the sender is legitimate.  Clicking on the link could allow them to install malware and gain access to your financial information. 

Here’s another example:  We recently had someone claim to have seen our website and want to hire us for tax work.  When we asked for more information about their situation, including the state in which they filed, the response was a message asking to click on links to their information.  The fact that they did not respond to questions about hiring a tax professional was a tip-off.  The IRS warns:

Thieves take time to craft personalized emails to entice tax professionals to open a link embedded in the email or open an attachment. Tax pros have been especially vulnerable to spear phishing scams from thieves posing as potential clients. Thieves might carry on an email conversation with their target for several days before sending the email containing a link or attachment. The link or attachment may secretly download software onto tax pros’ computers that will give the thieves remote access to the tax professionals’ systems.

IRS

You can avert risks by being very suspicious, as well as being cautious. 

More steps:  you will also want to monitor your credit, even freeze your credit accounts, make sure your computer and smartphone software is up to date, use two-factor verification, run your malware and antivirus scans frequently, and respond to any alerts.  For more ideas such as getting an PIN from the IRS, see our post on Phishy Phone calls.  Here is good reminder from the IRS:

This New York Times article How to Avoid Online Scams and What to Do if You Become a Victim had more good ideas on avoiding scams and what to do if you are scammed.

Let me know if you have any questions or comments and stay cautious! You can always call me if you are not sure what to do.

Steven

How not to fall for Phishy IRS calls and other Scams

Posted on by

These days, nearly all of us get calls, e-mails and text messages trying to gain access to our finances.  You have probably seen or heard of the call “from Amazon” about a new iPhone order, the call “from Social Security” indicating that your number has been suspended, which requires your immediate action with someone on the phone, the e-mail with a “voicemail message” attached for you to click on to hear, and the e-mail with an “invoice” for you to approve.  There are many more forms and styles, and more keep coming.

This post focuses on the calls purporting to be from the IRS, and the purpose of this post is to help make you more wary so you do not fall victim to any of these scams. 

The IRS recently posted its dirty dozen for 2021, a list of scams that focuses on Pandemic-related scams, like unemployment claims, but also fake charities, urgently seeking donations, and offer in compromise scams, claiming to have ways to reduce your taxes owed.  There are other scams that target elderly or people for whom English is a second language.  And some scams offer to file conservation easements and improper business credit claims for you.   

Calls “from the IRS”

The call insisting that you owe the IRS and need to pay is a scan that has been around for some time.  The IRS website, and the recorded message when you are on hold contacting the IRS, says:

  • The IRS won’t initiate contact by phone, email, text or social media asking for Social Security numbers or other personal or financial information. 
  • The IRS generally first contacts people by mail – not by phone – about unpaid taxes.
  • The IRS may attempt to reach individuals by telephone but will not insist on payment using an iTunes card, gift card, prepaid debit card, money order or wire transfer.
  • The IRS will never request personal or financial information by e-mail, text or social media.

Furthermore, the IRS will ask you to confirm your identity before discussing any tax matters with you. 

Protect your tax filings

To help insure that no one can file under your social security number, the IRS suggests obtaining an ID PIN for filing your tax returns.  The PIN is now available to all taxpayers; you include it when you file your tax returns so that the IRS can verify that it is you filing.  This prevents others from filing bogus refund claims under your social security number. 

You can also include your driver’s license when filing, so the IRS and state revenue departments can verify that it is you filing, not an imposter. 

Be Vigilant

To protect your finances, you need to be vigilant.  Before you answer the phone, what does the caller ID say?  Is it a legit company or “unknown”?  Before you respond to an e-mail, does the address look like a real customer service company site or something random?  Is the grammar or content in the call or message off?  If it seems off, it probably is. 

Usually, you can find safe and easy ways to confirm the information in question by placing your own call or logging onto the related website online, rather than responding directly. 

The IRS recommends setting up multi-factor identification to access your financial information.   The IRS suggests more steps here:

  • Using anti-virus software and set it for automatic updates. Anti-virus software scans existing files and drives on computers – and mobile phones – to protect from malware.
  • Using a firewall to shield digital devices from external attacks.
  • Using backup software/services to protect data. Making a copy of files can be crucial, especially if the user becomes a victim of a ransomware attack.
  • Using drive encryption to secure computer locations where sensitive files are stored.  Encryption makes data on the files unreadable to unauthorized users.
  • Creating and securing Virtual Private Networks. A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the Internet and the company network. Search for “Best VPNs” to find a legitimate vendor; major technology sites often provide lists of top services.

Conclusion

If something smells “phishy,” it probably is.  So be cautious, even suspicious of interaction asking for personal and financial information.  Set up two-factor verification and an IRS PIN.  And let me know if you have questions or concerns.  I will try to help.

How to stay safe after the Equifax data breach

Posted on by

(as also appeared online at IRIS.xyz)

Equifax disclosed last week that the personal financial information of up to 143 million users had been exposed in a massive hack last July. This represents roughly two-thirds of all credit card holders, so you may be affected.

The delay in disclosing is troubling, and the hack raises questions about oversight of the credit bureaus and even about the impact on their management. We can see the impact on investors: the Equifax share price has dropped over 20%

While we can discuss these issues and more, the priority is shoring up your personal credit.

Impact

Was your data taken? There are links from Equifax, Norton and others where you can attempt to determine the impact on you personally. However, these sites seem to default to “you may be affected,” even if you put in bogus information.

The good news is that Equifax has responded to consumer pressure to make certain services free.

Act now

You will want to act as soon as possible to keep your financial information safe.

“There are so many entities who need to check your credit: when you’re renting an apartment, getting insurance, a new cell phone, utilities,” Liz Weston, a financial planner and columnist at NerdWallet, told BuzzFeed News. “But at this point the breach is so great” that taking measures to safeguard your identity is worth it. She recommends instituting credit freezes.

Equifax free service – sign up on line for the complimentary service being provided by Equifax, which provides the following:

  • three-bureau credit file monitoring with alerts,
  • credit report lock,
  • scanning of suspicious sites for use of your social security number,
  • Equifax credit reporting, and
  • $1 million identity theft insurance covering certain out-of-pocket expenses.

Monitor your cards – review your monthly credit card, bank and loan statements for suspicious activity. You have a right to free credit reports so obtain them and review for unauthorized activity.

Also, watch for unexpected calls or mail, such as debt collectors or people posing as IRS agents, because these may be signs that your information may be in the hands of thieves.

Credit freeze – request a freeze on your credit from all three agencies: Equifax, TransUnion, and Experian. Equifax will not charge you but the others will.

Requesting a credit freeze prevents thieves from using your identity to get loans or credit cards in your name, even if your personal information was compromised by the hack. You essentially pay to bar each of three credit reporting agencies — Equifax, TransUnion, and Experian — from providing a credit report without both your explicit permission and a personal identification number (PIN) that temporarily lifts the freeze. (Freezes do not affect financial institutions or companies you have an existing relationship with, only new ones.)

Make sure to place the freeze with all three bureaus and to keep your PINs for unlocking the freezes in a safe place.

“A credit freeze with only one bureau is incomplete protection,” Mike Litt, the consumer program advocate at the US Public Interest Research Group, a consumer group, said. Consumer experts recommended getting a freeze with all three agencies.

There are companies such as LifeLock that provide bundled services. If cost is not an object, that may be the best course of action. Here is the Lifelock response on Equifax.

Fraud alert – if you are certain that your information has been taken, place alert all three credit bureau websites. You can access the TransUnion site here. Some protection is free, but their premium package costs $9.95

If you are the subject of identity theft, there are many resources now that help you report and recover. The Federal Trade Commission website can help devise a recovery plan to implement.

PINs and passwords – the passwords and PINs you use could be the next issue. You may want to change what you use now and update annually, if not more often.

Updates – Equifax continues to provide updates on the status of the hack and their response.

And news sites continue to report on the hack – see this NY Times article.

Summary

There are many steps to take, and the information taken may not be used for some time. So, you will want to take some if not all the steps outlined above. If you have trouble doing so, or if you have questions, let us know.

And for more reading, the Better Business Bureau is one resource for tips on avoiding scams. And, the FTC is a good resource for identity theft.

Good luck and stay safe!