|
|
|
|
|
|
|
|
|
|
|
|
Troubles viewing this message? View in browser online here
|
|
|
|
|
Protect Your Personal & Financial Data
from Criminal Activity
|
|
|
January 27, 2020
|
|
|
|
In spite of numerous warning signals and consumer alerts, criminals still manage to take advantage of any occasion to steal identities and money, as well as sensitive tax and financial data that can be used to file fraudulent tax returns.
|
|
|
|
Just a few weeks ago, the IRS and the Security Summit partners opened the National Tax Security Awareness Week for the third year in a row. The IRS, state tax agencies, the private sector tax industry, including tax professionals, work in partnership as the Security Summit to help protect taxpayers from identity theft and refund fraud. The bottom line is that everyone should take a few basic steps to help protect their identities, their financial accounts, their computers and mobile phones.
One of the first topics addressed was online shopping. The holiday online shopping season was, as always, a prime time for cybercriminals and identity thieves to trick shoppers into giving up financial, identity or password information. As sales events take place all year long, take just a little time to pay attention to and observe a few valuable tips to make your online shopping safer:
|
|
-
Shop at sites where the web address begins with “https", the "s" standing for secure communications over the computer network. This is an added layer of protection when sharing credit card numbers for a purchase. Keep in mind that scam sites also can use "https," so you should make sure that you are shopping at a legitimate retailer's website.
- Don't shop on unsecured public Wi-Fi in places like a mall. Remember, thieves can eavesdrop.
- At home, secure home Wi-Fis with a password. As homes become more connected to the web, secured systems become more important, from wireless printers, wireless door locks to wireless thermometers. These can be access points for identity thieves.
- Don't forget to use security software for computers and mobile phones and keep it updated. Make sure purchased anti-virus software has a feature to stop malware, and there is a firewall that can prevent intrusions.
- Protect personal information; don't hand it out to just anyone. Phishing scams like imposter emails, calls and texts -- are the No. 1 way thieves steal personal data. Don't open links or attachments on suspicious emails.
- Use strong and unique passwords for online accounts. Use a phrase or series of words that can be easily remembered.
- Use two-factor authentication whenever possible. Many email providers and social media sites offer this feature. It helps prevents thieves from easily hacking accounts.
- Back up files on computers and mobile phones. A cloud service or an external hard drive can be used to copy information from computers or phones providing an important place to recover financial or tax data.
|
|
|
|
|
Thieves have become more adept at compromising mobile phones. Phone users also are more prone to open a scam email from their phone than from their computer. You can check out the security recommendations for your specific mobile phone by reviewing the Federal Communications Commission's Smartphone Security Checker. Since phones are used for shopping and even for doing taxes, remember to make sure phones and tablets are just as secure as computers.
Phishing scams remain a year-round threat to everyone. Here's what you need to know to protect yourself from phishing scams:
|
|
- First, the most common way thieves steal identities is simply by asking for it. Their favorite tactic is a phishing email. Phishing emails "bait" users into opening them. They pose as a trusted company like a bank, a favorite retailer or even a tax professional.
- Second, learn to recognize and avoid these phishing emails. The scams tell an urgent story like there's a problem with your account or your order. The message then instructs the receiver to open an embedded link or download an attachment.
- Third, don't take the bait. The email link may send users to a familiar website to login, but the username and password goes to the thieves. Or, the scam suggests users open an attachment, which secretly downloads malicious software. Either method works for identity thieves.
|
|
These scam emails can show up in personal inboxes or even to a work inbox, endangering the entire organization. And mobile phone users are especially prone to responding more than those working on laptop or computer. If at home, just delete the email. If at work, follow the organization's guidance on handling the email.
Emails aren't the only phishing tactic. Thieves may use letters or phone calls, especially when impersonating the IRS. For example, recent letters claiming to be from the IRS are demanding payment of an overdue tax bill. The letter requests the check be paid to IRS, but it provides an incorrect telephone number.
|
|
|
|
Remember, letters for taxes due always request payment be made to the "United States Treasury." If unsure, you can register at the official IRS.gov website and view your account information.
The IRS does not make threatening phone calls, nor does the IRS request payment via gift cards or debit cards like iTunes.
A new avenue is social media. Increasingly, thieves are embedding their links or malware in social media commentaries, tweets or posts. Do not open links from social media unless you are certain of the source.
Strong passwords protect online accounts and digital devices from data theft. But there have been some important changes many people can overlook.
In recent years, cybersecurity experts' recommendations on what constitutes a strong password has changed. They now suggest that people use word phrases that are easy to remember rather than random letters, characters and numbers that cannot be easily recalled.
For example, experts previously suggested something like "PXro#)30," but now suggest a longer phrase like "SomethingYouCanRemember@30." By using a phrase, users don't have to write down their password and expose it to additional risk. Also, people may be more willing to use strong, longer passwords if it's a phrase rather than random characters that are harder to remember.
Protecting access to digital devices is so critical that some now feature fingerprint or facial recognition technology, but passwords remain common for many people.
|
|
|
|
Given the sensitivity of many of these online accounts, people should consider these passwords tips to protect devices or online accounts:
|
|
- Use a minimum of eight characters; longer is better.
- Use a combination of letters, numbers and symbols in password phrases, i.e., UsePasswordPhrase@30.
- Avoid personal information or common passwords; use phrases instead.
- Change default or temporary passwords that come with accounts or devices.
- Do not reuse or update passwords. For example, changing Bgood!17 to Bgood!18 is not good enough; use unique usernames and passwords for accounts and devices.
- Do not use email addresses as usernames if that is an option.
- Store any password list in a secure location, such as a safe or locked file cabinet.
- Do not disclose passwords to anyone for any reason.
- When available, a password manager program can help track passwords for numerous accounts.
|
|
Whenever it is an option for a password-protected account, users should opt for a multi-factor authentication process. Many email providers, financial institutions and social media sites now offer customers two-factor authentication protections.
Two-factor authentication helps by adding an extra layer of protection. Often two- factor authentication means the returning user must enter their credentials (username and password) plus another step, such as entering a security code sent via text to a mobile phone. Another example is confirming "yes" to a text to the phone that users are accessing the account on.
The idea behind multi-factor authentication is that a thief may be able to steal usernames and passwords, but it's highly unlikely they also would have access to the mobile phone to receive a security code or confirmation to actually complete the log- in process.
Remember, the IRS will never ask for passwords, so watch out for phishing emails posing as trusted companies seeking passwords.
|
|
|
|
People who receive an IRS-imposter email scam should send it to phishing@irs.gov. To report fraudulent letters and telephone calls, contact the Treasury Inspector General for Tax Administration at TIGTA.gov.
The best defense for you as taxpayers is to remain alert, follow the measures of precaution mentioned above, and contact a tax professional whenever you are in doubt or suspect fraudulent conduct. Of course, your favorite option is to keep up with our newsletters!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
www.carlwatts.com
|
office@carlwatts.com
|
Washington DC
|
Phone: 202 350-9002
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|