FTC Warning: Beware of Card Skimming at the Gas Pump

The Federal Trade Commission recently posted an article advising consumers to keep an eye out for card skimmers when paying for gas at the pump.

Skimmers are discrete devices which can be attached to payment terminals, allowing criminals to capture your credit card information.  Once they have your information they will either sell it to another party, or use it to make purchases on their own.

Unfortunately these devices are hard to spot and tend to blend in, especially when our attention is focused on pumping gas.

By educating yourself on what to look for, however, you stand a good chance to avoid becoming a target of criminals employing this technology.

The FTC has several examples posted on their website of what to look for.  They also advise:

  • Look for a seal (sticker) on the gas pump.  If the seal is broken or appears to have been tampered with, use a different pump and alert an attendant.
  • Check to see if the card reader at your pump looks different than the readers at other pumps.  If it does, move to a different pump and let an attendant know.
  • Keep a close eye on your credit card statements.  Be sure to report any fraudulent charges to your bank or card issuer.

Click here to read the full article on the FTC’s website.

Another Annoying Robocall. Help!

How many times have you answered your phone only to hear a recorded message instead of a live person?  It’s annoying, it’s illegal and it’s known as a robocall.  “The FTC has seen a significant increase in the number of illegal robocalls because internet-powered phone systems have made it inexpensive and easy for scammers to make illegal calls from anywhere in the world, and to hide from law enforcement by displaying fake caller ID information.

To date, the FTC has brought more than a hundred lawsuits against over 600 companies and individuals responsible for billions of illegal robocalls and other Do Not Call violations.

The FTC also is leading several initiatives to develop technology-based solutions. Those initiatives include a series of robocall contests that challenge tech gurus to design tools that block robocalls and help investigators track down and stop robocallers. They are also encouraging industry efforts to combat caller ID spoofing. Here’s the FTC’s game plan to combat robocalls:

  • continue aggressive law enforcement
  • build better tools for investigating robocalls
  • coordinate with law enforcement, industry, and other stakeholders
  • stimulate and pursue technological solutions

There are options for blocking robocalls and other unwanted calls.

Mobile Apps.  Call blocking apps let you create blacklists – lists of numbers to block from calling your cell phone. Many of these apps also create their own blacklist databases from numbers that have received significant consumer complaints and some even use complaints to the FTC as a source.  They also let you create whitelists – numbers to allow – that are broader than just your personal contacts.

Some mobile apps let you choose which types of calls you want to block. For example, you might block all calls except contacts, or all calls except your contacts and numbers on a whitelist that you have created. Some apps offer additional features: reverse call look up, providing data on incoming numbers (like community-based reviews or data about the number from a search engine), blocking unwanted texts, logging the number of calls received from a number, and silent ringers for unknown callers. Some mobile apps give you choices about how to respond to an incoming call. For example, you can send a prewritten text message to the caller or file a complaint with the Federal Trade Commission. And some apps let you block calls based on the geographic location or area code of the incoming call.

Many call-blocking apps are free or only cost a few dollars. However, some apps may upload your contact information, along with information about what numbers you call or call you. The app’s privacy policy should explain how it gets and uses your information.

Features Built Into Your Mobile Phone.  Many mobile phones come equipped with features built into the device that can block calls from specific numbers. These features can let consumers block specific contacts, identify unwanted incoming calls for future blocking, and set “do not disturb” hours. You must manage these lists on your own, and the device may limit the number of calls you can block.  Since these features are built into the phone’s operating system or come pre-installed, you may not need to download an app unless you want some more sophisticated features, like tapping into a database of blacklisted numbers.

Cloud-Based Services.  Cloud-based services can block unwanted calls for mobile phone lines or phone lines that operate over the internet, like phone service provided by a cable company. Your carrier may give you information about a cloud-based service operated by another company. The service might be a mobile app or a service that requires you to register your phone line. Cloud-based services reside on large, shared computer systems that can collect data from lots of users and use it to build crowd-sourced blacklists.  These services rely on accessing your call data to add to their databases. Some cloud-based services and mobile apps require all calls to be routed through their service, where they are instantly analyzed.  You may have choices about how unwanted calls are handled – for example, they might ring silently, go straight to a separate voicemail, or go to a spam folder. Some cloud-based services are free and some charge a monthly fee.

Call-Blocking Devices.  Devices that block unwanted calls can be installed directly on a home phone. Some devices use blacklist databases of known spam numbers and allow you to add additional numbers to be blocked. Other blocking devices rely on you to manually create and update your own blacklist. Some devices divert the call after one ring, and some show a blinking light when an unwanted call comes in. Other devices connect the unwanted caller to a recording with options that allow legitimate callers who were mistakenly blacklisted to ring through.

Some devices rely on a whitelist that limits incoming calls to approved numbers.  Some also allow you to set up “do not disturb” hours. You’ll have to pay to buy a call-blocking device, and not all devices work on all types of home phones and carriers.

Carrier Services.  You may consider using services provided by your phone service carrier. Carriers typically have solutions for all phones – landline, cable, internet and mobile devices. Many carriers allow you to block between 10-30 numbers, but you are responsible for identifying the numbers to block. Robocallers frequently shift the numbers they use, so the robocaller may still be able to get through by changing the number they use.

 

Many carriers also allow you to block calls from anonymous callers – those who prevent their phone number from appearing on a CallerID device, or whose number shows up as “ANONYMOUS” or “PRIVATE.” But robocallers often show fake numbers on your CallerID. Some carriers also offer services that allow you to block calls or divert them to voicemail for periods of time. This lets you set up quiet or “do not disturb” hours.”1

Some carriers provide these services for free; others charge a fee. You can check your carrier’s website or call customer service for more information.

Reference:
The Federal Trade Commission (FTC) is the nation’s consumer protection agency.
Federal Trade Commission, Privacy, Identity and Online Security.

End-Of-Life Hardware – Retire or Not Retire?

Many IT departments have processes to keep costs under control and systems running smoothly. However, most organizations fail to adequately plan and properly manage the end-of-life (EOL) transition for routers, firewalls, switches and other critical network infrastructure. A device that is fully depreciated does not yield cost savings – these devices actually represent potentially higher costs due to non-compliance, chance of failure and lack of adequate support.

There are many reasons why organizations do not proactively manage EOL network assets. Two of the most common reasons include:

  1. Reluctance to spend money and time on something that is working
  2. Insufficient resources to prioritize the task of managing network assets

However, underlying risks and costs exist if you do not establish and follow a well-defined process to transition EOL devices out of your network.  Operating legacy hardware poses a significant risk and higher operating cost due to the following reasons:

  • Regulatory non-compliance
  • Excessive support costs
  • Decreased productivity
  • Business disruption

Regulatory Non-compliance:  Non-conformance costs will become an issue if the device is unable to achieve control objectives defined by your policies. This may be due to a lack of technical capability or because the device is no longer able to receive updates that address security vulnerabilities.

Excessive Support Costs:  The primary reason for increasing support costs are due to vendor end-of-sale and EOL policies. As a device approaches EOL, the support services can become more expensive. Failure to secure or renew a maintenance agreement before critical EOL dates expire will prevent you from receiving vendor technical support and maintenance upgrades. Therefore you may be forced to develop or maintain more expensive in-house skills or contract externally for those needed services.

Decreased Productivity:  IT technology is a significant business productivity driver. Therefore when new IT technologies are not adopted and utilized, then opportunity costs may negatively affect bottom-line financial performance. This is also a problem when the organization wants to expand service only to discover that the underlying infrastructure won’t support the business requirements because it is no longer supported. This discovery then forces unplanned expenditures and cost overruns.

Business Disruption:  This risk often produces a broad spectrum of affects caused by catastrophic device failure and often leads to business disruption and accompanying lost revenue and/or brand damage. These problems are amplified when remediating a legacy device consumes even more time because spares cannot be located or the replacement device requires extensive install and configuration effort.

Tracking EOL devices can be difficult because of the challenge to effectively manage, track and verify the information.

  • There is no pattern for how long a vendor will keep a product in market or when they will issue an EOL announcement.  Therefore, you simply can’t perform this research annually (without the likelihood of missing several announcements throughout the year). Vendors make it your responsibility to watch for these announcements. If you miss any announcement then you will miss out on important transition dates and options.
  • Vendors often communicate end-of-sales/end-of-life announcements according to a product series as opposed to a specific model or part number. Therefore an EOL announcement may, or may not, apply to your specific device.  Tracking EOL dates takes time because you have to carefully read each applicable announcement and determine how it applies to your equipment.
  • It is very important to have an accurate inventory of your devices, including serial numbers, part numbers, etc.
  • All of this data has to be well integrated with management, and if it’s not part of your network management system, it will require more effort to properly manage all of this data.

If you don’t have an internal system for tracking this information, your managed service provider should be tracking this for you.  Any organization running EOL technology faces many unknown and potentially costly challenges. It’s important to work with a firm that has vast experience and expertise in helping organizations transition to newer technology.

Rely on Bryley Systems as your trusted partner to assist your organization properly phase out EOL technology and adopt new technologies, so that your IT functions are operating at its maximum potential.  Contact us at 978-562-6077, or by email at ITExperts@Bryley.com to learn more. We are here to help.

My Software Has Reached End of Life. Now What?

When software reaches end of life (EOL), all of a sudden you find yourself wondering what impact will this have on our organization?  Take a moment to understand what vulnerabilities may be at hand and what are some best practices for planning ahead.

Never just ignore EOL timelines because there are some risks to be concerned about.

EOL Software Dangers:

  • Security vulnerabilities: When using software that’s no longer supported, computers become a gateway for malware.  When vulnerabilities are no longer patched, it leaves the door wide open for hackers.
  • Software incompatibility:  New applications are optimized for the most recent operating systems. That means when using EOL operating systems, you can’t upgrade to the latest and greatest, so you’ll have to hold onto legacy applications which are likely also EOL, or soon to be.  When the legacy applications come to their EOL, they are extremely difficult to migrate onto new infrastructure, costing your business time and money.
  • Poor performance and reliability: Chances are, if you’re still running legacy apps or old versions of Windows, then you have some aging servers and workstations too.  This will add to your risk because these likely out-of-warranty devices are prone to breaking down. Consider the downtime alone could be more costly than an overdue upgrade.
  • High operating costs: If technology is out-of-date or out-of-warranty, both cost and downtime are magnified when a failure occurs.  Your organization can’t afford a mission-critical app failing, and trying to maintain and bug-fix any post-EOL software can be very expensive.
  • Compliance issues: Regulated industries like healthcare and e-commerce deal with lots of sensitive customer data. Entrusting your critical information to a decade-old OS or an insecure application?  In addition to security lapses, it could result in big fines, company shutdowns, or more legal issues that could ruin your organization.

There is no bulletproof way to run EOL software.  Security, compatibility and compliance are all challenges with EOL software.

 

What are some best practices to plan ahead?

  1. Define business service management requirements:   Identify nice-to-have capabilities desired for incident management, service level assurance, problem resolution, change management, configuration management, self-service options, and integration requirements.
  2. Evaluate needs:  Focus on options that will enhance profit, ease business operations, increase revenue and reduce company operational costs. Know what you are looking for and what you want to do for an EOL replacement.
  3. Focus on processes for operations:   Identify service management processes that are unique to your business when considering vendors and purchases.
  4. Leverage modern technology:  A good objective in EOL replacement is to apply the benefits of newer technology to resolve the most obvious pain points in your IT management organization. Investing in the latest software is great, but being mindful about outdated operating systems is even better.

EOL software poses a large risk to organizations every day.  With an adequate understanding of the risks involved, advanced planning, and help from Bryley Systems, you can identify and migrate away from EOL software.  Contact us at 978.562.6077, or by email at ITExperts@Bryley.com to learn more. We are here to help.

High Tech Gadgets to Travel With

Summer is here.  Everyone is eager to plan those well-deserved long weekend trips and vacations.  Here are some trendy, cutting edge and fun gadgets that may come in handy as you head out on your next adventure.

Interested in taking high quality photos and videos on the go?

If you’re taking that dream vacation and want the perfect shot, you may be interested in Selfly.  It has a detachable, universal drone living in its 9mm phone case, which allows you to take photos on its 13mp camera and even film 1080p/60fps videos. If you’re looking for that flawless hands-free travel shot, this easy-to-carry camera can help you capture those memorable moments.

Are you a social media user?

Perhaps you would like to spice up your Facebook page or record some fun videos of that day trip with the family. The Insta360 Nano Camera brings you to a whole new world for video.  Take 360-degree photos and videos by simply plugging the device right into your iPhone or using it as an independent camera. Regardless of how you choose to film, capturing the world around you in 4K is remarkable.

Travel to Europe without the language barrier.

Overseas travel and immersing yourself in unfamiliar territory can be exciting but language barriers can be confusing.  Remove the fear of not speaking a different language by taking along Travis the Translator.  Travis is a small handheld device that can interpret 60 languages when it is connected to a Wi-Fi via a SIM card, and 20 languages in offline mode.

Planning a cross country drive?  Taking a cruise?  Flying somewhere?   For those who get motion sick, you may think about the Reliefband, which is a high tech wristband that uses electric pulses to regulate and reduce that awful feeling of nausea associated with motion sickness.

Recharge your mobile phone with iOttie. These safe and stylish fast charging solutions offer wireless charging cases and mounts for cars, bicycles, and tabletops.  Belkin also offers wireless chargers.  Even though this technology isn’t brand new, its wider spread implementation is.  Using QI-certified pads, the energetic technology can deliver a charge to your QI-enabled smartphone (including newer models of iPhone and Samsung) by simply having the phone placed on top of the pad. And there’s a bonus – for phones with lightweight cases, there’s no need to “disrobe” to make the connection.

Planning your next getaway is just half the fun.  Traveling with handy technology will help your trip be more enjoyable.

 

Refund and Recovery Scams

The following information was posted by the FTC on their website.

Scam artists buy and sell “sucker lists” with the names of people who already have lost money to fraudulent promotions. These crooks may call you promising to recover the money you lost or the prize or merchandise you never received — for a fee in advance. That’s against the law. Under the Telemarketing Sales Rule, they cannot ask for — or accept — payment until seven business days after they deliver the money or other item they recovered to you.

How the Scams Work

Many consumers might not know that they have been scammed by a bogus prize promotion, phony charity drive, fraudulent business opportunity or other scam. But if you have unknowingly paid money to such a scam, chances are your name is on a “sucker list.” That list may include your address, phone numbers, and other information, like how much money you’ve spent responding to phony offers. Dishonest promoters buy and sell “sucker lists” on the theory that people who have been deceived once have a high likelihood of being scammed again.

These scammers lie when they promise that, for a fee or a donation to a specific charity, they will recover the money you lost, or the prize or product you never received. They use a variety of lies to add credibility to their pitch: some claim to represent companies or government agencies; some say they’re holding money for you; and others offer to file necessary complaint paperwork with government agencies on your behalf. Still others claim they can get your name at the top of a list for victim reimbursement.

The Federal Trade Commission (FTC), the nation’s consumer protection agency, says claims like these often are false. Although some federal and local government agencies and consumer organizations help people who have lost money, they don’t charge a fee. Nor do they guarantee to get your money back, or give special preference to anyone who files a formal complaint.

Seeing Through a Recovery Scam

Here are some tips to help you avoid losing money to a recovery scam:

Don’t give money or your bank or credit card account number to anyone who calls offering to recover money, merchandise, or prizes you never received if the caller says you have to pay a fee in advance. Under the Telemarketing Sales Rule, it’s against the law for someone to request or receive payment from you until seven business days after you have the money or other item in hand.

If someone claims to represent a government agency that will recover your lost money, merchandise, or prizes for a fee or a donation to a charity, report them immediately to the FTC. National, state, and local consumer protection agencies and nonprofit organizations do not charge for their services.

Before you use any company to recover either money or a prize, ask what specific services the company provides and the cost of each service. Check out the company with local government law enforcement and consumer agencies; ask whether other people have registered complaints about the business. You also can enter the company name into an online search engine to look for complaints.1

 

If you get a call like this, hang up, and report it:   ftc.gov/complaint.

 

Reference:

1. Reprinted:  The Federal Trade Commission (FTC) is the nation’s consumer protection agency. The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace.

Federal Trade Commission, Consumer Information

Best Practices to Keep Computers From Overheating

The cooling system of a computer (the fan, heat sinks, vents, etc.) forms one of the most essential components of your device. “Simply put, if your computer becomes too hot, it is possible to destroy and shorten the lifespan of the hardware inside your computer, leading to irreparable damage and potential data loss. Besides losing your data, heat pecks away at your computer’s internal organs—the motherboard, CPU, and more—significantly shortening its lifespan.  Besides the most obvious reason to keep your computer cool, a hot computer will also run slower than a cooler computer. So to prevent your computer from slowing down, make sure that it is running at a moderate or low temperature.”1

Air Flow.  Leave at least three inches of room for airflow around each computer, particularly along the back.  Keep things such as papers, files, or other heating elements away from your computer.  Computer stands are handy to allow for proper airflow.  If you work with a laptop, avoid soft surfaces.  The rubber feet on a laptop will provide room for air to flow under the computer.  Also remember never to leave your laptop turned on before placing it in your bag or briefcase. This would cause the heat to accumulate in one place and thus cause the laptop to overheat.

Dust and Debris.  If dust and debris clog up the air vents, it stops the proper air flow.  When dust and lint build up over the fan, it causes it to work harder.  A layer of dust covering other heat generating parts such as the RAM and Hard Disk can also cause overheating.  In a dusty environment, clean the inside of a computer periodically, particularly the internal fans.  Also, where possible, do not place the computer on a carpeted surface; the carpet fibers are ingested into the computer, building up on the interior surfaces. If you decide to personally clean your computer make sure the system is off and the power cable is unplugged.  To avoid damaging the sensitive electronics, do not touch internal components.

Fans.  The CPU, graphics cards and other computer components generate a great deal of heat. To combat that heat, computers come with internal fans to circulate air.  Keeping those fans in good working order is critical to a well-running system.  Clean the inside of office computers every 8-12 months, particularly the internal fans. All it takes is a can of compressed air and a small brush. Check to ensure that fans are operating. You can do this by turning on the computer with the case open. There should be two or three fans inside the box.  If increased cooling is necessary, consider adding a case fan, attached inside the computer to the front or back of the case. Several manufacturers also make specialized fans for individual components, such as high speed computer memory.  In many cases, computers come installed with very basic CPU fans. Upgrading to a more efficient fan can increase cooling power.

Temperature.  Computers prefer a room temperature of no more than 77 degrees Fahrenheit, with humidity between 35% and 80%.  Resist the temptation to turn off the office air conditioning over the weekend to try and save money. For added protection, install a smart thermostat that will alert you if the temperature moves higher than the desired range. Catching an air conditioning problem early can save costly electronics repairs.

Battery.  If you want to keep your computer safe from overheating, never overcharge the battery. Most people plug in the chargers of their laptops and keep them connected even when the battery is charged to a 100%.  Never do so. Not only does it cause overheating but according to some computer experts, it also reduces the battery life.

PC Settings.   “Tweaking the power settings of your computer is also an effective solution to overheating. Less power consumption leads to less heat generation.”2

  • Try to avoid setting the brightness to maximum.

Some additional best practices would include managing power and data:

  • Shut down workstations at the end of the day. This not only cools the system but also protects against power surges caused by storms. (Note: patching often occurs after-hours; leave your computer powered-on overnight when patching is scheduled)
  • You can also adjust your power settings and screensaver to switch the system to ‘Sleep’ or ‘Hibernate’ mode when not in use.
  • For critical workstations (including servers and other key devices) attach an uninterruptible power supply (UPS). This will protect them against surges and power outages.  For less critical devices, a surge protector should be sufficient.

By utilizing these tips you should have a longer lifespan of your computer.  The time spent taking proper care of your equipment should save time and money in the long run.

References:
1 + 2   fosbytes.com
www.Lifewire.com
www.makeuseof.com
www.howtogeek.com
www.techrepublic.com
https://www.pcworld.com/article/198882/overclocking_for_newbies.html

 

Crucial Steps to Take if Your Email Has Been Hacked

Many years ago Yahoo users fell victim to one of the largest data breaches in internet history.  Names, passwords and email addresses for every single customer account on the company’s servers were exposed in a cybersecurity attack.  This attack was very sophisticated – three billion users across multiple services under Yahoo’s umbrella were left vulnerable as a result of the hack.   In late 2017 the complete details surfaced after Yahoo’s parent company was made aware of the nature of the attack.

Whether you use services such as Yahoo Mail, or providers such as Microsoft, Google and Apple, you should be aware about the security of your own email address. After all, your email may be the single most important digital asset you own.  All communication is typically related to your professional networks, personal relationships, and credentials for every other digital service for which you’ve signed up.   All of this data can be used for identity theft, financial fraud, a vehicle for spam, and blackmail.  While there are safeguards you can implement to deter cyber thieves from accessing your personal account, in a severe breach these best practices may not be enough to prevent your email account from being hacked.

If you suspect that you have been targeted, quick action on your behalf is always required to prevent further damage.  If you are in the office, communicate with your IT Administrator immediately.  If you are at home either contact an IT professional, or follow these steps to try and recover your compromised email account. (Remember, in a widespread and very severe breach, these best practices may not be enough to recover your account, and there may be future damages to recover from).

Try to change your password.  You will need to verify whether your email address is still accessible. Most hackers will immediately change your password to prevent you from using your account. If you are able to secure entry before this has been done, you can reduce the threat of further attacks.

  • Make sure your new password differs completely from your last one, and don’t reference any easily guessed personal details such as your birthday or your pet’s name. Ideally, your password should be at least 10 characters long, and it should include a special character and number.
  • In addition, you should look to change your answer to any secret questions used in the account recovery process. After doing so, confirm that the alternative email addresses and phone numbers associated with your email account are not changed.
  • If you are having trouble regaining control of the account, visit your mail provider’s site for instructions on recovering your account. Apple, Google, Microsoft and Yahoo all have guides on their sites, as should other email and internet service providers.

Email everyone on your contact list including business associates, family members and friends about the breach. Next, get in touch with your email provider and report the details. Not only will this alert them to future infiltration attempts, but they may also be able to provide you with further details about the incident and where the access attempts came from.

If you feel sensitive information like bank records have been compromised, you should reach out to a credit reporting agency and have them track your personal credit activity in the months following the incident.

Your account may have been hacked through malicious software, so scan your computer for malware and viruses with a security program. You should also update your computer and devices with the latest security updates.

Recover Your Account.  If you cannot access your account using your old password, then you will need to put in some extra effort before you can recapture sole control of your email address. Start with the “forgot your password” option and check out the recovery options available. It may be as simple as sending an email to an alternative account or a text message to your mobile phone to regain control.

If these options are not available, or you do not have access to your alternative accounts, then you will need to browse through the help center for your email provider for other means of securing access. In worst-case scenarios you might be forced to contact customer service from your provider.

Check Your Email Settings to make sure nothing has been changed.  Keep an eye out for any changes made to your email settings and reset them back to your preferences. Possible issues you should be aware of include:

  • An unfamiliar forwarding address added to your email
  • A new “reply to” email address that tricks your contacts into sending their replies to a different account
  • An enabled auto-response option, used to send out spam messages to your contacts
  • Malicious links added to your email signature

 

Once you have reset any changes to your settings, look at your sent folder to see if the hacker sent out any sensitive information found in your email history.

Change Passwords for Other Accounts.  If you are using the same email and password for multiple accounts, get to work changing your login credentials for these services as soon as possible. This would be a good time to choose unique passwords for each service.  Scan your email inbox and trash folders for any password reset messages. Most hackers can identify other websites that make use of your primary email address. Once they have figured that out it is simply a matter of sending a password reset link and you suddenly have a plethora of compromised accounts on your hands. Make sure to reset login credentials for any similarly breached logins.

References:
PC Magazine
The New York Times
The Federal Trade Commission Consumer Protection Agency

Don’t Let the Summer Heat Destroy Your Mobile Devices

As much as we all enjoy outdoor activities that go along with those “lazy days of summer”, we are always reminded to stay hydrated, use sunscreen, avoid too much physical activity during peak hours, etc.   But, what about our precious mobile devices?  Are they being protected from the heat?

Here are a few things to remember as you’re out and about enjoying the warmth of the summer days.  If you get hot, your mobile devices probably will too.  Read on for a few helpful tips to keep your smartphones and tablets cool and running smoothly all summer long:

1 – If at all possible, charge the battery in your phone or tablet indoors where it’s cool.  Charging any battery will cause it to heat up, and if the temperature is 90 degrees or above it could possibly cause the entire device to over-heat and fail.

2 – Try not to use your device in direct sunlight for extended periods of time on hot summer days, especially if it has a black or dark colored case.  The sun’s hot rays can rapidly turn most any electronic device into a chunk of molten plastic and silicon, and typically, the damage is done before you even realize that it is happening.

3 – Install a quality anti-malware app on your devices to prevent viruses and malicious apps from over-working their CPUs and other components.

4 – Don’t leave your devices in a hot vehicle all day, even if the vehicle is in the shade when you park it.  If you have no choice and simply must leave your device(s) in a hot vehicle, wrap it in a cloth and leave it in the trunk.  Avoid leaving it in the passenger compartment.

5 – Use an app such as Clean Master or CCleaner for Android to keep your devices running as efficiently and cool as possible.These apps can help keep your device’s virtual working environment free of clutter, which in turn will allow the CPU and memory to work less while the device is running.

While we cannot control the outside temperature on a hot summer day, these steps can help protect your smart phones and tablets.  Stay Cool!

Phishing Scams During Tax Season – Protect Your Personal Information

Phishing schemes, especially during tax season, have become very widespread.  A little extra caution can go a long way to avoid the threat of refund fraud or identity theft.

The Definition of Phishing. It is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Phishing scams are easy to accomplish and can be done from home. A typical phishing email during tax season will bear similar (or sometimes identical) IRS letterhead or logos and will instruct you to follow a link that will lead you to, you guessed it, a site that requests your personal information. Some individuals are too quick to trust a logo or letterhead and forget to check the validity of an email/site before divulging their personal information.

In recent years, thousands of people have lost millions of dollars and their personal information to tax scams and fake IRS communication. Scammers use the regular mail, telephone, fax or email to set up their victims.

Knowledge is Power! Remember that the IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. In addition, the IRS does not threaten taxpayers with lawsuits, imprisonment or other enforcement action. Recognizing these telltale signs of a phishing or tax scam could save you from becoming a victim.

Last-Minute Email Scams. The IRS, state tax agencies and the tax industry urges taxpayers to be on guard against suspicious activity, especially email scams requesting last-minute deposit changes for refunds or account updates.

Learn to recognize phishing emails, calls or texts that pose as banks, credit card companies, tax software providers or even the IRS. They generally urge you to give up sensitive data such as passwords, Social Security numbers and bank or credit card accounts. Never provide your private information!  If you receive suspicious emails forward them to phishing@irs.gov. Never open an attachment or link from an unknown or suspicious source!

IRS-Impersonation Telephone Scams. “An aggressive and sophisticated phone scam targeting taxpayers has been making the rounds throughout the country. Callers claim to be employees of the IRS, using fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.

Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. Victims may be threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting. Or, victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn’t answered, the scammers often leave an “urgent” callback request.”1

The IRS will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail you a bill if you owe any taxes.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Ask for credit or debit card numbers over the phone.
  • Remember: Scammers Change Tactics — Aggressive and threatening phone calls by criminals impersonating IRS agents remain a major threat to taxpayers, but variations of the IRS impersonation scam continue year-round and they tend to peak when scammers find prime opportunities to strike.

Surge in Email, Phishing and Malware Schemes. “When identity theft takes place over the web (email), it is called phishing. The IRS saw an approximate 400 percent surge in phishing and malware incidents in the 2016 tax season. The IRS has issued several alerts about the fraudulent use of the IRS name or logo by scammers trying to gain access to consumers’ financial information to steal their identity and assets.

Scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. These phishing schemes may seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.

Variations of these scams can be seen via text messages. The IRS is aware of email phishing scams that include links to bogus web sites intended to mirror the official IRS web site. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between “IRS” and “gov”), though not IRS.gov (with a dot). These emails are not from the IRS. The sites may ask for information used to file false tax returns or they may carry malware, which can infect computers and allow criminals to access your files or track your keystrokes to gain information.”

Unsolicited email claiming to be from the IRS, or from a related component such as EFTPS, should be reported to the IRS at phishing@irs.gov.

Tax Refund Scam Artists Posing as Taxpayer Advocacy Panel. “Some taxpayers may receive emails that appear to be from the Taxpayer Advocacy Panel (TAP) about a tax refund. These emails are a phishing scam, where unsolicited emails try to trick victims into providing personal and financial information. Do not respond or click any link. If you receive this scam, please forward it to phishing@irs.gov and note that it seems to be a scam email phishing for your information.

 TAP is a volunteer board that advises the IRS on systemic issues affecting taxpayers. It never requests, and does not have access to, any taxpayer’s personal and financial information.

How to Report Tax-Related Schemes, Scams, Identity Theft and Fraud. To report tax-related illegal activities, you should report instances of IRS-related phishing attempts and fraud to the Treasury Inspector General for Tax Administration at 800-366-4484.”3

Additional Scam-Related Information:

Security Summit – Learn more about how the IRS, representatives of the software industry, tax preparation firms, payroll and tax financial product processors and state tax administrators are working together to combat identity theft and refund fraud.

IRS Security Awareness Tax Tips

Tax Scams — How to Report Them

State ID Theft Resources – State information on what to do if you or your employees are victims of identity theft.

IRS Dirty Dozen – The annually compiled list enumerates a variety of common scams that taxpayers may encounter

 If you suspect you are a victim, contact the IRS Identity Theft Protection Specialized Unit at 800-908-4490. When reporting to the IRS, you will need to:

  • Send a copy of an IRS ID Theft Affidavit Form 14039 – download the form here: irs.gov/pub/irs-pdf/f14039.pdf.
  • Send a proof of your identity, such as a copy of your Social Security card, driver’s license or passport.

After doing that, make sure to:

  • Update your files with records of any calls you made or letters you sent to the IRS
  • Put a fraud alert on your credit reports and order copies of your credit reports to review any other possible damage
  • Create an Identity Theft Report by filing an identity theft complaint with the FTC and a police report

 

Sources and References:

1 http://www.vanderbloemengroup.com/articles/irs-impersonation-telephone-scam

2 http://www.irs.gov

3 http://www.irs.gov

http://usa.gov/business-taxes

http://www.aarp.org

https://taxadmin.org/

https://treasury.gov/tigta/