Category Archives: Online Protection

As Scammers try harder, just be more clever! (update)

Posted on by

We are constantly assaulted by texts, emails and calls with people trying to access our information for their benefit or trying to trick us into sending them payments.  How do you protect yourself?

The first step:  Think before panicking and reacting; careful observation could save you from a scam!  If you have an emotional response to a message, try to assess why and wait to respond.  Scammers use deception and emotions, so be wary.  

Second step:  practice computer and internet hygiene – install all updates, run anti-virus and malware programs, avoid suspicious interactions, freeze your credit accounts and monitor your credit, use multi-factor verification, and respond to any bona fide alerts.  Also encrypt and back-up sensitive data to protect it from access.  

Final step:  never divulge personal information without first verifying the contact independently.  For a text or email, check your account on your smartphone app or website browser – but don’t use the link in the message!  If the message is a text, you can often delete and report it as junk on your phone. 

We updated some examples of recent scams – any sound familiar? – to help you calm any emotional reaction before responding:

  • Do you really think you won a lottery you never entered?  There is the old joke that says, “what, you didn’t buy a ticket?”
  • If you don’t have a credit card with Wells Fargo, why are they calling you about a BestBuy purchase?  This may make you curious and want call only to hear the recording asking you to input your debit card number – don’t provide it!  Banks and brokers will not ask you to divulge your information.  Also, you can verify the bank numbers on line. 
  • If Amazon really thinks there is fraud, why does the person answering the call say “Thanks for calling Amazon” when the call came from them?  Why do they know nothing about your account information?  If there was a fraud, they would be telling you about the transaction instead of asking for all your account details.  Check your account on your app or the Amazon website. 
  • Do you think you won a gift from Ace Hardware, Walmart or another place where you haven’t been shopping?  Check the e-mail address or text number – if it’s not from the company, then someone is trying to gain access to your information.  
  • Should I respond to this silly personality quiz on Facebook?  No, it might be phishing for personal details for identity theft.
  • Is this great job offer for me?  If you didn’t apply, why is this company reaching out to you?  Again, check the email address or phone number independently. 
  • Do you actually think you are the one randomly chosen to receive an inheritance from someone in another country who supposedly has no heirs?  The estate mentioned is often from a country you may never have visited, and the estate is an enormous amount.  As your grandmother may have told you, “if it sounds too good to be true, it is!”
  • Does your phone or computer really have this terrible virus?  How did they detect this?  Run your own antivirus scan. 
  • If you did not buy a MacBook or AirPods and no one stole your credit card, why is someone calling from the Netherlands to claim a purchase was made on your account?  Often you can tell that the callers are not from the companies they claim. 
  • Why did you receive a Docusign message or a PDF attached to an email for your salary or benefits?  And why did it come from someone’s personal email?  Clicking on the link could allow them to install malware and gain access to your financial information – don’t!
  • It may look like a Microsoft message or some other legit message, but why do you suddenly need to update your account password or sign for a matter you don’t recognize?  Check the source of the message –official-looking messages can come from dubious senders, often outside the US.  Be wary of e-mails from random accounts rather than the actual vendor.  
  • Why is someone calling about a Zelle transfer? When you listen, the case number looks suspiciously like a phone number that could allow then to gain access to your bank account. 
  • Why is the border patrol in Texas calling you and claiming that they opened your mail and need to put a hold on your social security number?  What does it even mean to “put a hold on your social security number” and how does that even relate to contraband?
  • Why is UPS or FedEx claiming the item is undeliverable because your address is wrong?  If you did place an order, you would have confirmed the address.  Check the source of the text or email and independently verify any purchases on the vendor site. 
  • You may be worried about crime in your city, but is that robo-caller really providing funds to support police? Most police departments do not solicit funds by this way so hang up and verify any charity before donating.
  • Why are they offering tax debt relief when you are current on your taxes?  Was there some new IRS program you never heard of?  Check with us before responding. 

Summary

If something seems off, it probably is.  Try to avoid a panicked reaction when you receive a notice of an unauthorized payment, an overdue bill, a payment authorization you didn’t expect or a claim that you violated customs.  And don’t click on any link!  Go to the vendor’s phone app or website to access via a browser you trust to check before responding.  The link in a text or e-mail may appear okay but close examination may reveal some flaw.  

And here is good reminder from the IRS:

  • The IRS will never contact a taxpayer using social media or text message. The first contact from the IRS usually comes in the mail. Taxpayers who are unsure whether they owe money to the IRS can view their tax account information on IRS.gov.

The FTC suggests that you can send a screenshot to 7726 (SPAM).  This may help your wireless provider identify and block similar messages in the future.  You can also report it to the FTC at ReportFraud.ftc.gov.  And if you do become a victim, this New York Times article How to Avoid Online Scams and What to Do if You Become a Victim had information with links on what to do if you are scammed.  

Stay safe and let me know if you have any questions or comments! 

Steven

How not to fall for Phishy IRS calls and other Scams

Posted on by

These days, nearly all of us get calls, e-mails and text messages trying to gain access to our finances.  You have probably seen or heard of the call “from Amazon” about a new iPhone order, the call “from Social Security” indicating that your number has been suspended, which requires your immediate action with someone on the phone, the e-mail with a “voicemail message” attached for you to click on to hear, and the e-mail with an “invoice” for you to approve.  There are many more forms and styles, and more keep coming.

This post focuses on the calls purporting to be from the IRS, and the purpose of this post is to help make you more wary so you do not fall victim to any of these scams. 

The IRS recently posted its dirty dozen for 2021, a list of scams that focuses on Pandemic-related scams, like unemployment claims, but also fake charities, urgently seeking donations, and offer in compromise scams, claiming to have ways to reduce your taxes owed.  There are other scams that target elderly or people for whom English is a second language.  And some scams offer to file conservation easements and improper business credit claims for you.   

Calls “from the IRS”

The call insisting that you owe the IRS and need to pay is a scan that has been around for some time.  The IRS website, and the recorded message when you are on hold contacting the IRS, says:

  • The IRS won’t initiate contact by phone, email, text or social media asking for Social Security numbers or other personal or financial information. 
  • The IRS generally first contacts people by mail – not by phone – about unpaid taxes.
  • The IRS may attempt to reach individuals by telephone but will not insist on payment using an iTunes card, gift card, prepaid debit card, money order or wire transfer.
  • The IRS will never request personal or financial information by e-mail, text or social media.

Furthermore, the IRS will ask you to confirm your identity before discussing any tax matters with you. 

Protect your tax filings

To help insure that no one can file under your social security number, the IRS suggests obtaining an ID PIN for filing your tax returns.  The PIN is now available to all taxpayers; you include it when you file your tax returns so that the IRS can verify that it is you filing.  This prevents others from filing bogus refund claims under your social security number. 

You can also include your driver’s license when filing, so the IRS and state revenue departments can verify that it is you filing, not an imposter. 

Be Vigilant

To protect your finances, you need to be vigilant.  Before you answer the phone, what does the caller ID say?  Is it a legit company or “unknown”?  Before you respond to an e-mail, does the address look like a real customer service company site or something random?  Is the grammar or content in the call or message off?  If it seems off, it probably is. 

Usually, you can find safe and easy ways to confirm the information in question by placing your own call or logging onto the related website online, rather than responding directly. 

The IRS recommends setting up multi-factor identification to access your financial information.   The IRS suggests more steps here:

  • Using anti-virus software and set it for automatic updates. Anti-virus software scans existing files and drives on computers – and mobile phones – to protect from malware.
  • Using a firewall to shield digital devices from external attacks.
  • Using backup software/services to protect data. Making a copy of files can be crucial, especially if the user becomes a victim of a ransomware attack.
  • Using drive encryption to secure computer locations where sensitive files are stored.  Encryption makes data on the files unreadable to unauthorized users.
  • Creating and securing Virtual Private Networks. A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the Internet and the company network. Search for “Best VPNs” to find a legitimate vendor; major technology sites often provide lists of top services.

Conclusion

If something smells “phishy,” it probably is.  So be cautious, even suspicious of interaction asking for personal and financial information.  Set up two-factor verification and an IRS PIN.  And let me know if you have questions or concerns.  I will try to help.

Data and Document Security; Protect Your Stuff!

Posted on by

There are now more tools available than ever to help you organize, access and protect your sensitive data and documents.
man-1187170_1280Well that’s a scary image …

Mobile Devices
The amount of information we store on our mobile devices is staggering: emails, personal contacts, client contacts, banking information, music, and pictures represent only a fraction. You can easily protect this data by enabling the password service, or, in the case of the newer iPhones and iPads, by enabling the fingerprint recognition software.

We have become heavily dependent on these devices that, if we lose them or they malfunction, we could spend days trying restore or replace the data on the device. To protect against this potential headache, you should back up the device regularly. You can also shift more application content to cloud services such as iCloud or G Cloud.

Computer Safety
If you know the sickening feeling of losing an important file that you saved on our computer, then you know you do not want to risk losing all the data on your laptop. That’s why we recommend backing up your important files to an external hard drive, remote server, cloud storage or online back-up program. Some of you may want to make the backup occur automatically, so that all files are stored on a regular basis. Others may prefer to do so manually. If so, be sure to set a reminder that works for you so that you frequently safeguard as much of your important data as possible.

In addition to backing up your files regularly to an external location, we recommend you install anti-virus and malware software. When you buy a computer, an anti-virus program is often included. Make sure the virus definitions are updated constantly. Also, you can add more projection for free, such as Malwarebytes.

Original Documents
There are certain documents that deserve an extra level of security, like original copies of your estate plan (link to planning) for the inevitable. For these documents that hold significant legal and personal importance, place them in Ziplock bags to prevent water damage and store them in either a fireproof safe or a safety deposit box.

Conclusion
Taking these small steps each of you can take now to protect your tax and financial information will prove invaluable if the unexpected occurs.

Scam update for more on Cyber-Attackers, Cloud Computing – be Vigilant!

Posted on by

We wrote before about the need for vigilance to protect you from cybercriminals. We drew on input from Norton Antivirus about social media scams. In this post, we draw upon the Kiplinger’s Tax Letter and SingleHop.com site.

IRS e-mails – You might not think that tax preparers would fall for e-mail scams, but some do. The 2-27-15 Kiplinger’s Tax Letter describes use of bogus e-mails asking professionals to “update their IRS e-services accounts and their electronic filing ID numbers plus provide personal data.” As we have said in prior posts, the IRS categorically states that they do not send out e-mails.

Cloud Computing – SingleHop is a company endeavoring to be private cloud experts. They champion users holding cloud servers accountable for maintaining high level, monitored and updated security for all client files. Their recent newsletter notes that over 250,000 complaints were filed with the FBI’s Internet Crime Complaint Center (ic3.gov) in 2013 alone, of which over 20% were under age 30. (For more on how “private cloud” computing fits in the internet infrastructure, here is a helpful SingleHop page: [[https://www.singlehop.com/private-cloud-hosting/|SingleHop site]])

They caution you not to rely on links from e-mails to the websites you frequent. Instead, they encourage you to create bookmarks for these websites to ensure that you are logging onto the site you intend. They also favor sites that use two levels to authenticate you before granting access to personal information. “With such methods, after logging in with your password, the site will text or email you a single-use code that must be entered. Only the registered phone number or email address will receive the code, making it that much harder for hackers to gain unauthorized access to your accounts.”

Scam Update – With the cautions from both sources in mind, we updated our post, to help you remain vigilant:

//Hidden URLs// – Those shortened URLs are convenient, but they may be links to websites you don’t want to visit, or worse, they could install malware on your computer. SingleHop admonishes, “Especially look out for slightly misspelled words or words that use unexpected characters, such as substituting a “0” (number) for a “0” (letter) — for example, HOME DEPOT. If something looks even a little bit fishy, delete the email or close the site immediately.”

//Phishing Requests// – When you get an invitation to click on any link, think twice. When you click, you may be taken to a fake Twitter or Facebook or to a bank, credit card issuer, or another financial institution login page. SingleHop says “Phishers will design their sites to look exactly like the website of your” institutions. If you fall for the fake website, and enter you username and password, the cybercriminals can use your information on the real website to gain complete control of your account.

//Hidden Charges// – Be wary of those online quizzes that offer to tell you interesting information about yourself like which 1960s sitcom star you resemble. If the quiz asks you for personal information, such as your phone number, stop. If you continue, you many end up subscribing to some service that charges a recurring monthly fee.

//Cash Grabs// – It’s great to make new friends, but maybe not by “friending” strangers on Facebook. That person you just friended on Facebook may soon be asking you for money. You can avoid this situation by limiting your social media connections to people you know personally. Ignore friend requests when you do not know the person and have no friends in common.

//Chain Letters// – Sure, you want to be sure that Microsoft will donate the millions it promised to some worthy charity if you keep the online chain letter going. However, such “chain letter” e-mails are a way for spammers to access your friends to connect with them later. Also, you never know to whom your friends will forward the letter.

Sites that are popular with users are popular with criminals, so remain vigilant when you are on line, and, of course, keep your antivirus and anti-malware software up to date. Be wary and think twice before clicking on a suspicious link!

On-line Scams – some to look out for to protect your finances

Posted on by

Our society today has growing appetite for social media and most of us use it for legitimate purposes: connecting with our friends, pursuing our hobbies or building our businesses. Unfortunately, part of the population has a more insidious use for social media: they want to scam you. Thankfully, a little vigilance can go a long way in protecting you from these cyber criminals. Here is one list you can use, from Norton Antivirus, showing the top five social media scams:
1. **Hidden URLs** – Those shortened URLs are convenient, but they may be links to websites you don’t want to visit, or worse, they could install malware on your computer.
2. **Phishing Requests** – When you get an invitation to click on a link to see a picture of yourself at some wild party, think twice. Once you click, you’re taken to a fake Twitter or Facebook login page where you enter you user name and password. Doing this gives the cyber-criminals complete control of your account.
3. **Hidden Charges** – Be wary of those on-line quizzes that offer to tell you interesting information about yourself like which 1960s sitcom star you resemble. If the quiz asks you for personal information, such as your phone number, stop. If you continue, you many end up subscribing to some service that charges a recurring monthly fee.
4. **Cash Grabs** – It’s great to make new friends, but maybe not by “friending” strangers on Facebook. That person you just friended on Facebook may soon be asking you for money. You can avoid this situation by limiting your social media connections to people you know personally.
5. **Chain Letters** – Sure, you want to be sure that Microsoft will donate the millions it promised to some worthy charity if you keep the on-line chain letter going. However, such “chain letter” e-mails are a way for scammers to access your friends to connect with them later.
Sites that are popular with users are popular with criminals, too. Be vigilant, keep your anti-virus and anti-malware software up to date and think twice before clicking on a suspicious link!