Tuesday, February 28, 2017

Seriously, You Can't Make This Stuff Up!

   Fake news and alternative facts aside, the truth really is stranger than fiction.

   We finally get to the point where the only thing left to talk about concerning Yahoo! is their upcoming turbulent buyout by Verizon.  But noooo...

   They're back, with another breach announcement.  This one is from sometime in the 2015/2016 timeframe (am I the only one who is concerned that they can't pin it down better than that????).  It seems to be more limited in scope (i.e. less than the 500 Million users affected last time!).

   We seriously just "finished" talking about this issue.  Normally when an old problem comes back again (like always do), I consider re-running an older post with any needed updates (and rarely are any major updates needed).  But I just posted about Yahoo!'s problems TWO MONTHS AGO!

   This time around the root cause is supposed to be a forged cookie that could be used to access an account without using a password.  Yahoo! is saying that the attackers must have had access to the source code and that a similar method may have been used in the previous attacks.  Maybe... maybe not.

   In other news... the price for Verizon to buy Yahoo! keeps dropping.  Could "free" be far behind?

   You know, the funny thing is that I really like the Yahoo! home page layout with its news summaries.  If they could just protect my account data for more than a month or two we might actually have a service worth salvaging.

   Vote... are you dumping your Yahoo! account or keeping it?

Tuesday, February 14, 2017

ID Fraud, Taxes and Doctors Again (Still?)

   It's that time of year again.  Brian Krebs just put out an article on "darkweb" sales of W-2 information.  You can read that article here.  As is so often the case, the advice to protect yourself hasn't changed - and be assured, you must protect yourself because no one else will, certainly not the IRS!

   As noted below and in the Krebs' article, what you need to do now and always is:

  1. file your taxes early
  2. monitor your credit (I covered that topic here... in 2013!)
  3. freeze your credit (two articles from Krebs, also from 2015)
  4. become you before someone else becomes you (I wrote about that subject here)

   Here's a re-run of my article on this subject from two years ago.  It's all still true...

   I did a series of posts last year (2014) on the problem of ID Fraud.  This is an ongoing issue, certainly because organizations struggle to protect information, there are cyber attackers out there, and also individuals don't often take steps to protect their own information.

   The bottom line is that your personal information, primarily your financial information, has tangible dollar value to a cyber attacker.

   We usually think about credit card fraud or maybe bank account fraud as the results of these kinds of data breaches.  But in this post and the next I'd like to talk about two other scenarios that have happened, are happening... and you need to be aware.

   It's that wonderful time of year again in the US.  Crisp weather, snow (most places), the days are starting to get a bit longer... and it's the beginning of tax filing season.

   Imagine you are doing your civic duty, filling out and filing your tax return.  You send it in to the IRS, only to find out that "you" already filed your return and "you' have already received your rather sizable refund - surprise!

   Unfortunately, this has happened.  And, as we've discussed in the past, these attackers are smart.  This is a business.  They need to be able to maximize profits because there is a limited timeframe in which to commit the crime.  So they need to attack a sub-population who:
  1. makes good money;
  2. might have many deductions;
  3. might have complex returns, and;
  4. for whom a large refund might not raise red flags.
   How about... Doctors!

   And, just as I finishing writing this article, we have new news out about tax fraud this year!  Reports say this is connected with Turbo Tax software, but it is more likely that scammers got people's info through other means and filed the fraudulent returns.  Maybe Turbo Tax is just the scammers software of choice! :-)

   As always, we want to talk about what you can do.

   In addition to the steps outlined in these previous blog posts, here is the IRS Guide on Identity Theft.  The IRS guide and my previous tips talk about not only what you should do if you are a victim, but tips to avoid the problem in the first place including:
  • protecting your personal information, primarily your social security number
  • don't click on links sent to you via email or in social media - type the link in yourself or do a search
  • use link rating applications like Web Of Trust (WOT)
  • don't give our your personal information via web, email, phone unless you can positively identify the person on the other end
  • review your bills, credit record and other information that might provide early warning of a problem.
   Have you been the victim of tax-related ID Fraud?  Do you have any additional tips to share?

   Of course, this issue is not just about doctors!  Next time we'll talk about something perhaps even closer to your wallet... payroll fraud and misuse.