Wednesday, March 30, 2022

Addressing Russian Cybersecurity Threats

Following the news of the crisis unfolding between Ukraine and Russia over the past several weeks, many may have concerns about threats on the cyber battlefield at home. Our friends at Infosec have provided advice on how to outsmart Russian cyber adversaries seeking to exploit the current environment.
 



Here are 3 best practices Infosec’s Principal Security Researcher Keatron Evans advises:  

  1. Follow Columbia College's Information Security Plan Policy

  2. Watch out for phishing attacks — especially those related to current events.

  3. Stop and think before you click!
Feel free to contact us if you have any questions

Cougar Security Team




at

Thursday, March 3, 2022

Protect Yourself This 2022 Tax Season

 


Benjamin Franklin said that the only certain things in life are death and taxes. While we get ready for tax season at the beginning of each year, another certainty exists: cybercriminals will attempt tax-related scams. April 18th marks the Internal Revenue Service’s (IRS) tax filing deadline for 2022. While you might be rushing to file your returns (breathe?….you still have time), you may be the next target for a cyber-attack. During the tax season, fraudsters and cybercriminals use social engineering to lure and deceive people into unwittingly handing out credentials, money, and personally identifiable information (PII).

Many cybercriminals also use the tax season to deliver threats like ransomware, spyware, and banking trojans. Others use fake IRS phone calls and online services to trick taxpayers into sending money to the fraudster’s accounts.

Here’s what you need to know about tax scams and what you should look out for to avoid them.

What are IRS Tax Frauds

First, what is IRS Tax fraud? IRS Tax Fraud are scams usually the beginning part of the year, revolving around tax preparation season. IRS tax scams typically begin with an email posing as the IRS (there are other methods of attacks)and redirect unsuspecting users to phishing and malware-ridden websites. Emails can also have malicious attachments such as spyware, backdoor or banking malware, and remote access trojans impersonating legitimate files. These threats are designed to steal your PII, which an attacker can then use to access your accounts or sell your account info in underground marketplaces.

These threats became so prevalent that, in 2004, the IRS came up with a list: the Dirty Dozen.  Compiled annually, the Dirty Dozen list details the most common scams to help protect taxpayers. Here are the IRS DirtyDozen for 2021

What to Look Out For

Below are some common thing to look out for.

·         Phishing Emails - Emails claiming to be from the IRS, typically promising you with sizeable tax refunds or threatening you with legal action. Variations of these schemes include hijacking your personal bank account, filing fraudulent tax returns, and then asking the you to refund the money by posing as a collection agency or the IRS. Other phishing schemes also target employee financial information (e.g. Form W-2 data).

·         Phone Scams - Unsolicited phone calls claiming to be from the IRS intimidating you with legal action to coerce you into paying a fake tax bill. These scams also include the so-called “robocall,” a text-to-speech recorded voicemail that directs you to contact a specific number.

·         Identity Theft - Tax-related identity theft schemes entail scammers using stolen Social Security or Individual Taxpayer Identification numbers to claim tax returns or refunds. Other cybercriminals target businesses by illicitly filing corporate income tax returns using stolen identities.

·         Return Preparer Fraud - This type of fraud involves tax professionals/preparers filing false income tax returns. This includes claiming inflated or excessive credits, expenses, deductions, and exemptions, sometimes without your knowledge.

·         Inflated Refund Claims - Scammers lure you by promising you credits, rebates, or benefits. Some fraudsters use fake forms (e.g., W-2 or Form 1099) which improperly report taxable income.

·         Falsifying Income to Claim Credits - Like inflating refunds, this kind of fraud involves reporting made up income to increase refundable tax credits. Variations of this fraud include scammers conning you into signing fake forms and providing PII in order to claim a refund.

·         Fake Charities – Fraudsters may set up fake charities then try to deceive you into making donations or giving out your PII, luring you with tax incentives.

·         Pandemic-related scams. These are scams fraudsters have taken advantage of since the 2020 pandemic. These include scams regarding unemployment and stimulus payments, and may also ask you to provide PII to claim tax credits.

The IRS has tons of things to keep an eye out on, check out their Dirty Dozen for 2021 to see what might be going on for 2022. 

How to avoid tax scams

You should exercise caution. Never open links or attachments that come from unexpected or suspicious senders, especially when they claim to be from officials or agents of government organizations. Unsolicited email from an IRS-related component such as Electronic Federal Tax Payment System (EFTPS) should be immediately reported to the IRS via phishing@irs.gov.

To help you avoid IRS scams, here are the things that the IRS will never do:

·         Call and demand immediate payment or call about taxes owed without first having sent a bill.

·         Initiate contact by email to request personal or financial information.

·         Demand tax payment without giving you the opportunity to question or verify the owed amount.

·         Ask you to give out credit and debit card information over the phone or email.

·         Require you to use a specific payment method, such as a prepaid debit card, to pay your taxes.

·         Threaten to bring law enforcement to have you arrested for not paying.

at