Olympic Scammers Going For Gold

If you’ve been watching the Olympics this year, you may have seen some great looking gear. And did you know that you can buy that gear? If you don’t, scammers certainly do. They are using Olympics-related information to scam unsuspecting buyers out of cash. They aren’t stopping there, either. They are also pretending to have special videos of unseen Olympic footage that if viewed, will just cause you grief. Unsurprisingly, links to all this may appear in your email in box.

First off, you actually can buy the gear. Just be sure to go to an officially licensed website to do so. If you see a link in your email in box, don’t click it. Instead, go to the official Olympics website and find other links there.

However, if you want to see special footage of the competitions, check out the television station websites in your area that are providing coverage. Again, don’t click on links or attachments.

In some cases, the Olympics-related links install ransomware. In other cases, it’s advertising, and still in others, it may pop up a webform for you to enter some type of personal information. In any event, don’t fall for any of this.

You can protect your devices from this and yourself from identity theft by doing a few simple things, besides not clicking on links:

– If you don’t already have security software installed on all your devices, do that. There are many options out there, and some are even free of charge. Just be sure to do some research and use a product from a reputable company.

– Always use passwords that are unique to each and every website you log into. Don’t forget to make them at least eight characters and include upper and lower case letters, numbers, and at least one special character.
Whenever two-factor authentication (2FA) or multi-factor authentication (MFA) is offered to you for a website, take advantage. This can often be enabled in the “settings” area of the site.

– Always backup your important data and anything else you want to keep. You can use a cloud service provider, an external backup drive, or even just a USB drive that you manually save your important files on. Whatever you choose, at least you won’t lose what you need in the case of a malware strike.

The Olympics continue through the end of February. It’s likely the scams will continue beyond that. So, don’t let down your guard after the athletes go home. The scammers will still be playing their games.

© Copyright 2018 Stickley on Security

Important Tax Fraud Alert

Just days into the start of the 2018 filing season, the IRS identified a new scam in which cybercriminals have stolen client data from tax professionals and filed fraudulent refunds using real taxpayer information, including bank account and routing information for direct deposit.

The fraudster then contacts the taxpayer posing as an employee of a debt collection agency working on behalf of the IRS. They ask the taxpayer to take certain steps to return the refund, but actually the refund goes to the criminals.

IRS guidance to taxpayers who are victims asks them to contact the Automated Clearing House (ACH) department of the bank/financial institution where the direct deposit was received and have them return the refund to the IRS. The IRS also asks the taxpayers to call the agency toll-free at (800) 829-1040 (individual) or (800) 829-4933 (business) to explain why the direct deposit is being returned.

There is more information for taxpayers at Tax Topic Number: 161 – Returning an Erroneous Refund.

Will you be renting forever? Three questions that can determine your housing future

Do you dream of owning your home, or are you content to rent?

Reportedly, more households are renting in the U.S. than at any point in the past 50 years. The lingering effects of the housing crisis plus changing attitudes about homeownership have left more people feeling inclined to rent.

Owning a home can provide you with an equitable asset once it’s paid off, but it’s not always the right move for everyone. If you’re weighing your options, here are three questions to ask yourself:

1. What are my lifestyle priorities?

Do you crave stability, or seek new experiences? Millennials in particular are known to move around, preferring to live in different areas before settling down. If you’re not tied to a particular place or occupation, owning a home might not be for you.

On the other hand, if you can see yourself happily living in the same place in, say, 30 years and are disciplined about money, then you’re a good candidate for homeownership.

2. Do I want to start a family?

Most parents want security for their family. When you rent, there’s no guarantee that you’ll occupy your space forever. A surprise eviction from your home can upend your children’s lives, potentially forcing them to change schools if you have to move to a new neighborhood.

On the other hand, renting may be an appealing option for single-income families. If one parent stops working to stay home with the kids, you may trade financial security for quality-time with your children. Crunch the numbers to see what makes the most fiscal sense.

3. What are my career prospects?

Reportedly, it’s becoming more difficult for people earning minimum wage to rent—let alone buy—a home, especially in and around popular cities. If saving for a home on your current salary is particularly difficult even after you reduce your monthly expenses, you may want to make a plan to increase your income by moving up in your industry or switching careers.

And remember, whether you want to buy or rent, it’s a good idea to build your savings account. Even if you don’t use the money to purchase a home, you might need it for an unforeseen personal expense or financial emergency down the road.



February 2018

Inside the new tax bill: four changes that may affect what you owe

If you’re scrambling to keep up with changes enacted by the new tax bill before you file for 2017, you can relax (for now). The bill that was passed by Congress last December doesn’t affect last year’s taxes.

However, you’ll need to catch up on the new rules for next year, which means you should start planning now. To bring you up to speed, we’ve listed four changes that promise to have a big impact on the financial lives of millions of Americans.

(Of course, to find out if these changes impact your personal financial situation, contact a tax advisor.)

Say hello to a bigger standard deduction

The new bill increases the standard deduction for filers. This means that fewer people will have to itemize individual deductions, and can claim the new, bigger standard of $12,000 (individuals) or $24,000 (married couples filing jointly), which almost doubles the current standard. If you itemized in the past, the good news is you’ll have to do less paperwork and potentially receive a bigger refund.

…and goodbye to the personal exemption

Now for the not-so-good news. If you relied on personal exemptions to lower your tax rate for you, your spouse, and dependents, the new bill doesn’t allow it. Even if you receive financial relief from other areas of the reform package, ending the personal exemption may negate it.

An expanded credit for an expanding family

Parents may owe less under the new bill. The child tax credit has been doubled to $2,000 for children up to age 17, and expanded to cover married couples making up to $400,000. Additionally, the income limit for single parents has been raised to $200,000. So if you’re struggling to cover familial expenses, you should get additional relief starting next year.

New homeowner, smaller deduction

Would-be homeowners, depending on your finances and where you’re looking to move, you may want to reconsider your budget. Going forward, you’ll only be able to deduct the interest on up to $750,000 of your mortgage debt (reduced from $1 million). Current homeowners, however, won’t be affected by the new rule.



February 2018

Kim Jong-un Leaves Tiny Footprints on U.S. Cyberattacks

Many security experts agree that North Korean (NK) leader Kim Jong-un has been very busy–not just trading Twitter barbs with Donald Trump either. There have been curious cyberattacks in the U.S. and abroad, leaving tiny cyber footprints in Kim’s shoe size.

The most recent attack installs spyware on mobile devices used by NK defectors and the people alleged to have helped them. The anti-virus firm McAfee backed up this assertion after analyzing files from attacks by NK-linked SunTeam cybercrime group. Since it’s believed that little happens in NK without Kim knowing about it, well–below are two of their more infamous hacks involving the US. You be the judge.

Some cyber experts feel Kim was behind the far-reaching and notorious hack in 2017 called WannaCry. The ransomware wreaked havoc in over 150 countries. It took captive countless computer systems full of critical data worldwide. Much of the stolen data placed a vice-grip on the healthcare industry in the U.S. and abroad. Incredibly, tools for the ransomware hack were stolen from the National Security Agency and then published worldwide for hackers to see. The group known for the theft, called “Shadow Brokers,” is believed to have ties to Russian intelligence.

Did Kim take advantage of the information for his own use? The goal of WannaCry was clearly financial, with information captors demanding $300-$600 in Bitcoin ransom for each victim. Maybe not considered a dictator’s ransom, but multiply that worldwide…estimated damage of $53 billion. It’s speculated that the many sanctions placed on NK over the years have negatively affected their economy, leaving ransomware a practical motive for Kim.

October 2014 saw the NK cyberattack against Sony Pictures. The “Guardians of Peace” hacker group famously jacked countless documents from Sony Pictures. The movie The Interview was on the verge of being released by the studio when the hack happened. The dark comedy took aim at Kim, centering on an assassination plot toward the leader.

The stolen documents were used as leverage to prevent the movie release. They allegedly contained highly confidential and compromising information on studio executives. Over the following weeks, large amounts of the stolen data were posted online, exposing Sony Pictures to a public relations nightmare and further cyber vulnerabilities.

Kim insisted he had no prior knowledge of the attack, suggesting loyal hacktivists supporting him and his regime may have been responsible. Time will tell as the tiny footprints continue to be tracked.

Sometimes there is little you can do to protect information. But there are always some ways to lower the risk:

– Backup important data and systems. If ransomware strikes, it will be possible to quickly restore it from a recent backup.

– Limit what information is posted online. Even if all account settings are at the most secure level, all information posted on the Internet should be considered available to the world.

– Implement cybersecurity tools such as firewalls, intrusion prevention and detection devices, and anti-malware and anti-virus software at a minimum. Keep everything up-to-date.

– Train staff and others on cybersecurity essentials such as how to identify a phishing email message and how to limit their exposure on social media. Phishing is still how many attacks succeed, including WannaCry. Social media profiles are a treasure trove of information for W-2 theft and business email compromise (BEC) attacks.

Many attacks don’t target a specific group, industry, or organization. So, just because yours may be small, if the objective is cash then the size of the organization doesn’t matter. All the attackers want is an opening and those can be found using many methods. Two big ones are unpatched and outdated systems and phishing. Stay on top of these and you can prevent your organization from getting stepped on by any sized footprints.

© Copyright 2018 Stickley on Security

Significant Jump in Credit Card Phishing Scams in 2017

A startling increase in phishing scams that specifically target retailers, financial institutions, and online payment systems, was reported by Kaspersky Labs for last year. The study tracked phishing from the end of 2016 to mid-October 2017 from everywhere in the world where they have customers. It found that in 2017, the total number of phishing attacks overall using online payments was 15.31%. Compared to 7.08% in 2015, that’s an increase of 34.33%. Quite a change, so what gives?

Kaspersky finds a drastic surge in purchases made on mobile devices, in particular…smartphones. Overall last year, 44.6% of website visits on mobile devices were done on smartphones. In fact, smartphone purchases made up 26% of the overall shopping revenue.

Study authors believe that increased phishing attempts go hand-in-hand with our smartphone society. Their report also finds that historically huge shopping days like Black Friday and Cyber Monday are extra-ripe for phishing. According to news from Tech Crunch, on 2017’s Black Friday, $5.03B in online sales were posted. Nearly three billion of that total was done using mobile devices. Looking at it another way, more than 50% of online sales were made using mobile devices.

Phishers bombard devices with fast-paced, non-stop spam offering incredible deals. Too many shoppers react to a great sale and not to common sense. That translates to little or no concern about the offer being legitimate and phisher’s count on that. Human reaction and emotion is often their best friend and a very lucrative friend at that.

It’s important to make sure to stop and evaluate the site and the deal before entering any payment or other personal information into a website. If the deal sounds too good to be true, it is. Instead of clicking links or attachments received in spam email, go directly to the shop’s website and make the purchase there. If the store isn’t so well known, or is completely unfamiliar to you, do some independent research on it first to make sure it’s not a fake.

Kaspersky’s study finds an overall increase in online banking led to a spike in phishing. Just two years ago, online banking made up 17.45% of overall financial phishing. 2017 saw that number jump to 24.47%. Phishers are big on sending email spam that duplicates financial and merchant websites. This leaves many users with little doubt it’s the real deal. In goes your bank account or credit card information and out goes your money. Maybe the thought of a phisher looking to separate you from your money isn’t all that worrisome to consumers. It appears that great offers and quick convenience, however, are.

© Copyright 2018 Stickley on Security