My Software Has Reached End of Life. Now What?

When software reaches end of life (EOL), all of a sudden you find yourself wondering what impact will this have on our organization?  Take a moment to understand what vulnerabilities may be at hand and what are some best practices for planning ahead.

Never just ignore EOL timelines because there are some risks to be concerned about.

EOL Software Dangers:

  • Security vulnerabilities: When using software that’s no longer supported, computers become a gateway for malware.  When vulnerabilities are no longer patched, it leaves the door wide open for hackers.
  • Software incompatibility:  New applications are optimized for the most recent operating systems. That means when using EOL operating systems, you can’t upgrade to the latest and greatest, so you’ll have to hold onto legacy applications which are likely also EOL, or soon to be.  When the legacy applications come to their EOL, they are extremely difficult to migrate onto new infrastructure, costing your business time and money.
  • Poor performance and reliability: Chances are, if you’re still running legacy apps or old versions of Windows, then you have some aging servers and workstations too.  This will add to your risk because these likely out-of-warranty devices are prone to breaking down. Consider the downtime alone could be more costly than an overdue upgrade.
  • High operating costs: If technology is out-of-date or out-of-warranty, both cost and downtime are magnified when a failure occurs.  Your organization can’t afford a mission-critical app failing, and trying to maintain and bug-fix any post-EOL software can be very expensive.
  • Compliance issues: Regulated industries like healthcare and e-commerce deal with lots of sensitive customer data. Entrusting your critical information to a decade-old OS or an insecure application?  In addition to security lapses, it could result in big fines, company shutdowns, or more legal issues that could ruin your organization.

There is no bulletproof way to run EOL software.  Security, compatibility and compliance are all challenges with EOL software.

 

What are some best practices to plan ahead?

  1. Define business service management requirements:   Identify nice-to-have capabilities desired for incident management, service level assurance, problem resolution, change management, configuration management, self-service options, and integration requirements.
  2. Evaluate needs:  Focus on options that will enhance profit, ease business operations, increase revenue and reduce company operational costs. Know what you are looking for and what you want to do for an EOL replacement.
  3. Focus on processes for operations:   Identify service management processes that are unique to your business when considering vendors and purchases.
  4. Leverage modern technology:  A good objective in EOL replacement is to apply the benefits of newer technology to resolve the most obvious pain points in your IT management organization. Investing in the latest software is great, but being mindful about outdated operating systems is even better.

EOL software poses a large risk to organizations every day.  With an adequate understanding of the risks involved, advanced planning, and help from Bryley Systems, you can identify and migrate away from EOL software.  Contact us at 978.562.6077, or by email at ITExperts@Bryley.com to learn more. We are here to help.

Refund and Recovery Scams

The following information was posted by the FTC on their website.

Scam artists buy and sell “sucker lists” with the names of people who already have lost money to fraudulent promotions. These crooks may call you promising to recover the money you lost or the prize or merchandise you never received — for a fee in advance. That’s against the law. Under the Telemarketing Sales Rule, they cannot ask for — or accept — payment until seven business days after they deliver the money or other item they recovered to you.

How the Scams Work

Many consumers might not know that they have been scammed by a bogus prize promotion, phony charity drive, fraudulent business opportunity or other scam. But if you have unknowingly paid money to such a scam, chances are your name is on a “sucker list.” That list may include your address, phone numbers, and other information, like how much money you’ve spent responding to phony offers. Dishonest promoters buy and sell “sucker lists” on the theory that people who have been deceived once have a high likelihood of being scammed again.

These scammers lie when they promise that, for a fee or a donation to a specific charity, they will recover the money you lost, or the prize or product you never received. They use a variety of lies to add credibility to their pitch: some claim to represent companies or government agencies; some say they’re holding money for you; and others offer to file necessary complaint paperwork with government agencies on your behalf. Still others claim they can get your name at the top of a list for victim reimbursement.

The Federal Trade Commission (FTC), the nation’s consumer protection agency, says claims like these often are false. Although some federal and local government agencies and consumer organizations help people who have lost money, they don’t charge a fee. Nor do they guarantee to get your money back, or give special preference to anyone who files a formal complaint.

Seeing Through a Recovery Scam

Here are some tips to help you avoid losing money to a recovery scam:

Don’t give money or your bank or credit card account number to anyone who calls offering to recover money, merchandise, or prizes you never received if the caller says you have to pay a fee in advance. Under the Telemarketing Sales Rule, it’s against the law for someone to request or receive payment from you until seven business days after you have the money or other item in hand.

If someone claims to represent a government agency that will recover your lost money, merchandise, or prizes for a fee or a donation to a charity, report them immediately to the FTC. National, state, and local consumer protection agencies and nonprofit organizations do not charge for their services.

Before you use any company to recover either money or a prize, ask what specific services the company provides and the cost of each service. Check out the company with local government law enforcement and consumer agencies; ask whether other people have registered complaints about the business. You also can enter the company name into an online search engine to look for complaints.1

 

If you get a call like this, hang up, and report it:   ftc.gov/complaint.

 

Reference:

1. Reprinted:  The Federal Trade Commission (FTC) is the nation’s consumer protection agency. The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace.

Federal Trade Commission, Consumer Information

“Free” Security Scan? Beware of Scammers.

“Messages telling you to install and update security software for your computer seem to be everywhere. So you might be tempted by an offer of a “free security scan,” especially when faced with a pop-up, an email, or an ad that claims “malicious software” has already been found on your machine. Unfortunately, it’s likely that the scary message is a come-on for a rip-off.

The free scan claims to find a host of problems, and within seconds, you’re getting urgent pop-ups to buy security software. After you agree to spend $40 or more on the software, the program tells you that your problems are fixed. The reality: there was nothing to fix. And what’s worse, the program now installed on your computer could be harmful.

Scammers have found ways to create realistic but phony “security alerts.” Though the “alerts” look like they’re being generated by your computer, they actually are created by a con artist and sent through your Internet browser.

These programs are called “scareware” because they exploit a person’s fear of online viruses and security threats. The scam has many variations, but there are some telltale signs. For example:

  • you may get ads that promise to “delete viruses or spyware,” “protect privacy,” “improve computer function,” “remove harmful files,” or “clean your registry;”
  • you may get “alerts” about “malicious software” or “illegal pornography on your computer;”
  • you may be invited to download free software for a security scan or to improve your system;
  • you could get pop-ups that claim your security software is out-of-date and your computer is in immediate danger;
  • you may suddenly encounter an unfamiliar website that claims to have performed a security scan and prompts you to download new software.

 

Scareware purveyors also go to great lengths to make their product and service look legitimate. For example, if you buy the software, you may get an email receipt with a customer service phone number. If you call, you’re likely to be connected to someone, but that alone does not mean the company is legitimate. Regardless, remember that these are well-organized and profitable schemes designed to rip people off.

How Do the Scammers Do It?

Scareware schemes can be quite sophisticated. The scam artists buy ad space on trusted, popular websites. Even though the ads look legitimate and harmless to the website’s operator, they actually redirect unsuspecting visitors to a fraudulent website that performs a bogus security scan. The site then causes a barrage of urgent pop-up messages that pressure users into downloading worthless software.

What to Do

If you’re faced with any of the warning signs of a scareware scam or suspect a problem, shut down your browser. Don’t click “No” or “Cancel,” or even the “x” at the top right corner of the screen. Some scareware is designed so that any of those buttons can activate the program. If you use Windows, press Ctrl + Alt + Delete to open your Task Manager, and click “End Task.” If you use a Mac, press Command + Option + Q + Esc to “Force Quit.”

If you get an offer, check out the program by entering the name in a search engine. The results can help you determine if the program is on the up-and-up.

Good Security Practices

Check that your security software is active and current: at a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. You can buy stand-alone programs for each element — or a security suite that includes these programs — from a variety of sources, including commercial vendors and your Internet Service Provider. The security software that was installed on your computer when you bought it generally works for just a short time — unless you pay a subscription fee to keep it in effect.

Make it a practice not to click on any links within pop-ups.  Report possible fraud online at ftc.gov/complaint or by phone at 1-877-FTC-HELP. Details about the purchase — including what website you were visiting when you were redirected — are helpful to investigators.”1

Reference:

1 Reprinted:  The Federal Trade Commission (FTC) is the nation’s consumer protection agency. The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace.

Federal Trade Commission, Consumer Information

Note: This article was previously available as “Free Security Scan” Could Cost Time and Money.

 

Beware of Tech Support Scams!

There are scammers who will call and claim to be a computer tech associated with well-known companies like Microsoft or Apple.  Other scammers send pop-up messages that warn about computer problems.  They say they’ve detected viruses or other malware on your computer.  They claim to be ‘tech support’ and will ask you to give them remote access to your computer.  Eventually, they’ll diagnose a non-existent problem and ask you to pay for unnecessary – or even harmful – services.

If you get an unexpected pop-up, call, spam email or other urgent message about problems with your computer, STOP.  Don’t click on any links, don’t give control of your computer and don’t send any money.

How the Scam Works

Scammers may call, place alarming pop-up messages on your computer, offer free “security” scans, or set up fake websites – all to convince you that your computer is infected. The scammers try to get you on the phone, and then work to convince you there’s a problem. Finally, they ask you to pay them to fix that non-existent problem.

To convince you that both the scammers and the problems are real, the scammers may:

  • pretend to be from a well-known company – like Microsoft or Apple
  • use lots of technical terms
  • ask you to get on your computer and open some files – and then tell you those files show a problem (when they don’t)

Then, once they’ve convinced you that your computer has a problem, the scammers might:

  • ask you to give them remote access to your computer – which lets them change your computer settings so your computer is vulnerable to attack
  • trick you into installing malware that gives them access to your computer and sensitive data, like user names and passwords
  • try to sell you software that’s worthless, or that you could get elsewhere for free
  • try to enroll you in a worthless computer maintenance or warranty program
  • ask for credit card information so they can bill you for phony services, or services you could get elsewhere for free
  • direct you to websites and ask you to enter your credit card number and other personal information

These scammers want to get your money, access to your computer, or both. But there are things you can do to stop them.

If You Get a Call or Pop-Up

  • If you get an unexpected or urgent call from someone who claims to be tech support, hang up. It’s not a real call. And don’t rely on caller ID to prove who a caller is. Criminals can make caller ID seem like they’re calling from a legitimate company or a local number.
  • If you get a pop-up message that tells you to call tech support, ignore it. There are legitimate pop-ups from your security software to do things like update your operating system. But do not call a number that pops up on your screen in a warning about a computer problem.
  • If you’re concerned about your computer, call your security software company directly – but don’t use the phone number in the pop-up or on caller ID. Instead, look for the company’s contact information online, or on a software package or your receipt.
  • Never share passwords or give control of your computer to anyone who contacts you.

If You Were Scammed

  • Get rid of malware. Update or download legitimate security software and scan your computer. Delete anything the software says is a problem.
  • Change any passwords that you shared with someone. Change the passwords on every account that uses passwords you shared.
  • If you paid for bogus services with a credit card, call your credit card company and ask to reverse the charges. Check your statements for any charges you didn’t make, and ask to reverse those, too. Report it to gov/complaint.

Refund Scams

If you paid for tech support services, and you later get a call about a refund, that call is probably also a scam. Don’t give the person any personal or financial information.

The refund scam works like this: Several months after a purchase, someone calls to ask if you were happy with the service. If you say “No”, the scammer offers a refund. Or, the caller says the company is going out of business and giving refunds. The scammer eventually asks for your bank or credit card account number, or asks for access to your bank account to make a deposit. But instead of putting money in your account, the scammer takes money from your account.

If you get a call like this, hang up, and report it: ftc.gov/complaint.1

Reference:

1 Reprinted:  The Federal Trade Commission (FTC) is the nation’s consumer protection agency. The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace.

Federal Trade Commission, Consumer Information

Crucial Steps to Take if Your Email Has Been Hacked

Many years ago Yahoo users fell victim to one of the largest data breaches in internet history.  Names, passwords and email addresses for every single customer account on the company’s servers were exposed in a cybersecurity attack.  This attack was very sophisticated – three billion users across multiple services under Yahoo’s umbrella were left vulnerable as a result of the hack.   In late 2017 the complete details surfaced after Yahoo’s parent company was made aware of the nature of the attack.

Whether you use services such as Yahoo Mail, or providers such as Microsoft, Google and Apple, you should be aware about the security of your own email address. After all, your email may be the single most important digital asset you own.  All communication is typically related to your professional networks, personal relationships, and credentials for every other digital service for which you’ve signed up.   All of this data can be used for identity theft, financial fraud, a vehicle for spam, and blackmail.  While there are safeguards you can implement to deter cyber thieves from accessing your personal account, in a severe breach these best practices may not be enough to prevent your email account from being hacked.

If you suspect that you have been targeted, quick action on your behalf is always required to prevent further damage.  If you are in the office, communicate with your IT Administrator immediately.  If you are at home either contact an IT professional, or follow these steps to try and recover your compromised email account. (Remember, in a widespread and very severe breach, these best practices may not be enough to recover your account, and there may be future damages to recover from).

Try to change your password.  You will need to verify whether your email address is still accessible. Most hackers will immediately change your password to prevent you from using your account. If you are able to secure entry before this has been done, you can reduce the threat of further attacks.

  • Make sure your new password differs completely from your last one, and don’t reference any easily guessed personal details such as your birthday or your pet’s name. Ideally, your password should be at least 10 characters long, and it should include a special character and number.
  • In addition, you should look to change your answer to any secret questions used in the account recovery process. After doing so, confirm that the alternative email addresses and phone numbers associated with your email account are not changed.
  • If you are having trouble regaining control of the account, visit your mail provider’s site for instructions on recovering your account. Apple, Google, Microsoft and Yahoo all have guides on their sites, as should other email and internet service providers.

Email everyone on your contact list including business associates, family members and friends about the breach. Next, get in touch with your email provider and report the details. Not only will this alert them to future infiltration attempts, but they may also be able to provide you with further details about the incident and where the access attempts came from.

If you feel sensitive information like bank records have been compromised, you should reach out to a credit reporting agency and have them track your personal credit activity in the months following the incident.

Your account may have been hacked through malicious software, so scan your computer for malware and viruses with a security program. You should also update your computer and devices with the latest security updates.

Recover Your Account.  If you cannot access your account using your old password, then you will need to put in some extra effort before you can recapture sole control of your email address. Start with the “forgot your password” option and check out the recovery options available. It may be as simple as sending an email to an alternative account or a text message to your mobile phone to regain control.

If these options are not available, or you do not have access to your alternative accounts, then you will need to browse through the help center for your email provider for other means of securing access. In worst-case scenarios you might be forced to contact customer service from your provider.

Check Your Email Settings to make sure nothing has been changed.  Keep an eye out for any changes made to your email settings and reset them back to your preferences. Possible issues you should be aware of include:

  • An unfamiliar forwarding address added to your email
  • A new “reply to” email address that tricks your contacts into sending their replies to a different account
  • An enabled auto-response option, used to send out spam messages to your contacts
  • Malicious links added to your email signature

 

Once you have reset any changes to your settings, look at your sent folder to see if the hacker sent out any sensitive information found in your email history.

Change Passwords for Other Accounts.  If you are using the same email and password for multiple accounts, get to work changing your login credentials for these services as soon as possible. This would be a good time to choose unique passwords for each service.  Scan your email inbox and trash folders for any password reset messages. Most hackers can identify other websites that make use of your primary email address. Once they have figured that out it is simply a matter of sending a password reset link and you suddenly have a plethora of compromised accounts on your hands. Make sure to reset login credentials for any similarly breached logins.

References:
PC Magazine
The New York Times
The Federal Trade Commission Consumer Protection Agency

Scam Alert – Beware!

The Consumer Federal Trade Commission has recently released a scam alert.

“Have you received a robocall at work, telling you that you have to take action or your Google business listing will be removed? Or maybe even marked as permanently closed? That kind of thing could be tough for a business — if the threat was real. But those calls are not legit—and not from Google.

The FTC just filed a lawsuit against Point Break Media and others, saying they made just those kinds of calls. According to the complaint, people who believed the calls and then spoke to a live telemarketer were told that they could avoid the problem by paying a fee (up to $700). When people paid this fee, the scammers then allegedly targeted them with offers for even more expensive services that would supposedly improve Google search results.  Of course, nobody making those calls is affiliated with Google. And businesses can — for free — manage their own Google business listing.

In this case, the scammers targeted music instructors, house painting companies, car dealerships, and other small businesses. They knew that appearing in online searches is crucial for those businesses, and threatening that connection with customers might make people act before stopping to think.

If you get a call like this, don’t press any buttons. Don’t call the number back, and don’t engage. That just encourages the scammers. The best thing to do? Immediately hang up the phone, and then talk about it with your colleagues or employees. Let them know that:

  • Scammers pretend to be someone you trust. They pretend to be connected with a company you know or a government agency
  • Scammers create a sense of urgency. They want you to rush and make a quick decision without considering options.
  • Scammers use intimidation and fear. It’s okay to hang up the phone and confirm what’s really going on before taking any action.

Then, sign up for the FTC’s Business Blog (FTC.gov/Subscribe), which will keep you up to date on what’s happening at the FTC, and how it affects your business. Also, check out FTC.gov/SmallBusiness. Knowing about scams that target small businesses will help you protect yours.” 1

Reference:

1 https://www.consumer.ftc.gov/blog/2018/05/google-not-calling-you

Division of Consumer and Business Education, FTC

New Malware Threat Targets Internet Routers

A new malware called VPNFilter has managed to infect over 500,000 routers around the world.

“The Federal Bureau of Investigation warned consumers to reboot their Internet routers and install new software patches, to fight a nasty new malware attack called VPNFilter that has so far infected about half a million devices in more than 50 countries, including the United States.  VPNFilter can be used to steal data, or to order routers to “self-destruct,” knocking thousands of Internet-connected devices offline.” 1

Routers are typically part of the technical devices in the home and at work, but how many of us know how to update software without the help of a technical person?  You would have to look up the brand of the router, its model and serial numbers, know the default password, log on to its internal control software and download a patch from the company’s website.  To some of us, that’s no problem, to most of us, it’s not only confusing, but anxiety provoking.

VPNFilter malware is a threat, and it can wreak havoc.  It can steal critical files from infected machines, or disable the router and knock out thousands of computers offline.  The FBI is working with researcher from Talos Intelligence Group, and they have traced the infection back to a group who appear to be linked to Russia’s military intelligence service.

The latest attack via VPNFilter is especially bad one, since it doesn’t only prevent devices from connecting to the internet, but it can be used for stealing passwords and monitoring internet activity. However, it seems that the attack has been planned for a while now, and both the UK and the US officials have been warning people that the Russian hackers might plan something like this.  The FBI used a court order to seize this Internet address and take it offline. Still, thousands of routers remain infected, including an unknown number in the United States.

So far, the only thing that the people can do to avoid becoming victims of the malware is to reset their routers. Returning them to the factory defaults and updating them is the only way to ensure that the malware is removed from the device.

“The FBI is urging Internet service providers Comcast Corp. and Verizon Communications Inc. and others to check whether their hardware is vulnerable, and work with customers on updating their routers.  Routers by Linksys, MikroTik, Netgear, and TP-Link are affected, as are big external hard drives made by a company called Qnap.  Merely rebooting the routers will wipe much of the toxic code from memory.  But a portion survives, and it will reinstall the malware when the device powers up.  The only sure cure is a software patch for each vulnerable device.” 2

“No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues. The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols. Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.”3  Some of the products will handle the update automatically – as a consumer you need to be aware and be able to patch your router.

Don’t leave your networks open to hackers.  As we are connecting other digital devices to our home networks — audio speakers, thermostats, security systems, etc., they all need regular software updates if you want to remain safe.  Spending the time on each device and being proactive is better than having to deal with it in a crisis.

References:
1 + 2:  The Boston Globe, May 24, 2018
3:   Talos Intelligence https://blog.talosintelligence.com/2018/05/VPNFilter.html
US Department of Justice
Security Global 24

Think Before You Click – Are Short Links Safe?

Short links, or links that have been condensed so they require fewer characters, have been around for a while. For those not already familiar with them, they take a link such as this https://www.bryley.com/2018/04/05/4-options-for-discarding-old-hardware-bryley-tips/, and turn it into this http://ow.ly/SEga50h2XWW.  Typically you see them on social media platforms such as Twitter, where you have a fairly limited number of characters at your disposal, but they can be used pretty much anywhere.

While short links can certainly save space, they also present one very serious issue.  You can’t see where they are going to take you.  If you use our example above, simply by looking at the original link, which displays the full URL it is pointing to, you can determine that you are going to end up at Bryley.com.  Furthermore, you can see it will take you to a page discussing how to dispose of old hardware.

On the other hand, the short link shown above points to the same page, but it would be impossible to know that just by looking at it.  It doesn’t even given an indication of what site you are going to end up on if you click on it, never mind what page.

This poses a security risk.  If you see a short link that has been posted by someone you trust and you already have a sense of where it is going to take you then it is probably safe to click on it.  But what if you can’t verify the source a link came from, or where it is going to take you?  In that case, you should verify the destination of the link before you click on it.

Fortunately, there are several services online which will tell you exactly where a short link is going to take you if you click on it.  For instance, the website CheckShortURL.com will check any short link you happen to stumble upon.  All you have to do is copy and paste the short link into their utility (see image below).

After you click “expand” you will be presented with a page that looks like this:

 

Not only does this indicate where the short link is going to take you, but it lists several services which will check to see if any malicious content has been found at that location.

By taking this extra step, you are being proactive!  Avoiding a cybersecurity breach such as a ransomware attack will save you a lot of headaches, time and money.

Phishing Scams During Tax Season – Protect Your Personal Information

Phishing schemes, especially during tax season, have become very widespread.  A little extra caution can go a long way to avoid the threat of refund fraud or identity theft.

The Definition of Phishing. It is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Phishing scams are easy to accomplish and can be done from home. A typical phishing email during tax season will bear similar (or sometimes identical) IRS letterhead or logos and will instruct you to follow a link that will lead you to, you guessed it, a site that requests your personal information. Some individuals are too quick to trust a logo or letterhead and forget to check the validity of an email/site before divulging their personal information.

In recent years, thousands of people have lost millions of dollars and their personal information to tax scams and fake IRS communication. Scammers use the regular mail, telephone, fax or email to set up their victims.

Knowledge is Power! Remember that the IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. In addition, the IRS does not threaten taxpayers with lawsuits, imprisonment or other enforcement action. Recognizing these telltale signs of a phishing or tax scam could save you from becoming a victim.

Last-Minute Email Scams. The IRS, state tax agencies and the tax industry urges taxpayers to be on guard against suspicious activity, especially email scams requesting last-minute deposit changes for refunds or account updates.

Learn to recognize phishing emails, calls or texts that pose as banks, credit card companies, tax software providers or even the IRS. They generally urge you to give up sensitive data such as passwords, Social Security numbers and bank or credit card accounts. Never provide your private information!  If you receive suspicious emails forward them to phishing@irs.gov. Never open an attachment or link from an unknown or suspicious source!

IRS-Impersonation Telephone Scams. “An aggressive and sophisticated phone scam targeting taxpayers has been making the rounds throughout the country. Callers claim to be employees of the IRS, using fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.

Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. Victims may be threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting. Or, victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn’t answered, the scammers often leave an “urgent” callback request.”1

The IRS will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail you a bill if you owe any taxes.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Ask for credit or debit card numbers over the phone.
  • Remember: Scammers Change Tactics — Aggressive and threatening phone calls by criminals impersonating IRS agents remain a major threat to taxpayers, but variations of the IRS impersonation scam continue year-round and they tend to peak when scammers find prime opportunities to strike.

Surge in Email, Phishing and Malware Schemes. “When identity theft takes place over the web (email), it is called phishing. The IRS saw an approximate 400 percent surge in phishing and malware incidents in the 2016 tax season. The IRS has issued several alerts about the fraudulent use of the IRS name or logo by scammers trying to gain access to consumers’ financial information to steal their identity and assets.

Scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. These phishing schemes may seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.

Variations of these scams can be seen via text messages. The IRS is aware of email phishing scams that include links to bogus web sites intended to mirror the official IRS web site. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between “IRS” and “gov”), though not IRS.gov (with a dot). These emails are not from the IRS. The sites may ask for information used to file false tax returns or they may carry malware, which can infect computers and allow criminals to access your files or track your keystrokes to gain information.”

Unsolicited email claiming to be from the IRS, or from a related component such as EFTPS, should be reported to the IRS at phishing@irs.gov.

Tax Refund Scam Artists Posing as Taxpayer Advocacy Panel. “Some taxpayers may receive emails that appear to be from the Taxpayer Advocacy Panel (TAP) about a tax refund. These emails are a phishing scam, where unsolicited emails try to trick victims into providing personal and financial information. Do not respond or click any link. If you receive this scam, please forward it to phishing@irs.gov and note that it seems to be a scam email phishing for your information.

 TAP is a volunteer board that advises the IRS on systemic issues affecting taxpayers. It never requests, and does not have access to, any taxpayer’s personal and financial information.

How to Report Tax-Related Schemes, Scams, Identity Theft and Fraud. To report tax-related illegal activities, you should report instances of IRS-related phishing attempts and fraud to the Treasury Inspector General for Tax Administration at 800-366-4484.”3

Additional Scam-Related Information:

Security Summit – Learn more about how the IRS, representatives of the software industry, tax preparation firms, payroll and tax financial product processors and state tax administrators are working together to combat identity theft and refund fraud.

IRS Security Awareness Tax Tips

Tax Scams — How to Report Them

State ID Theft Resources – State information on what to do if you or your employees are victims of identity theft.

IRS Dirty Dozen – The annually compiled list enumerates a variety of common scams that taxpayers may encounter

 If you suspect you are a victim, contact the IRS Identity Theft Protection Specialized Unit at 800-908-4490. When reporting to the IRS, you will need to:

  • Send a copy of an IRS ID Theft Affidavit Form 14039 – download the form here: irs.gov/pub/irs-pdf/f14039.pdf.
  • Send a proof of your identity, such as a copy of your Social Security card, driver’s license or passport.

After doing that, make sure to:

  • Update your files with records of any calls you made or letters you sent to the IRS
  • Put a fraud alert on your credit reports and order copies of your credit reports to review any other possible damage
  • Create an Identity Theft Report by filing an identity theft complaint with the FTC and a police report

 

Sources and References:

1 http://www.vanderbloemengroup.com/articles/irs-impersonation-telephone-scam

2 http://www.irs.gov

3 http://www.irs.gov

http://usa.gov/business-taxes

http://www.aarp.org

https://taxadmin.org/

https://treasury.gov/tigta/

Spring Cleaning? 4 Options for Discarding Old Hardware

Whether replacing old equipment with something new or simply cleaning out the office and getting rid of some old devices, we all have the same question on our mind.  What do we do with all this old technology?

We live in a world where technology is considered obsolete after only a few years. And if you are like many people I know, you have a drawer, closet, or room full of old devices. Unless you want to make a guest appearance on “Hoarders,” it is best to discard them. But how? You can’t just bring it to a landfill. (Those toxic materials regulations will get you every time!)

Before considering what to do with the old devices, it is vital that all data is properly removed. Simply deleting them from your recycle bin won’t do the job. Even if you can’t see the files, they still exist on the hard drive. It is therefore important to have the hard drive wiped or destroyed. Here at Bryley, we perform data erasure crush the drives to ensure the data doesn’t fall into the wrong hands.

We have come up with 4 possible options when discarding old hardware:

  • Reuse/Repurpose – Since many devices use similar parts, you may consider keeping one or two spares. Accidents happen and you never want to be in a situation where you don’t have a backup device. I, personally, keep one prior phone and laptop, just in case. I would rather have it and not need it, than not have it and need it.
  • Donate – Why not help those that are less fortunate by donating a device you no longer need. There are many organizations that would love to have second-hand items. When it comes to donating mobile devices, I usually drop them off at my local police station for either Phones for Soldiers or for those in domestic violence situations. Phones for Soldiers will sell the phones to purchase phone cards so that members of our military can stay connected with their loved ones. The police will often give old phones to individuals living with domestic violence. These phones can be used to contact emergency personnel even if there is no SIM card. Here at Bryley, we take older PCs, wipe them and display them in our window with a request for $15 to be donated to the Hudson Food Pantry or the Hudson Boys and Girls Club.
  • Donating to an after-school program is another great option. Some children do not have a reliable computer at home. It can therefore be challenging for them to complete their coursework.
  • Recycle – Recycling your devices is another viable option. Here at Bryley, for a small fee, we will responsibly recycle your devices and ensure that it is properly taken care of. Most stores that sell computers, and towns that have a program for responsibly disposing of your devices, will help you recycle your devices. They follow specific EPA protocols for disposing of the toxic materials within computers, laptops, printers, and mobile phones. Most towns have set dates for these programs, so it’s best to contact your local DPW (Department of Public Works) to inquire when the drop-off program will next be available.
  • Sell – Another option when considering getting rid of old hardware is to sell it. Technology is a depreciating asset, so if someone is willing to pay you for a device that you were going to dispose of, why not do it? There are numerous outlets for selling your old devices – Craigslist, Gazzelle.com, and eBay, to name a few. You can always leverage your social network as well.

If you would like assistance in donating or recycling your older devices, call us at 844.449.8770 or email us at ITExperts@Bryley.com. We are here for you.