Category: Cyber-Security

Staying Safe Online – April 4, 2018

Staying safe from tax scams
Though Benjamin Franklin is often quoted as saying “in this world, nothing can be said to be certain, except death and taxes,” an updated version for the current day would need to include tax scams. As people nationwide seek to file their tax returns, cybercriminals attempt to take advantage of this with a variety of scams. Hundreds of thousands of U.S. citizens are targeted by tax scams each year, often only learning of the crime after having their legitimate returns rejected by the Internal Revenue Service (IRS) because scammers have already fraudulently filed taxes in their name. The IRS reported a 400% rise in phishing scams from the 2015 to the 2016 tax season. In the state, local, tribal, and territorial government sector during 2017, approximately 30% of all reported data breach incidents were related to the theft of W-2 information, which was likely used for tax fraud.
How is Tax Fraud Perpetrated?
Unfortunately, much of your personal information can be gathered from multiple locations online with almost no verification that the right person is receiving the information. Criminals know this, so they use this trick to get your personal information from a variety of websites and use the information to file a fake tax refund request! If a criminal files a tax return in your name before you do, they will file it with false information to get a large refund, forcing you to go through the arduous process of proving that you did not file the return and subsequently correcting the return. Once they have your personal information, criminals can continue to commit identity theft well beyond the tax season.
Another favorite technique used by criminals during the tax season is sending phishing messages indicating that a new copy of your tax form(s) is available. These emails often impersonate state, local, tribal, and territorial government comptroller and/or IT departments. They might include a link to a phishing website that uses your organization’s logo and the email might even have the right signature line. If you fill out or attempt to login into the phishing website, the criminals will be able to see your login name and password, which they can then use to try and compromise your other accounts. The more information they gather from you, the easier it is for them to use the information to file a fake tax return in your name.
Tax fraudsters also impersonate the IRS and other tax officials to threaten taxpayers with penalties if they do not make an immediate payment. This contact may occur through websites, emails, or threatening calls and text messages that look official but are not. Sometimes, criminals request their victims pay the “penalties” via strange methods like gift cards or prepaid credit cards. It is important to remember:
The IRS will not initiate contact about payment with taxpayers by phone, email, text messages, or social media without sending an official letter in the mail first.
The IRS will not call to demand immediate payment over the phone using a specific payment method such as a debit/credit card, a prepaid card, a gift card, or a wire transfer.
The IRS will not threaten to immediately notify local police or other law-enforcement agencies to have you arrested for not paying .
The IRS will not demand that you pay taxes without giving you the opportunity to question or appeal the amount you owe.
What Can You Do?
Here are some basic tips to help you minimize the chances of becoming a victim of a tax scam:
If you haven’t already, file your taxes as soon as you can … before the scammers do it!
Be aware of phone calls, emails, and websites that try to get your information, or pressure you to make a payment. If something seems suspicious, contact the organization through a known method, like their publicly posted customer service line.
Ignore emails and texts asking for personal or tax information. Be cautious as to whom you provide your information, including your Social Security Number and date of birth.
Don’t click on unknown links or links from unsolicited messages. Type the verified, real organizational website into your web browser.
Don’t open attachments from unsolicited messages, as they may contain malware.
Only conduct financial business over trusted websites. Don’t use public, guest, free, or insecure Wi-Fi networks.
Remember, the “HTTPS” does not mean a site is legitimate.
Shred all unneeded or old documents containing confidential and financial information.
Check your credit report regularly for unauthorized activity. Consider putting a security freeze on your credit file with the major credit bureaus if you suspect you have been targeted for identity theft.
If you receive a tax-related phishing or suspicious email at work, report it according to your cybersecurity policy. The IRS encourages taxpayers to send suspicious emails related to tax fraud to its phish ing@irs.gov email account or to call the IRS at 800-908-4490. More information about tax scams is available on the IRS website and in the IRS Dirty Dozen list of tax scams.
If you suspect you have become a victim of tax fraud or identity theft, the Federal Trade Commission (FTC) Identity Theft website will provide a step-by-step recovery plan. It also allows you to report if someone has filed a tax return fraudulently in your name, if your information was exposed in a major data breach, and many other types of fraud.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – March 7, 2018

Don’t Share That!
Are you telling the bad guys useful information and might not even realize it or understand the implications?
Isn’t social media great? It allows you to interact with long lost friends and family not to mention your business network. “What’s the big deal? I posted my maiden name so my old friends can find me! Oh, and I’ve also helped my mom set hers up the same way. I even marked her as my mom, I also marked my aunt, cousins, kids, etc. as relatives.” Perhaps you took one of those fun surveys that ask you for personal information to share. Now everyone knows your favorite: store to shop, vacation destination, workplace, restaurant, teacher’s name, street you grew up on, first telephone number, color, as well as your dog’s name. Not to mention, you can easily boast about your excitement before boarding a flight to your awesome vacation and tag yourself when you get there!
Consider the treasure trove of information you’ve given the bad guys. You’ve given away a common security question’s answer; your mother’s maiden name. Additionally, you’ve also given someone trying to gain access to your personal data a good bit of telltale answers to likely security questions. Does everyone really need to know your favorite teacher’s name was Mr. Franklin, or your childhood street was Farmington Ave.? No. Regarding that big trip; most of your friends will ‘like’ your vacation status and photos just as much after you arrive home. Do you really want to tack up a big sign on the Internet that basically says: “I’m going to be 1,300 miles from home for the next 5 days …” for thieves to see? No.
It’s best to avoid sharing too much personal information with everyone, even if it appears as a harmless survey. Read closely, there’s usually something personally identifiable innocuously hidden amongst questions about your favorite food or color. Avoiding that “harmless repost” just might save your bank account from being compromised. Resist that temptation to tell everyone you’re just about to head to the Bahamas. That excitement isn’t worth coming home from vacation to find your personal property stolen, damaged, and ransacked.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – February 7, 2018

Several years ago, creating a cybersecure home was simple; most homes consisted of nothing more than a wireless network and several computers. Today, technology has become far more complex and is integrated into every part of our lives, from mobile devices and gaming consoles to your home thermostat and your refrigerator. Here are four simple steps for creating a cybersecure home.
Your Wireless Network
Almost every home network starts with a wireless (or Wi-Fi) network. This is what enables all your devices to connect to the Internet. Most home wireless networks are controlled by your Internet router or a separate, dedicated wireless access point. They both work the same way: by broadcasting wireless signals. The devices in your house can then connect via these signals. This means securing your wireless network is a key part of protecting your home. We recommend the following steps to secure it:
Change the default administrator password to your Internet router or wireless access point. (Whichever one is controlling your wireless network.) The admin account is what allows you to configure the settings for your wireless network.
Ensure that only people you trust can connect to your wireless network. Do this by enabling strong security. Currently, the best option is to use the security mechanism called WPA2. By enabling this, a password is required for people to connect to your home network, and once connected, their online activities are encrypted.
Ensure the password used to connect to your wireless network is strong and that it is different from the ad min password. Remember, you only need to enter the password once for each of your devices, as they store and remember the password.
Many wireless networks support what is called a Guest Network. This allows visitors to connect to the Internet, but protects your home network, as they cannot connect to any of the other devices on your home network. If you add a guest network, be sure to enable WPA2 and a unique password for the network.
Not sure how to do these steps? Ask your Internet Service Provider or check their website, check the documentation that came with your Internet router or wireless access point, or refer to their respective website.
Your Devices
The next step is knowing what devices are connected to your wireless home network and making sure all of those devices are secure. This used to be simple when you had just a computer or two. However, almost anything can connect to your home network today, including your smartphones, TVs, gaming consoles, baby monitors, speakers, or perhaps even your car. Once you have identified all the devices on your home network, ensure that each one of them is secure. The best way to do this is ensure you have automatic updating enabled on them wherever possible. Cyber attackers are constantly finding new weaknesses in different devices and operating systems. By enabling automatic updates, your computer and devices are always running the most current software, which makes them much harder for anyone to hack into.
Passwords
The next step is to use a strong, unique password for each of your devices and online accounts. The key words here are strong and unique. Tired of complex passwords that are hard to remember and difficult to type? So are we. Use a passphrase instead. This is a type of password that uses a series of words that is easy to remember, such as “Where is my coffee?” or “sunshine-doughnuts-happy-lost”. The longer your passphrase is, the stronger. A unique password means using a different password for each device and online account. This way, if one password is compromised, all your other accounts and devices are still safe. Can’t remember all those strong, unique passwords? Don’t worry, neither can we. That is why we recommend you use a password manager, which is a special security program that securely stores all your passwords for you in an encrypted, virtual safe.
Finally, enable two-step verification whenever available, especially for your online accounts. Two-step verification is much stronger. It uses your password, but also adds a second step, such as a code sent to your smartphone or an app on your smartphone that generates the code for you. Two-step verification is probably the most important step you can take to protect yourself online, and it’s much easier than you think.
Backups
Sometimes, no matter how careful you are, you may be hacked. If that is the case, often the only way you can recover your personal information is to restore from backup. Make sure you are doing regular backups of any important information and verify that you can restore from them. Most mobile devices support automatic backups to the Cloud. For most computers, you may have to purchase some type of backup software or service, which are relatively low-priced and simple to use.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – January 10, 2018

The process of authentication, or proving who you are, is key to protecting your information, such as your email, social media, or online banking accounts. You may not realize it, but there are three different ways to prove who you are: what you know, such as a password, what you have, such as your driver’s license, and some part of you, such as your fingerprint. Each one of these methods has advantages and disadvantages.
Passwords Are No Longer Enough
Passwords prove who you are based on something you know. But if someone can guess or gain access to your password, they can then pretend to be you and access all of your information. Compromised passwords have become one of the leading causes for hacked accounts. This is why you are taught to use passphrases that are hard for others to guess, a different one for every account, and to never share your passwords with others. While this advice remains valid, passwords are no longer as effective. Luckily, there’s a simple and quick way to put you in control and keep your personal information safe. It’s called two-factor authentication.
What Is Two-Factor Authentication?
Two-factor authentication (also called two-step verification, multi-factor authentication, or 2FA) is far stronger than just using passwords by themselves. It works by requiring not one, but two different methods to prove you are who you say you are. A good example is your ATM card. When you withdraw money from an ATM machine, you are actually using two-factor authentication. To access your cash, you need two things: your ATM card (something you have) and your PIN number (something you know). If your ATM card is lost or stolen, others cannot withdraw your money without also knowing your PIN. A thief must have both
your ATM card and pin to make a withdrawal. Two-factor authentication uses the same concept.
How It Works
Two-factor authentication is widely available on most major banking, email, social networking, and other sites. In addition, most of these sites offer simple step-by-step instructions how to turn on two-factor authentication. Once you enable two-factor authentication, you can expect it to work like this. First, you log in to your account using your username and password, just as you always have. This is the first of the two factors–something you know. Then you will receive a unique code, often by text to your smartphone. You then enter that code into the login screen. This is the second of the two factors–you must have your phone to receive that code. Now your account is truly locked down. Even if a cybercriminal steals your password, they cannot access your account unless they also have your phone.
Instead of receiving the unique code via text messaging, you can install a special authentication app on your smartphone. This mobile app generates a unique code for you every time you want to log in. The advantage of using a mobile app is it is even more secure, since the code is generated through the app and not sent via text messaging. In addition, it is more convenient, since you do not need to be connected to a phone service to receive your unique code. The app is constantly generating new codes you can use to log in to your account.
While two-factor authentication may seem like more work at first, your personal information will be substantially more secure. Don’t wait until your accounts have been hacked; lock down your login by enabling two-factor authentication on your key accounts, such as email, banking, or social media, and enjoy a greater peace of mind knowing you are far more secure.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – November 22, 2017

 Shopping Online Securely
The holiday season is nearing, and soon millions of people around the world will be looking to buy the perfect gifts. Many of us will choose to shop online in search of great deals and to avoid long lines and impatient crowds. Unfortunately, this is also the time of year many cyber criminals create fake shopping websites to scam and steal from others. 
Fake Online Stores
While many online stores are legitimate, there are some fake websites set up by cyber criminals. Criminals create these fake websites by replicating the look of real sites or using the names of well-known stores or brands. They then use these fraudulent websites to prey on people who are looking for the best deal possible. When you search online for the absolute lowest prices, you may find yourself directed to one of these fake websites. When selecting a website to make a purchase, be wary of websites advertising prices dramatically cheaper than anywhere else or offering products that are sold out nationwide. The reason their products are so cheap or available is because what you will receive is not legitimate, may be counterfeit or stolen, or may never even be delivered. Protect yourself by doing the following:
When possible, purchase from websites that you already know, trust, and have done business with previously.
Verify the website has a legitimate mailing address and a phone number for sales or support-related questions. If the site looks suspicious, call and speak to a human. If you can’t get a hold of someone to talk to, that is the first big sign you are dealing with a fake website.
Look for obvious warning signs, like deals that are obviously too good to be true or poor grammar and spelling.
Be very suspicious if a website appears to be an exact replica of a well-known website you have used in the past, but its domain name or the name of the store is slightly different. For example, you may be used to shopping online at Amazon, whose website is https://www.amazon.com. But be very suspicious if you find yourself at websites pretending to be Amazon, such as http://store-amazoncom.com.
Type the store’s name or URL into a search engine and see what other people have said about the website in the past. Look for terms like “fraud.” “scam,” “never again,” or “fake .” A lack of reviews can also be a sign indicating that the website is very new and might not be trustworthy.
Before purchasing any items, make sure your connection to the website is encrypted. Most browsers show a connection is encrypted by having a lock and/or the letters HTTPS in green right before the website’s name.
Remember, just because the site looks professional does not mean it’s legitimate. If you aren’t comfortable with the website, don’t use it. Instead, find a well-known website you can trust or have safely used in the past. You may not find that absolutely amazing deal, but you are much more likely to end up with a legitimate product and avoid having your personal and financial data stolen.
Your Computer/Mobile Device
In addition to shopping at legitimate websites, you want to ensure your computer or mobile device is secure. Cyber criminals will try to infect your devices so they can harvest your bank accounts, credit card information, and passwords. Take the following steps to keep your devices secured:
If you have children in your house, consider having two devices, one for your kids and one for the adults. Kids are curious and interactive with technology; as a result, they are more likely to infect their own device. 
Always install the latest updates and run up-to-date anti-virus software. This makes it much harder for a cyber criminal to infect your device.
Your Credit Card
Regularly review your credit card statements to identify suspicious charges, especially after you used your cards to make many online purchases or used a new site. Some credit card providers give you the option of notifying you by email or text messages when charges exceed a set amount. Another option is to have one credit card just for online purchases. That way, if it is compromised, you can easily change the card without impacting any of your other payment activities. This is also why you want to use credit cards for all online purchases and avoid using debit cards whenever possible. Debit cards take money directly from your bank account, so if fraud has been committed, it can be far more difficult to get your money back. Finally, consider using credit cards that generate a unique card number for every online purchase, gift cards, or well-known payment services, such as PayPal, which do not require you to disclose your credit card number to the vendor.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Loading
X

Forgot Password?

Join Us

Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.