New Phishing Scam Involving Company W-2s

Your company bookkeeper or outside accountant receives a seemingly innocuous email from the CEO, owner, or other "high up" person in the organization asking for a copy of all the 2015 W-2s in pdf form.  Simple enough - just one of the many things that need to be responded to every day.  Except this one isn't innocuous.  It's a trap to capture your employee's social security numbers.  And unfortunately, because of its deceptive simplicity, it's been successful in a few places.

"Can't happen here." or "We are way to small."  No such thing. No organization is immune and even the best anti-malware products may not be able to keep up with every single instance of this Scam.  In the last couple of weeks, we have seen instances with some of our clients where this exact Phishing Scam has been identified  Fortunately, most people are vigilant and aware.  They asked their superiors to confirm the request and stopped the issue then and there.

Below is a release from the IRS outlining this issue in more detail.  Bottom line is simple:  You can't be too careful with important company information. Always ask questions and independently doublecheck those kinds of requests.

IR-2016-34, March 1, 2016

WASHINGTON — The Internal Revenue Service today issued an alert to payroll and human resources professionals to beware of an emerging phishing email scheme that purports to be from company executives and requests personal information on employees.

The IRS has learned this scheme — part of the surge in phishing emails seen this year — already has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives.

[More]

Telltale Signs an App is Violating Your Privacy

Malware isn’t just for laptops and desktops. In fact, it can be a lot easier for malware to end up on your mobile phone or tablet than your computer. When it comes to mobile malware, a little bit of paranoia goes a long way. Malicious apps can steal your personal information, including sensitive financial information that can then be used to steal your identity. A lot of malware ends up on your phone due to malicious apps. So what are signs that you might already have a malicious app on your phone?

Slow Internet Connections

A slow Internet connection doesn’t always mean malware, but it is one of the few symptoms that even the most sophisticated malware can’t hide. Whether a malicious app is phoning home, communicating information about you or using your mobile device as part of a botnet scheme, it’s going to be using Internet bandwidth to do it. So if your connection speeds are all of a sudden crashing down to nothing, that can be a very clear sign that there’s something amiss with one of your apps.

[More]

This is why People Fear the Internet of Things

The "Internet of Things" (IoT) is a fast growing segment of all techonologies.  Being able to connect to your home thermostat, remotely lock (or unlock) your front door or operate a surveillance camera in your home or office all are very intriguing.  But like a lot of things - Danger Lurks!  

The following article from "Krebs on Security" is fairly dense reading, but does a great job of describing many of the potential security issues surrounding the IoT.  Like many issues involving Internet techologies, there are ways to do things right.  Usually, they are not the easiest to implement and rarely are they inexpensive, however we caution all our clients to make sure that the fancy new gizmo that you want to add to your network doesn't inadvertantly create an enormous security hole!

Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt.

[More]

Spotting Potential b2b Scams

B2b scams are all the rage these days.  There are big ones and small one.  It's surprisingly easy to miss one. This article from the FTC outlines the fight against these scams.

A small business or nonprofit gets what appears to be an invoice for a listing in an online yellow pages directory. On the face of it, it looks legit. It includes the name of an employee at the office, a copy of what the listing looks like, the "walking fingers" symbol associated with directories — and a demand for the $486.95 the business or nonprofit supposedly owes for the listing. What's really going on? As an FTC case against Canadian scammers suggests, chances are it's a fraud targeting small businesses, doctors' offices, retirement homes, churches, etc. And your company or community group could be at risk.

[More]

Encryption: How to and Why it's Important

Encryption is the process of protecting personal data, often with a form of “secret code,” so that it cannot be read by anyone who doesn’t have the code key. Today, huge amounts of personal information are managed online, via computer applications, and stored in the cloud, or servers with an ongoing connection to the Web.

It’s nearly impossible to do business of any kind without personal data ending up in a networked computer system, whether you are a buyer, seller, private citizen, or major corporation. So why should you get serious about encryption?

[More]

Previous Entries / More Entries